Audit Log Management

Vault audit logging is available by default on all production-grade clusters.

The audit logs are written locally to the Vault instance and stored in an encrypted Amazon S3 bucket which is in the same region as the Vault cluster.

You can retrieve the audit logs in one-hour increments from the HCP portal. API support to retrieve audit logs is planned.

NOTE: Audit logging is not available on Dev-tier clusters.

Audit logs streaming

Audit log streaming to your existing Datadog, Grafana Cloud or Splunk account is also supported. For more information on streaming configuration, refer to the monitoring tutorials.

Configure HCP Vault Audit Logs Streaming to Datadog
Configure HCP Vault Audit Logs Streaming to Grafana Cloud
Configure HCP Vault Audit Logs Streaming to Splunk

Retention

The plan tiers contain a set amount of storage that persists both snapshot data and audit log data. Therefore, the audit log retention varies based on the plan tier and size.