Auditing secrets

DECember 2023 We have released an improved version with enhanced security of Security and Encryption for Confluence Cloud. Check out the next steps for administrators.

1 Overview | 2 Accessing audit logs | 3 Audit log details

Overview

Audit logs show chronological events around secrets in the space, who interacted and made changes to the secrets.

You can use the audit logs

to run audit reports
review access to secrets
find out any unintended access
detect suspicious activities
provide supporting evidence of your organization's security compliance

The audit logs page shows event records of all secrets within the space.

Records are kept for 90 days and cannot be deleted. Only the space administrators are able to see audit logs.

Accessing audit logs

On the Confluence left-hand sidebar under Apps

choose Secret Administrator (1)

select the Audit logs tab (2)

You need space administrator permission to see the Audit logs tab.

a table of audit information is displayed

Audit log details

The following items are available for each row in the audit logs.

Item	Description

Item	Description
Date	The date and time (in your current timezone) the event took place.
User	The Confluence user who performed the event.
Change	The type of event. The event type can be one of the following Created Modified Deleted Restored (see Restoring deleted secrets) Purged (permanently deleted, cannot be restored) Decrypted (successful access to the secret) Attempted (failed access to the secret, typically due to insufficient permissions)
Item affected	Name of the secret (and its ID).
Origin	The page location where the event was performed. When marked as "-", the event was performed in the main secrets page or administration pages (available from the sidebar).
Version	The version of the secret when the event took place.