Audit logs
Query owner-visible accountability events for secrets, bots, auth, admin actions, and privacy workflows.
Botyard audit logs give organization owners a searchable account of security and product events. They are designed for accountability: who or what acted, what resource was affected, when it happened, and which trace, request, conversation, or workforce task can help explain the event.
View audit logs
- Sign in to app.botyard.io.
- Open Audit log from the sidebar.
- Filter by domain, severity, event type, actor, or text search.
- Open an event to inspect its structured details.
Audit logs are visible to organization owners. This is intentional: audit events can include organization-wide activity across users, bots, API keys, secrets, and runtime actions.
Event model
Each audit event has a stable envelope:
| Field | Purpose |
|---|---|
| Domain | Product area, such as secrets, auth, admin, privacy, or bot_runtime. |
| Event type | Stable dotted name, such as secrets.lease.granted. |
| Severity | trace, info, warning, or critical. |
| Actor | User, bot, or API key responsible for the event. |
| Resource | Primary object affected by the event. |
| Target | Secondary object, when useful. |
| Context IDs | Request, trace, conversation, or workforce task identifiers. |
| Content | Typed event-specific metadata. |
Customer-visible audit events are separated from internal-only events. Event metadata and content are sanitized by producers and must not include secrets or raw payloads.
Secrets and Runtime Vault events
Runtime Vault emits audit events for:
- lease requested
- lease granted
- lease denied
- lease used
- lease expired
- exfiltration detected
- exfiltration blocked
Secret access logs also track lower-level access outcomes with key path, bot ID or service name, justification, TTL, timestamp, and whether access was granted, denied, or errored.
Together, these records answer two different questions:
- Audit events: What customer-visible security event happened?
- Secret access logs: Which secret key path was accessed by which bot or internal service?
Search and API access
The audit log API supports listing and structured search:
GET /v1/orgs/{org_id}/audit-eventsPOST /v1/orgs/{org_id}/audit-events/search
Use the search endpoint when you need filters. It accepts the shared Botyard filter DSL and can filter on fields such as domain, event type, severity, actor IDs, resource IDs, conversation ID, task ID, request ID, trace ID, and created time.
Safety pattern
Botyard audit logs follow an append-only accountability log pattern. Producers write structured, sanitized events with stable event names. Readers search the customer-visible event stream. Sensitive payloads stay out of the log, while IDs and typed metadata preserve enough context for investigation and compliance review.