Hi,
We extract boundary logs with sink configuration and set “encrypt” option on audit config log. But do you know how we can decrypt this logs ? And if it’s possible ?
Hi,
We extract boundary logs with sink configuration and set “encrypt” option on audit config log. But do you know how we can decrypt this logs ? And if it’s possible ?
Hi there,
It’s currently possible with the knowledge to write a bit of Go code – you’d have to connect to the DB, pull out the encryption KEK, use it to decrypt the DEK, then use that to decrypt values for a scope. We do intend to find a way to make this easier in the future while still ensuring that there is appropriate access control, whether via the API or CLI.
Thanks for this reply