-
Notifications
You must be signed in to change notification settings - Fork 137
SECURITY_DATA_EXPORT_KEY Audit Event
The SECURITY_DATA_EXPORT_KEY audit event is generated when the key is retrieved, wrapped appropriately, and returned to the client.
Properties:
-
SubjectID: UID of agent that is retrieving the key/secret -
Outcome: Success/ Failure -
RecoveryID: ID of recovery request -
Info: Information about the request, including failure reason if the request fails. -
PubKey: public key associated with the export
If the key is recovered from the UI, Info will not be populated (except for failure cases).
For a request through the REST API, Info such as the following may be seen:
Info=KeyService.getKey:;keyID=156;requestID=319;synchronous=false;ephemeral=false
These are the logs created when the key is retrieved as a PKCS #12 file from the KRA UI.
[AuditEvent=SECURITY_DATA_RECOVERY_REQUEST_PROCESSED][SubjectID=kraadmin][Outcom e=Success][RecoveryID=316][KeyID=157][FailureReason=null][RecoveryAgents=kraadmi n,kraadmin] security data recovery request processed [AuditEvent=SECURITY_DATA_EXPORT_KEY][SubjectID=kraadmin][Outcome=Success][Recov eryID=316][KeyID=null][Info=null][PubKey=null] security data retrieval request
Use PKI CLI to retrieve a key by request ID:
$ pki -n kraadmin kra-key-retrieve --requestID 0x13f
The server will generate the following logs:
[AuditEvent=SECURITY_DATA_RECOVERY_REQUEST_PROCESSED][SubjectID=kraadmin][Outcom e=Success][RecoveryID=319][KeyID=156][FailureReason=KeyService.getKey:;keyID=156 ;requestID=319;synchronous=false;ephemeral=false][RecoveryAgents=kraadmin,kraadm in] security data recovery request processed [AuditEvent=SECURITY_DATA_EXPORT_KEY][SubjectID=kraadmin][Outcome=Success][Recov eryID=319][KeyID=156][Info=KeyService.getKey:;keyID=156;requestID=319;synchronou s=false;ephemeral=false][PubKey=null] security data retrieval request
Use PKI CLI to retrieve a key directly:
$ pki -n kraadmin kra-key-retrieve --keyID 0x9c
[AuditEvent=SECURITY_DATA_RECOVERY_REQUEST][SubjectID=kraadmin][Outcome=Success] [RecoveryID=320][DataID=156][PubKey=null] security data recovery request made [AuditEvent=SECURITY_DATA_RECOVERY_REQUEST_PROCESSED][SubjectID=kraadmin][Outcom e=Success][RecoveryID=320][KeyID=156][FailureReason=KeyService.getKey:;keyID=156 ;requestID=320;synchronous=true;ephemeral=false][RecoveryAgents=kraadmin] securi ty data recovery request processed [AuditEvent=SECURITY_DATA_EXPORT_KEY][SubjectID=kraadmin][Outcome=Success][Recov eryID=320][KeyID=156][Info=KeyService.getKey:;keyID=156;requestID=320;synchronou s=true;ephemeral=false][PubKey=null] security data retrieval request
Same example - this time with ephemeral requests enabled.
[AuditEvent=SECURITY_DATA_RECOVERY_REQUEST][SubjectID=kraadmin][Outcome=Success] [RecoveryID=14954844711196918][DataID=156][PubKey=null] security data recovery r equest made [AuditEvent=SECURITY_DATA_RECOVERY_REQUEST_PROCESSED][SubjectID=kraadmin][Outcom e=Success][RecoveryID=14954844711196918][KeyID=156][FailureReason=KeyService.get Key:;keyID=156;requestID=14954844711196918;synchronous=true;ephemeral=true][Reco veryAgents=kraadmin] security data recovery request processed [AuditEvent=SECURITY_DATA_EXPORT_KEY][SubjectID=kraadmin][Outcome=Success][Recov eryID=14954844711196918][KeyID=156][Info=KeyService.getKey:;keyID=156;requestID= 14954844711196918;synchronous=true;ephemeral=true][PubKey=null] security data re trieval request
|
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |