# Accessibility of Audit Information This health check verifies whether audit information is accessible and usable by log consumers. It ensures that vHSM’s audit configurations follow the recommended practices for safe and unsafe audit parameters. **Health Check Name: `audit_visibility`** #### **Accessed APIs** | Method | API Endpoint | Description | | ------ | ------------------------- | ------------------------------------------ | | READ | `/sys/mounts/:mount/tune` | Reads tuning parameters of the mount path. | #### **Configuration Parameters** | Parameter | Type | Default | Description | | -------------------- | ---- | ------- | ------------------------------------------------------------------- | | `ignored_parameters` | List | `nil` | A list of parameters to ignore when checking for HMAC audit status. | #### **Health Check Results** * This check provides **informational feedback** about whether audit data parameters are properly HMAC’d or left in cleartext as expected. * It ensures adherence to the list of **safe and unsafe audit fields**. * Results will not trigger warnings or errors but serve as guidance for improving audit visibility. #### **Recommended Actions** To improve audit log visibility and control what is HMAC’d or excluded, fine-tune the audit parameters using the following command: {% hint style="info" %} **Note:** Ensure to replace the `` value with the actual mount path of the secrets engine being tuned. {% endhint %} ```bash vhsm secrets tune \ -audit-non-hmac-response-keys=certificate \ -audit-non-hmac-response-keys=issuing_ca \ -audit-non-hmac-response-keys=serial_number \ -audit-non-hmac-response-keys=error \ -audit-non-hmac-response-keys=ca_chain \ -audit-non-hmac-request-keys=certificate \ -audit-non-hmac-request-keys=issuer_ref \ -audit-non-hmac-request-keys=common_name \ -audit-non-hmac-request-keys=alt_names \ -audit-non-hmac-request-keys=other_sans \ -audit-non-hmac-request-keys=ip_sans \ -audit-non-hmac-request-keys=uri_sans \ -audit-non-hmac-request-keys=ttl \ -audit-non-hmac-request-keys=not_after \ -audit-non-hmac-request-keys=serial_number \ -audit-non-hmac-request-keys=key_type \ -audit-non-hmac-request-keys=private_key_format \ -audit-non-hmac-request-keys=managed_key_name \ -audit-non-hmac-request-keys=managed_key_id \ -audit-non-hmac-request-keys=ou \ -audit-non-hmac-request-keys=organization \ -audit-non-hmac-request-keys=country \ -audit-non-hmac-request-keys=locality \ -audit-non-hmac-request-keys=province \ -audit-non-hmac-request-keys=street_address \ -audit-non-hmac-request-keys=postal_code \ -audit-non-hmac-request-keys=permitted_dns_domains \ -audit-non-hmac-request-keys=policy_identifiers \ -audit-non-hmac-request-keys=ext_key_usage_oids \ -audit-non-hmac-request-keys=csr \ ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.enclaive.cloud/virtual-hsm/troubleshooting/accessibility-of-audit-information.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.