Skip to content

Instantly share code, notes, and snippets.

@mikegreen
Last active Sep 8, 2021
Embed
What would you like to do?
pki-audit-log-example
# Note: this has the request.data.common_name and the response.data.serial_number non-HMAC'd as an example
# Usually they would be HMAC'd
# Config to do so:
# vault secrets tune -ns=sandbox -audit-non-hmac-request-keys=common_name -audit-non-hmac-response-keys=serial_number pki-benchmarking/
{
"time": "2021-09-07T23:20:27.596608162Z",
"type": "request",
"auth":
{
"client_token": "hmac-sha256:8980.....be06013fa653",
"accessor": "hmac-sha256:d84825.....74c64",
"display_name": "token",
"policies":
[
"root"
],
"token_policies":
[
"root"
],
"token_type": "service",
"token_ttl": 1080000,
"token_issue_time": "2021-09-07T21:48:59Z"
},
"request":
{
"id": "8c7af6ed-1747-fae0-2316-f1fd3ed456a5",
"operation": "update",
"mount_type": "pki",
"client_token": "hmac-sha256:8980d399e.....7cbe06013fa653",
"client_token_accessor": "hmac-sha256:d848......8b1b74c64",
"namespace":
{
"id": "zNXXD",
"path": "sandbox/"
},
"path": "pki-benchmarking/issue/example_pki",
"data":
{
"common_name": "foo.example.com",
"ttl": "hmac-sha256:2401f38735cf1f53........9615656bfae13794330"
},
"remote_address": "192.168.1.51"
}
}
{
"time": "2021-09-07T23:20:36.040586788Z",
"type": "response",
"auth":
{
"client_token": "hmac-sha256:8980d3b8ccf59.......fa653",
"accessor": "hmac-sha256:d84825.......8b1b74c64",
"display_name": "token",
"policies":
[
"root"
],
"token_policies":
[
"root"
],
"token_type": "service",
"token_ttl": 1080000,
"token_issue_time": "2021-09-07T21:48:59Z"
},
"request":
{
"id": "8c7af6ed-1747-fae0-2316-f1fd3ed456a5",
"operation": "update",
"mount_type": "pki",
"client_token": "hmac-sha256:8980d3b8ccf....3fa653",
"client_token_accessor": "hmac-sha256:d84825d89......576108b1b74c64",
"namespace":
{
"id": "zNdcD",
"path": "sandbox/"
},
"path": "pki-benchmarking/issue/example_pki",
"data":
{
"common_name": "foo.example.com",
"ttl": "hmac-sha256:2401f387........5656bfae13794330"
},
"remote_address": "192.168.1.51"
},
"response":
{
"mount_type": "pki",
"data":
{
"certificate": "hmac-sha256:00696cb98daafeda4b9c2da80d4574a14d3241c454906641fdda2673fefb8ca9",
"expiration": 1631057007,
"issuing_ca": "hmac-sha256:3a5d5c217c437383419c0b185f10e1a46e39449234696081c7903d589c512425",
"private_key": "hmac-sha256:28d5767d6deb90b8e4eb7dc1865f0ca70e055b5891af2e3281dd799f197c7653",
"private_key_type": "hmac-sha256:aa482a6b3412512f4d6936289b613414df1c7cf14e8ad91518add23e58ae5eb2",
"serial_number": "3a:2e:c5:fd:7e:9f:a9:22:e9:06:26:16:38:cc:95:4b:21:45:3f:82"
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment