Virtual HSM
Home
  • Virtual HSM
  • Documentation
    • What is Virtual HSM?
    • Use Case: Attested Secret Provisioning in the Cloud
    • Setup
      • Install
      • vHSM Server Configuration
        • Parameters
        • vHSM Telemetry Parameters
      • vHSM Agent
        • Agent Configuration
      • vHSM Proxy
        • Proxy Configuration
    • Get Started
      • Start the Vault server
      • MariaDB root admin password provisioning on Azure DCXas_v5 VM
    • Supported Cloud Configurations
  • Tutorials
    • Deploying the vhsm Container on an EC2 Instance
    • CLI quickstart
    • vHSM Agent quickstart
    • vHSM Proxy quickstart
    • Passing vHSM secrets using ConfigMaps
    • Provisioning MariaDB Password on Azure DCXas_v5 VM
    • Registering a buckypaper plugin
    • Monitoring vHSM with Grafana
  • Integration with Utimaco SecurityServer
    • Integrate enclaive vHSM with Utimaco HSM
  • API
    • Auth
    • Default
    • Secrets
    • System
    • Identity
    • Models
  • vHSM CLI
    • Server and Infrastructure Management
      • vhsm server
      • vhsm proxy
      • vhsm monitor
      • vhsm status
      • vhsm agent
    • Secret Management
      • vhsm read
      • vhsm write
      • vhsm delete
      • vhsm list
      • vhsm secrets
        • vhsm secrets enable
        • vhsm secrets disable
        • vhsm secrets list
        • vhsm secrets move
        • vhsm secrets tune
      • vhsm unwrap
    • Configuration and Management
      • vhsm plugin
        • vhsm plugin info
        • vhsm plugin deregister
        • vhsm plugin list
        • vhsm plugin register
        • vhsm plugin reload
        • vhsm plugin reload-status
      • vhsm namespace
      • vhsm operator
      • vhsm print
      • vhsm path-help
      • vhsm lease
    • Auditing and Debugging
      • vhsm audit
      • vhsm debug
    • Attestation
    • Security and Encryption
      • vhsm pki
        • vhsm pki health-check
        • vhsm pki issue
        • vhsm pki list-intermediates
        • vhsm pki reissue
        • vhsm pki verify-sign
      • vhsm transit
      • vhsm ssh
      • vhsm transform
    • Authentication and Authorization
      • vhsm login
      • vhsm auth
      • vhsm token
      • vhsm policy
    • Storage and Data Mangement
      • vhsm kv
      • vhsm patch
    • vhsm version
      • vhsm version-history
  • Troubleshooting
    • CA Validity Period
    • CRL Validity Period
    • Root Certificate Issued Non-CA Leaves
    • Role Allows Implicit Localhost Issuance
    • Role Allows Glob-Based Wildcard Issuance
    • Performance Impact
    • Accessibility of Audit Information
    • Allow If-Modified-Since Requests
    • Auto-Tidy Disabled
    • Tidy Hasn't Run
    • Too Many Certificates
    • Enable ACME Issuance
    • ACME Response Headers Configuration
  • Resources
    • Community
    • GitHub
    • Youtube
    • CCx101 wiki
Powered by GitBook
On this page
  • Usage
  • vhsm audit enable
  • vhsm audit disable
  • vhsm audit list

Was this helpful?

  1. vHSM CLI
  2. Auditing and Debugging

vhsm audit

Learn about managing vHSM audit devices

The vhsm audit command manages vHSM's audit devices, allowing users to list, enable, and disable them.

Usage

vhsm audit <subcommand> [options] [args]

Available Subcommands:

Subcommand
Description

Enables an audit device

Disables an audit device Note: After an audit device is disabled, HMAC values for log comparison are no longer available, even if the device is re-enabled.

Lists enabled audit devices

vhsm audit enable

Enables an audit device at a specified path. If an audit device already exists at that path, an error is returned.

Example

vhsm audit enable file file_path=/tmp/my-file.txt description="JSON formatted audit logs"

Output

Success! Enabled the file audit device at: file/

Available Options

Option
Type
Default
Description

-description

string

""

Human-friendly description of the audit device

-local

bool

false

Marks the audit device as local-only (not replicated)

-path

string

""

Unique path where the audit device is accessible

vhsm audit disable

Disables an audit device at a specified path. The command is idempotent, meaning it succeeds even if the audit device is not enabled at the path.

Example

vhsm audit disable file/

Output

Success! Disabled audit device (if it was enabled) at: file/

Note: Once disabled, audit logs will no longer be sent to the device, and HMAC values cannot be used for comparison.

Available Options:

No additional flags beyond standard command flags.

vhsm audit list

Lists all enabled audit devices along with their configurations.

Example

vhsm audit list

Output

Path     Type    Description
----     ----    -----------
file/    file    n/a

Example of detailed view

vhsm audit list -detailed

Output

Path     Type    Description    Replication    Options
----     ----    -----------    -----------    -------
file/    file    n/a            replicated     description=JSON formatted audit logs file_path=audit_log.txt

Available Options

Option
Type
Default
Description

-format

string

"table"

Output format: "table", "json", or "yaml"

-detailed

bool

false

Shows detailed information, including options and replication status

PreviousAuditing and DebuggingNextvhsm debug

Last updated 2 months ago

Was this helpful?

enable
disable
list