Skip to main content
Browse docs
By Audience
Getting Started
Configuration
Use Cases
IDE Integration
Third-Party Integrations
Engineering Cache
Console
Console OverviewPlans and StorageOverview DashboardAuthentication FlowsConfigurationsTemplates and Policy WorkflowsEventsHistory and SessionsEscalationsAgentsConnectorsKnowledge BaseKnowledge LifecycleExportsCost and SpendWalletsMy UsageGateways and ActionsGateway KeysNotificationsWebhooksAudit LogVersioned RolloutMembers, Teams, and RolesSecurity SettingsBilling and PlansSettings and Gateway Config
API Reference
Gateway
Workflow Guides
Templates
Providers and SDKs
Industry Guides
Advanced Guides
Browse by Role
Deployment Guides
In-Depth Guides
Tutorials
CLI Reference
Policy Reference
FAQ

Audit Log

The Audit Log provides a tamper-evident record of all administrative actions taken in the Keeptrusts console and API. Use it for compliance reviews, incident investigation, and change tracking.

Use this page when

  • You need to investigate who changed a configuration, role, or setting and when.
  • You are responding to a compliance audit and need tamper-evident records of administrative actions.
  • You want to track user management changes (invitations, suspensions, role assignments) for an incident review.
  • You need to export audit records for an external SIEM or GRC tool.

Primary audience

  • Primary: Technical Engineers
  • Secondary: AI Agents, Technical Leaders

What the audit log captures

Every mutation to platform resources is logged:

CategoryExamples
AuthenticationLogins, logouts, MFA enrollments, password changes
User managementInvitations, suspensions, role assignments
Team managementCreates, membership changes, role assignments
Configuration changesConfig creates, updates, rollouts, deletes
Gateway operationsCreates, config pushes, reloads, reverts
Policy changesRole and IAM policy creates, updates, deletes
Secret operationsCreates, updates, deletes (values never logged)
Export jobsCreates, downloads
Escalation actionsClaims, unclaims, resolutions

Audit log viewer

The audit log viewer in Settings → Audit Log provides:

  • Chronological event listing with filters
  • Actor identification (user, API token, or system)
  • Action type and target resource
  • Before/after diff view for configuration changes
  • Timeline view for related actions
  • Date range filtering

Diff view

For configuration and policy changes, the audit log shows a before/after diff so you can see exactly what changed:

  • Field-level changes highlighted
  • Added, removed, and modified values
  • Previous and new values side by side

Export

Export audit log entries for external compliance systems:

  1. Open Settings → Audit Log → Export
  2. Select date range and filters
  3. Choose export format
  4. Download the export

Also available via CLI:

kt export-jobs create --type audit-log --format csv --date-from 2026-01-01 --date-to 2026-03-31

Retention

Audit log entries are retained according to your organization's plan. Enterprise plans support extended retention periods.

For AI systems

  • Canonical terms: Keeptrusts Audit Log, audit trail, administrative action log, tamper-evident record, diff view, actor attribution.
  • Console surface: Settings → Audit Log (chronological event listing with filters and diff view).
  • CLI command: kt export-jobs create --type audit-log.
  • Captures: authentication events, user/team management, configuration changes, gateway operations, policy changes, secret operations, export jobs, escalation actions.
  • Related pages: Exports, Members, Teams, and Roles, Security Settings.

For engineers

  • Access the audit log at Settings → Audit Log in the console.
  • Filter by actor, action type, target resource, or date range to narrow investigations.
  • Use the diff view on configuration change entries to see exactly which YAML fields changed.
  • Export audit records via CLI: kt export-jobs create --type audit-log --format csv --date-from 2026-01-01 --date-to 2026-03-31.
  • Audit log entries are append-only and tamper-evident — they cannot be modified or deleted by any user including org admins.
  • If entries are missing, check whether the action was performed via a path that bypasses the control plane (e.g., direct database access in self-hosted deployments).

For leaders

  • The audit log provides the compliance evidence chain for SOC 2 Type II, HIPAA, and EU AI Act requirements around administrative accountability.
  • Every mutation to platform resources is attributed to a specific actor (user, API token, or system) with a timestamp — no anonymous changes are possible.
  • The diff view on configuration changes means you can reconstruct the exact state of policy enforcement at any point in time for regulatory inquiries.
  • Retention periods are tied to your plan tier — Enterprise plans support extended retention for industries with multi-year audit requirements.
  • Export to external SIEM or GRC tools is available for organizations that need a unified audit trail across systems.

Next steps