Hi,
I am looking to disable hashing of lease_id in Vault audit logs.
I have tuned every secrets engine except sys/, and every auth method with the options
-audit-non-hmac-request-keys=lease_id -audit-non-hmac-response-keys=lease_id
Now, when I list or renew a lease, the audit log still outputs the hmac hash instead of clear text. When I set the audit device to log in raw format, it is unhashed.
Following the path, it appears that I would have to tune sys/ for what I need, however, sys/ cannot be tuned.
Is there a way I can accomplish this without resorting to raw audit logs?
Thanks!
-ben