Overview
Every security-sensitive action in PassAgent is recorded in an immutable audit log. Audit events include contextual information for forensic analysis while automatically redacting sensitive data.Event schema
Tracked actions
Vault operations
| Action | Trigger |
|---|---|
vault.item_accessed | Password reveal or decryption |
password.imported | Bulk password import |
password.export | Vault export |
password.reset_initiated | AI reset flow started |
password.shared | Credential shared with another user |
Travel fortress
| Action | Trigger |
|---|---|
vault.travel_fortress_pin_set | Travel PIN created |
vault.travel_fortress_duress_pin_set | Duress PIN created |
vault.travel_fortress_enable | Travel mode activated |
vault.travel_fortress_disable | Travel mode deactivated |
vault.travel_fortress_pin_failed | Incorrect PIN attempt |
vault.travel_fortress_duress | Duress PIN entered |
vault.travel_fortress_duress_recovered | Recovery from duress |
vault.travel_fortress_mark | Items marked for travel |
vault.travel_pin_forgot_requested | PIN reset requested |
vault.travel_pin_forgot_verified | PIN reset verified |
vault.travel_pin_reset_completed | PIN reset completed |
Family and sharing
| Action | Trigger |
|---|---|
family.created | Family vault created |
family.updated | Family settings changed |
family.deleted | Family vault deleted |
Authentication
| Action | Trigger |
|---|---|
rate_limit | Rate limit hit |
breach.checked | HIBP breach check performed |
Metadata redaction
Sensitive keys in metadata are automatically redacted (one level deep):password,token,secret,keycredential,authorization,cookie
[REDACTED] before storage.
Storage and retention
- Stored in the
audit_logsSupabase table - Timestamps added automatically by the database
- Request IDs enable cross-log correlation
- Retention: minimum 365 days for compliance
- Admin export: available via
/api/admin/audit-export
Viewing audit logs
Navigate to Dashboard > Security to view your audit log. Filter by:- Action type
- Date range
- Resource
- IP address