Viewing Operation History
The log command displays the history of secrets operations from the
audit log.
Basic usage
Section titled “Basic usage”View the full log in chronological order (oldest first):
kanuka secrets logOutput:
2024-01-15 10:30:00 [email protected] encrypt .env, .env.local2024-01-15 10:35:00 [email protected] register [email protected]2024-01-15 11:00:00 [email protected] revoke [email protected]2024-01-15 11:30:00 [email protected] sync 3 users, 5 filesFiltering entries
Section titled “Filtering entries”By user
Section titled “By user”Show only entries from a specific user:
By operation
Section titled “By operation”Show only specific operation types:
# Single operationkanuka secrets log --operation encrypt
# Multiple operations (comma-separated)kanuka secrets log --operation register,revokeBy date
Section titled “By date”Filter entries by date range:
# Entries after a datekanuka secrets log --since 2024-01-01
# Entries before a datekanuka secrets log --until 2024-01-31
# Entries within a rangekanuka secrets log --since 2024-01-01 --until 2024-01-31Combining filters
Section titled “Combining filters”Filters can be combined:
Limiting output
Section titled “Limiting output”Number of entries
Section titled “Number of entries”Show only the last N entries:
kanuka secrets log -n 10Reverse order
Section titled “Reverse order”Show most recent entries first (like git log):
kanuka secrets log --reverseCombine with -n to get the N most recent entries:
kanuka secrets log --reverse -n 5Output formats
Section titled “Output formats”Default format
Section titled “Default format”The default format shows timestamp, user, operation, and details in columns:
2024-01-15 10:30:00 [email protected] encrypt .env, .env.localCompact format
Section titled “Compact format”Use --oneline for a more compact format:
kanuka secrets log --onelineOutput:
2024-01-15 [email protected] encrypt 2 files2024-01-15 [email protected] register [email protected]JSON format
Section titled “JSON format”For scripting and automation, output as a JSON array:
kanuka secrets log --jsonOutput:
[ {"ts":"2024-01-15T10:30:00.123456Z","user":"[email protected]","uuid":"a1b2c3d4","op":"encrypt","files":[".env",".env.local"]}, {"ts":"2024-01-15T10:35:00.456789Z","user":"[email protected]","uuid":"b2c3d4e5","op":"register","target_user":"[email protected]"}]Examples
Section titled “Examples”Recent activity
Section titled “Recent activity”See what happened in the last week:
kanuka secrets log --since $(date -v-7d +%Y-%m-%d) --reverseUser audit
Section titled “User audit”Review all actions by a specific user:
Access changes
Section titled “Access changes”Track who has been added or removed:
kanuka secrets log --operation register,revokeCI/CD integration
Section titled “CI/CD integration”Get recent activity as JSON for processing:
kanuka secrets log --json -n 100 | jq '.[] | select(.op == "encrypt")'When log is empty
Section titled “When log is empty”If the audit log doesn’t exist or is empty, you’ll see an appropriate message:
# No log file$ kanuka secrets logNo audit log found. Operations will be logged after running any secrets command.
# Empty log$ kanuka secrets logNo audit log entries found.Next steps
Section titled “Next steps”- Learn about the audit log format
- See the command reference for all options