Decrypted the encrypted sensitive values in logs


We extract boundary logs with sink configuration and set “encrypt” option on audit config log. But do you know how we can decrypt this logs ? And if it’s possible ?

Hi there,

It’s currently possible with the knowledge to write a bit of Go code – you’d have to connect to the DB, pull out the encryption KEK, use it to decrypt the DEK, then use that to decrypt values for a scope. We do intend to find a way to make this easier in the future while still ensuring that there is appropriate access control, whether via the API or CLI.

1 Like

@PPacent tagging you FYI

1 Like

Thanks for this reply