I am trying to configure Vault Audit and as per helm values, we create PVC then we use command “vault audit enable file file_path=/vault/audit/vault_audit.log”
Problem is no rotation configuration or even retention option so log will be growing tell we delete it manually.
auditStorage:
enabled: true
# Size of the PVC created
size: 10Gi
# Location where the PVC will be mounted.
mountPath: "/vault/audit"
# Name of the storage class to use. If null it will use the
# configured default Storage Class.
storageClass: null
# Access Mode of the storage device being used for the PVC
accessMode: ReadWriteOnce
# Annotations to apply to the PVC
annotations: {}
However, my suggestion is to ship the audit logs out to log collector rather than using files. Graylog, Splunk, etc… will make your life a lot easier when you need to parse the audit files.