Boundary Audit events - email, name [REDACTED] - Can this be disabled?

Hi everyone,

I’m enabling audit events in Boundary.
My question is: is there any way to have “email” and “name” not as [REDACTED] in the created cloudevent logs? Can I explicitly set that somehow?
While I do understand the implications of that from a compliance standpoint, this wouldn’t be a problem for us, and would make it easier for us to integrate with our SIEM solution, as this is only used internally and connected to our OIDC solution.
My current configuration:


events {
  audit_enabled = true
  observations_enabled = true
  sysevents_enabled = true
sink {
    name = "obs-sink"
    description = "Observations sent to a file"
    event_types = ["*"]
    format = "cloudevents-json"
    file {
      path = "/var/log/boundary"
      file_name = "events.json"
    }
}

Many thanks in advance.

you can override how sensitive and secret data is handled in config via: Controller/Worker - Events - Common Sink Parameters | Boundary by HashiCorp

1 Like

Hi @jimlambrt

Thanks for your quick response. That was it, missed that document :slight_smile:

Cheers!

@raphaelschneider did you manage to get email/username in audit logs in cleartext with audit_filter_overrides?