Skip to content

Audit: Support audit log file rotation #600

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Audit: Support audit log file rotation #600

wants to merge 1 commit into from
+86 −9

Conversation

t0x01
Copy link

@t0x01 t0x01 commented Jul 21, 2025

Description

Allow to natively configure Vault file audit device log file rotation with the audit enable command by adding 3 new options to the file backend. These 3 new options and their default values are as follows:

  • max_files : (int: 0) - The maximum number of older audit log file archives to keep. Defaults to 0 (no files are ever deleted). Set to -1 to discard old audit log files when a new one is created.
  • max_bytes : (int: 0) - The number of bytes that should be written to an audit log file before it needs to be rotated. Unless specified, there is no limit to the number of bytes that can be written to a log file.
  • max_duration : (string: "24h") - The maximum duration an audit log file should be written to before it needs to be rotated. Must be a duration value such as "30s". Defaults to "24h". If no time unit is specified, the time duration number is assumed to be in seconds. Set to 0 to disable time-based log file rotation.

By default, audit log file rotation is set to occur every 24 hours, with no older log file ever removed. In order to revert to previous behavior, where log rotation was not handled by the Vault, the max_duration option must be set to 0, as all other new options are already set to 0 by default.

See Vault PR 31213.

@t0x01
docs: support audit log file rotation
5e9b231 
Document new behavior of the Vault file audit device and new log rotation options (see Vault PR 31213).

Signed-off-by: t0x01 <[email protected]>
@t0x01 t0x01 requested a review from a team as a code owner July 21, 2025 13:22
@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 21, 2025
edited
Loading

Vercel Previews Deployed

Name Status Preview Updated (UTC)
Dev Portal ✅ Ready (Inspect) Visit Preview Mon Jul 21 13:45:44 UTC 2025
Unified Docs API ✅ Ready (Inspect) Visit Preview Mon Jul 21 13:39:23 UTC 2025

@github-actions GitHub Actions
Copy link

Broken Link Checker

No broken links found! 🎉

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@t0x01