Audit Dashboard is the main dashboard for ESI Audit & Compliance. It is accessible globally within https://app.externalsecrets.com and presents information regarding Secrets within the configured providers:
When was the last time the secret was updated
When was the last time the secret was accessed (and by whom)
Rotation and Access Logs
Which secrets duplicates (totally or partially the accessed secret)
Which secrets are non compliant to policies (see more in the next section)
As part of ESI Audit & Compliance, you can create policies to monitor secrets posture across your organization.Policies are supported on OPA/Rego language, and are possible to be evaluated on several conditions:
When a secret was accessed
When a secret was created
When a secret was updated
When a secret was deleted
When a secret RBAC was created
When a secret RBAC was updated
When a secret RBAC was deleted
These Events are available for sampling within the Audit Dashboard in order to facilitate Policy Creation/troubleshooting.All of these are calculated real-time by the Audit Listener.
This is the main component responsible to do the heavy work for audit and compliance.
It is responsible to connect to each provider (see providers section to know more about how each provider is connected) and to generate events & policy compliance according to events.It is also responsible to keep track on accessors, duplication, and rotation across configured providers.The Audit Listener is responsible to process events from these providers and calculates results in the fashion of metrics.These results do not contain any sensitive data (only metadata of the results on the activities performed by the listener).These metrics are available directly to the end user (via a prometheus endpoint) and transmitted directly to the audit dashboard.