Audit Logs
Audit logs give workspace admins a chronological record of significant actions. Open them from the Admin Panel > Audit tab. The audit view has two sub-tabs: Keys and Governance.
Keys Audit Tab
The keys audit log tracks actions on secrets and project keys:
| Column | Description |
|---|---|
| Time | When the action occurred |
| Secret | Which key was affected |
| Action | created, read, updated, copied, or deleted |
| Device | Which device performed the action |
Filtering
Use the three filter dropdowns to narrow the log:
- Secret — filter by a specific key name.
- Action — filter by action type.
- Device — filter by a specific device.
Exporting
Click Export CSV to copy the filtered audit log to your clipboard in CSV format. The button text changes to “Copied CSV” for confirmation.
The CSV export copies to your clipboard rather than downloading a file. Paste it into a spreadsheet or save it to a file manually.
Governance Audit Tab
The governance audit log tracks administrative and sync events:
| Action | Description |
|---|---|
device_approved | A device was approved to join the workspace |
device_denied | A pending device was denied |
device_revoked | A device’s access was revoked |
sync_initiated | A sync session was started |
document_shared | A document was shared with peers |
document_unshared | Sharing was removed from a document |
license_activated | A license key was activated |
license_deactivated | A license was deactivated |
The governance log shows columns for Time, Actor, Action, Target, and Details. Click the expand arrow on any row with details to see the full JSON payload.
Filtering
Use the Action dropdown to filter by event type.
Pagination
The governance log loads 50 entries at a time. Click Load more at the bottom to fetch the next page.
How Logs Are Stored
Audit logs are stored in your local encrypted database. They are encrypted at rest with the same AES-256-GCM protection as your wiki pages.
Audit logs are append-only. They cannot be edited or deleted by any user, including admins.