Audit Logs
Connect records audit events to provide a traceable record of actions taken against the system. Each event captures who performed the action, what entity was affected, whether it succeeded or was denied, and relevant context about the change.
The Connect datastore is currently the only supported audit sink. Additional sinks will be added over time - contact your Cofide representative if you would like to request integration with a particular audit platform.
Audit logging is disabled by default.
Configuration
Section titled “Configuration”Enable audit logging by setting connect.audit.sinks.connectDatastore.enabledEvents in your Helm values.
To record all event types:
connect: audit: sinks: connectDatastore: enabledEvents: - allTo record specific event types only:
connect: audit: sinks: connectDatastore: enabledEvents: - trust_zone_creation - trust_zone_update - trust_zone_deletion - node_attestationUse disabledEvents to exclude specific types from an otherwise broad selection:
connect: audit: sinks: connectDatastore: enabledEvents: - all disabledEvents: - node_attestation - node_pruningEvent structure
Section titled “Event structure”Each audit event contains the following fields:
- ID - a unique identifier for the event, prefixed with
ae - Event type - the category of action that occurred
- Timestamp - when the event occurred, to microsecond precision
- Message - a human-readable description of the action
- Actor - the identity that initiated the action
- Source IP - the IP address of the request
- Outcome -
successordenied - Entity links - references to the entities affected by the event
- Data - event-specific payload containing relevant state at the time of the event
- Server version - the version of Connect that recorded the event
Outcomes
Section titled “Outcomes”Every event records one of two outcomes:
success- the action completeddenied- the action was rejected by an access control policy
Denied events may have no entity links when the denial occurs before the target entity is identified.
Event types
Section titled “Event types”Use these exact strings when configuring enabledEvents and disabledEvents.
View all (34)
| Event type | Description |
|---|---|
attestation_policy_creation | An attestation policy was created |
attestation_policy_update | An attestation policy was updated |
attestation_policy_deletion | An attestation policy was deleted |
attestation_policy_binding_creation | An attestation policy binding was created |
attestation_policy_binding_update | An attestation policy binding was updated |
attestation_policy_binding_deletion | An attestation policy binding was deleted |
cluster_creation | A cluster was registered |
cluster_update | A cluster was updated |
cluster_deletion | A cluster was deleted |
cofide_agent_registration | A Cofide Agent registered with the control plane |
exchange_policy_creation | A token exchange policy was created |
exchange_policy_update | A token exchange policy was updated |
exchange_policy_deletion | A token exchange policy was deleted |
federated_service_registration | A federated service was registered |
federated_service_update | A federated service was updated |
federated_service_deregistration | A federated service was deregistered |
federation_creation | A federation relationship was created |
federation_deletion | A federation relationship was deleted |
node_attestation | A node was attested |
node_deletion | A node record was deleted |
node_pruning | A node record was removed by the pruning job |
role_binding_creation | A role binding was created |
role_binding_update | A role binding was updated |
role_binding_deletion | A role binding was deleted |
token_exchange | A token exchange request was processed |
trust_zone_creation | A trust zone was created |
trust_zone_update | A trust zone was updated |
trust_zone_deletion | A trust zone was deleted |
trust_zone_server_creation | A trust zone server was added |
trust_zone_server_update | A trust zone server was updated |
trust_zone_server_deletion | A trust zone server was removed |
trust_zone_server_status_update | A trust zone server's status changed |
workload_creation | A workload registration was created |
workload_deletion | A workload registration was deleted |
© 2026 Cofide Limited. All rights reserved.