Overview - Infisical

Getting Started

Platform

Authentication Methods

Self-host Infisical

Internals

Contributing

Note that Audit Logs is a paid feature.

If you’re using Infisical Cloud, then it is available under the Pro, and Enterprise Tier with varying retention periods. If you’re self-hosting Infisical, then you should contact [email protected] to purchase an enterprise license to use it.

Infisical provides audit logs for security and compliance teams to monitor information access. With the Audit Log functionality, teams can:

Track 40+ different events;
Filter audit logs by event, actor, source, date or any combination of these filters;
Inspect extensive metadata in the event of any suspicious activity or incident review.

Audit Log Structure

Each log contains the following data:

Field	Type	Description	Purpose
event	Object	Contains details about the action performed	Captures what happened
event.type	String	The specific action that occurred (e.g., “create-secret”)	Identifies the exact operation
event.metadata	Object	Context-specific details about the event	Provides detailed information relevant to the specific action
actor	Object	Information about who performed the action	Identifies the responsible entity
actor.type	String	Category of actor (user, service, identity, etc.)	Distinguishes between human and non-human actors
actor.metadata	Object	Details about the specific actor	Provides identity information
actor.metadata.userId	String	Unique identifier for user actors	Links to specific user account
actor.metadata.email	String	Email address for user actors	Email of the executing user
actor.metadata.username	String	Username for user actors	Username of the executing user
actor.metadata.serviceId	String	Identifier for service actors	ID of specific service token
actor.metadata.identityId	String	Identifier for identity actors	ID to specific identity
actor.metadata.permission	Object	Permission context for the action	Shows permission template data when action was performed
orgId	String	Organization identifier	Indicates which organization the action occurred in
projectId	String	Project identifier	Indicates which project the action affected
ipAddress	String	Source IP address	Shows where the request originated from
userAgent	String	Client application information	Identifies browser or application used
userAgentType	String	Category of client (web, CLI, SDK, etc.)	Classifies the access method
timestamp	DateTime	When the action occurred	Records the exact time of the event

Example Payload

{
   "id": "[UUID]",
   "ipAddress": "[IP_ADDRESS]",
   "userAgent": "[USER_AGENT_STRING]",
   "userAgentType": "web",
   "expiresAt": "[TIMESTAMP]",
   "createdAt": "[TIMESTAMP]",
   "updatedAt": "[TIMESTAMP]",
   "orgId": "[ORGANIZATION_UUID]",
   "projectId": "[PROJECT_UUID]",
   "projectName": "[PROJECT_NAME]",
   "event": {
       "type": "get-secrets",
       "metadata": {
           "secretPath": "[PATH]",
           "environment": "[ENVIRONMENT_NAME]",
           "numberOfSecrets": [NUMBER]
       }
   },
   "actor": {
       "type": "user",
       "metadata": {
           "email": "[EMAIL]",
           "userId": "[USER_UUID]",
           "username": "[USERNAME]",
           "permission": {
               "metadata": {},
               "auth": {}
           }
       }
   }
}

User Groups Audit Log Streams

On this page

Audit Log Structure