Details for Key Management
Logging details for Key Management.
Resources
- Vaults
Log Categories
| API value (ID): | Console (Display Name) | Description |
|---|---|---|
| cryptooperations | Crypto Operations | Contains information such as who performed the crypto operations, what the operation was, and the key and key version used. |
Availability
Key Management logging is available in all the regions of the commercial realms.
Comments
You can enable logs on crypto operations on keys for a particular vault.
Contents of a Key Management Log
A Key Management log record contains the following fields:
| Field | Description |
|---|---|
| clientIpAddress | Client IP address making the Crypto API call. |
| keyVersionId | Key version OCID used to perform the operation. |
| principalId | User OCID performing the operation. |
| requestAction | Takes the following values:
|
| statusCode | API response HTTP status code. |
Sample Key Management Log
{
"datetime": 1734505542026,
"logContent": {
"data": {
"clientIpAddress": "<IP_address>",
"keyVersionId": "ocid1.keyversion.oc1.eu-frankfurt-1.<unique_ID>",
"opcRequestId": "<unique_ID>",
"principalId": "ocid1.user.oc1..<unique_ID>",
"requestAction": "DECRYPT",
"statusCode": 200
},
"id": "<unique_ID>",
"oracle": {
"compartmentid": "ocid1.tenancy.oc1..<unique_ID>",
"ingestedtime": "2024-12-18T07:05:42.327Z",
"loggroupid": "ocid1.loggroup.oc1.eu-frankfurt-1.<unique_ID>",
"logid": "ocid1.log.oc1.eu-frankfurt-1.<unique_ID>",
"tenantid": "ocid1.tenancy.oc1..<unique_ID>"
},
"source": "ocid1.vault.oc1.eu-frankfurt-1.<unique_ID>",
"specversion": "1.0",
"subject": "ocid1.key.oc1.eu-frankfurt-1.<unique_ID>",
"time": "2024-12-18T07:05:42.026Z",
"type": "com.oraclecloud.keymanagementservice.vault.crypto.decrypt"
},
"regionId": "eu-frankfurt-1"
}