Skip to content

audit: add support for APIKey creation and deletion (logins) #4538

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Tracked by #4726
Kira-Pilot opened this issue Oct 13, 2022 · 5 comments
Closed
Tracked by #4726

audit: add support for APIKey creation and deletion (logins) #4538

Kira-Pilot opened this issue Oct 13, 2022 · 5 comments
Assignees
@Kira-Pilot

Comments

@Kira-Pilot
Copy link
Member

Kira-Pilot commented Oct 13, 2022
edited
Loading

We should add audit logging support for APIKey creation and deletion. API Keys, aka session tokens created on login, should be an auditable resource.

An audit log should be generated when a user successfully logs in or out, either via the web UI or via the CLI.

We don't have to worry about audit support for long-lived token creation; that will be handled in this ticket.

Assumption: we don't have to worry about the update of session tokens, even though the table has an updated_at column. Creation and deletion (login and logout) should suffice.
@Kira-Pilot
Copy link
Member Author

@bpmct @coadler @sharkymark Making sure this is on everyone's radar.

This was referenced Oct 13, 2022
Merged
Closed
@bpmct
Copy link
Member

bpmct commented Oct 13, 2022

I agree with the criteria. Should we consider this a Login instead?

@Kira-Pilot
Copy link
Member Author

Kira-Pilot commented Oct 14, 2022
edited
Loading

@bpmct I think that term would be a lot clearer.

@Kira-Pilot Kira-Pilot mentioned this issue Oct 24, 2022
Closed
41 tasks
@github-actions
Copy link

This issue is becoming stale. In order to keep the tracker readable and actionable, I'm going close to this issue in 7 days if there isn't more activity.

@github-actions github-actions bot added the stale This issue is like stale bread. label Dec 14, 2022
@coadler coadler removed the stale This issue is like stale bread. label Dec 14, 2022
@bpmct bpmct changed the title audit: add support for APIKey creation and deletion audit: add support for APIKey creation and deletion (logins) Jan 2, 2023
@Kira-Pilot Kira-Pilot self-assigned this Jan 26, 2023
This was referenced Feb 1, 2023
Merged
Merged
@Kira-Pilot
Copy link
Member Author

resolved by #5925

@Kira-Pilot Kira-Pilot mentioned this issue Mar 27, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Kira-Pilot Kira-Pilot

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@coadler @Kira-Pilot @bpmct