-
Notifications
You must be signed in to change notification settings - Fork 137
SECURITY_DATA_RECOVERY_REQUEST Audit Event
Endi S. Dewata edited this page May 31, 2023
·
2 revisions
The SECURITY_DATA_RECOVERY_REQUEST audit event is generated when a recovery request is created.
Properties:
-
SubjectID: UID of agent that is generating request -
Outcome: success/failure -
RecoveryID: ID of recovery request -
DataID: ID of the key that needs to be recovered -
PubKey: public key associated with the key to be recovered.
If the recovery request is made through the UI, then PubKey will be populated.
If through the REST API, then the DataID will be populated.
Use Web UI to recover a key:
[AuditEvent=SECURITY_DATA_RECOVERY_REQUEST][SubjectID=kraadmin][Outcome=Success] [RecoveryID=316][DataID=null][PubKey=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCyElB 1jEDpzcP7SI6JmbS/BGGwAVftpxv4pD5AByWt31Buzzj17ujzD+JXAx06On+DN4n1HTwH/vfVpSRd/0N UaQld6m1hvljRNMhOcP6PfsVPQf0SweLWbZM2aRt3GJss5oynKeS4kSsNp3kyLSE7u008vOE8fQrfBdG l/zgLIwIDAQAB] security data recovery request made
Use PKI CLI to recover a key:
$ pki -n kraadmin kra-key-recovery --keyID 0x9c
The server will generate the following events:
[AuditEvent=SECURITY_DATA_RECOVERY_REQUEST][SubjectID=kraadmin][Outcome=Success] [RecoveryID=318][DataID=156][PubKey=null] security data recovery request made
|
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |