Blog Releases Issues Docs Download Status Looking Glass Contact Sales
Network Resilience Recovery Security Immutable Vault Tamper-Evident Audit Pricing
Developers
Developer overviewCLI, SDKs, webhooks InfrastructureDocker, K8s, Terraform, CI/CD. AI AgentsClaude Code, Codex, Cursor, Hermes, OpenClaw. MSP ToolsDatto, NinjaOne, ConnectWise, N-able. Browser extensionAutofill, device-based login, generator Mobile appsNative iOS and Android Claude CodeScoped tokens CodexOpenAI integration CursorAgent mode Hermes AgentHermes Agent by Nous Research OpenClawAgent resolver ImportFrom any password manager
Resources
Blog Releases Issues Docs Download Status Looking Glass Contact Sales
Solutions
Consumer SMB Enterprise MSP
Language
🇺🇸 English 🇮🇩 Bahasa Indonesia 🇩🇰 Dansk 🇩🇪 Deutsch 🇪🇸 Español 🇫🇷 Français 🇮🇹 Italiano 🇳🇱 Nederlands 🇳🇴 Norsk 🇵🇱 Polski 🇧🇷 Português 🇫🇮 Suomi 🇸🇪 Svenska 🇻🇳 Tiếng Việt 🇹🇷 Türkçe 🇷🇺 Русский 🇺🇦 Українська 🇮🇳 हिन्दी 🇹🇭 ไทย 🇨🇳 中文 🇯🇵 日本語 🇰🇷 한국어
Sign in Gratis selamanya Get started
Documentation is available in English only.

Limits, honestly

The audit log is strong evidence — and being clear about its edges is part of what makes it trustworthy.

It holds metadata, never your secrets

The log records that a credential was read, by whom, when, and from where. It never records the credential's value. This is deliberate: an audit trail that copied your secrets would be a second place they could leak. The record is about access, not content — so even a fully readable audit log exposes no password, key, or token.

Retention has a window

Audit records are kept for a defined retention period that depends on your plan — long enough to satisfy the compliance regimes our customers operate under. Events age out at the end of that window. If you need a permanent external record, export what you need (CSV) and keep it in your own system of record; exported events are yours to retain as long as you like.

Verification proves integrity, not innocence

A verified chain proves the record wasn't altered after the fact. It does not prove that every logged action was authorized — that's what access control, scopes, and the hardware-key gate are for. Read the log to see what happened; verify the chain to know the log is honest about it. Two different guarantees, both needed.

Early records may predate the chain

If your vault was created before tamper-evidence was introduced, its earliest events exist but sit outside the hash chain. The verification badge reports these separately as pre-chain records — they're shown honestly as "not covered" rather than counted as verified. Everything written since is fully chained.

The witness needs the network

The off-box witness that detects a wholesale log wipe depends on reaching the central infrastructure. If that's temporarily unreachable, your local chain still verifies on its own — the badge tells you so — and re-confirms against the witness once connectivity returns. A network blip weakens one layer, not the whole guarantee.

---

If your compliance posture needs something specific — a particular retention period, a direct SIEM feed, a signed export — talk to us. We'd rather design it with you than have you discover a limit later.