Access Logs
Understanding who has accessed a secret, when they accessed it, and what medium they accessed it through is necessary to be confident in your security posture.
Overview
Secret Access Logs allow workplaces to understand which actors have accessed a secret. Users with the appropriate permissions can see the actor, access method, the first time it was read, and the most recent time it was read.
Access Logs by Secret
For any secret, you can view the access log by clicking the Access Log icon in the secret row.
When the button is clicked, the access log pane will slide out.
Access Logs by User
For any user, you can view which configs and active masked secrets a user has accessed. To view these logs, browse to the Team area of the dashboard, then click on the user you'd like to view the logs for.
Access
Doppler maintains the first and most recent time an actor accessed a secret. Access is defined as any time an actor makes a request to Doppler to view a secret and a payload containing the secret is returned. Secrets with blank values are not tracked.
Doppler optimistically marks the secret as accessed as soon as the payload is returned, whether it reaches the actor or not.
If the request does not receive a response payload containing the secret value(s), such as in the case of Kubernetes Operator when it receives a 'no update' response, an access event is not recorded.
Click to reveal secret value
In the Doppler dashboard, a secret's value is not fetched and displayed until the user performs an intent to view the secret. An intent is performed by clicking the secret's value input
Viewers
A viewer can be any actor authorized to view a secret. Each actor is distinctly represented and filterable in the Access Log table. Actors include:
- Users
- Service Tokens
- Personal Access Tokens
- CLI Tokens
- Terraform Provider via token
- Kubernetes Operator via token
- API via token
Versions
Any time a secret's name or value is mutated, a new version is created. The access logs are available across all versions within the scope of your plan's access history limits.
Access History
The viewable amount of access history is bound by the plan you are on. See the pricing page for plan specifics.
Updated 11 months ago