takeout action
The takeout action means that an encrypted document is exported from Google.
This action generates an "info" severity log in the event of success, or a "crit" severity log in the event of an error.

The takeout action linked to the Google Drive application means that a privilegedunwrap request has been made. This is the case each time an encrypted document is exported from Google.
The log fields for this action are as follows:
Field |
Description |
Type |
Mandatory/ |
---|---|---|---|
tenant_id |
Tenant identifier. Example: 025f02fe-bee2-444b-bf76-b5ead30327c0 |
String in uuid v4 format | Mandatory |
reason |
Additional context about the operation. Example: Reason of the request | String | Mandatory |
|
User's email address. Example: alice.dupont@gmail.com |
String | Mandatory |
google_email |
User's Google account email address. This field is always absent in the case of a digest action. Example: alice.google@gmail.com |
String |
Optional |
google_application |
Google Workspace application concerned by the operation. Prescribed values:
|
String | Mandatory |
resource_name |
Resource identifier. Example: //googleapis.com/drive/files/1OJsaKJM5JES1yi79QCKx-13wOR1i8JPU" |
String | Mandatory |
perimeter_id |
Identifier for additional verification of authentication and authorization requests. Example: Perimeter_id of the request |
String | Mandatory |
kek_id |
Identifier of the KEK used. Example: ed7e4c13-6199-30a3-7bce-1c82a9e31e21 |
String | Mandatory |
Example of logs for the successful takeout action:
{
"tenant_id":"125f02fe-bee2-444b-bf76-b5ead30327d3",
"reason":"reason of the request",
"google_application": "drive|meet|calendar",
"kek_id": "cd7e4c13-6299-30a3-2ace-1a82a9c31e65",
"email": "xUVOgaJF1j6dfQnp6IaGmmFr5bSdarcicOAoSG9RkzI=",
"google_email": "SHA-256",
"resource_name": "RSA/ECB/PKCS1Padding",
"perimeter_id": "["RSA/ECB/PKCS1Padding","SHA1withRSA","SHA256withRSA"]"
}
{
"tenant_id":"125f02fe-bee2-444b-bf76-b5ead30327d3",
"reason":"reason of the request",
"google_application": "drive|meet|calendar",
"kek_id": "cd7e4c13-6299-30a3-2ace-1a82a9c31e65",
"email": "xUVOgaJF1j6dfQnp6IaGmmFr5bSdarcicOAoSG9RkzI=",
"google_email": "SHA-256",
"resource_name": "RSA/ECB/PKCS1Padding",
"perimeter_id": "["RSA/ECB/PKCS1Padding","SHA1withRSA","SHA256withRSA"]"
}

The takeout action linked to the Gmail application means that a privilegedprivatekydecrypt request has been made. This is the case each time an encrypted email is exported from Google.
The log fields for this action are as follows:
Field |
Description |
Type |
Mandatory/ |
---|---|---|---|
tenant_id |
Tenant identifier. Example: 025f02fe-bee2-444b-bf76-b5ead30327c0 |
String in uuid v4 format | Mandatory |
reason |
Additional context about the operation. Example: Reason of the request |
String | Mandatory |
|
User's email address. Example: alice.dupont@gmail.com |
String | Mandatory |
google_email |
User's Google account email address. This field is always absent in the case of a digest action. Example: alice.google@gmail.com |
String |
Optional |
google_application |
Google Workspace application concerned by the operation. Prescribed values:
|
String | Mandatory |
kek_id |
Identifier of the KEK used. Example: ed7e4c13-6199-30a3-7bce-1c82a9e31e21 |
String | Mandatory |
spki_hash_base64 |
Base64 digest of the private key. Example: EUVOiaJF1j3cfQnp6IaGjmFr5bSdarcicOAoSG9RJWI= |
String | Mandatory |
spki_hash_algorithm |
Encryption algorithm used. Prescribed value:
|
String | Mandatory |
private_key_used_algorithm |
Encryption algorithms used in this operation. Example: RSA/ECB/PKCS1Padding |
String | Mandatory |
private_key_supported_algorithms |
Encryption and signature algorithms supported by this key. Example: "["RSA/ECB/PKCS1Padding","SHA1withRSA", |
String | Mandatory |
private_key_mode |
Type of private key used during the operation. Prescribed values:
|
String | Mandatory |
Field |
Description |
Type |
Mandatory/ |
---|---|---|---|
tenant_id |
Tenant identifier. Example: 025f02fe-bee2-444b-bf76-b5ead30327c0 |
String in uuid v4 format | Mandatory |
reason |
Additional context about the operation. Example: Reason of the request |
String | Mandatory |
|
User's email address. Example: alice.dupont@gmail.com |
String | Mandatory |
google_email |
User's Google account email address. This field is always absent in the case of a digest action. Example: alice.google@gmail.com |
String |
Optional |
google_application |
Google Workspace application concerned by the operation. Prescribed values:
|
String | Mandatory |
kek_id |
Identifier of the KEK used. Example: ed7e4c13-6199-30a3-7bce-1c82a9e31e21 |
String | Mandatory |
spki_hash_base64 |
Base64 digest of the private key. Example: EUVOiaJF1j3cfQnp6IaGjmFr5bSdarcicOAoSG9RJWI= |
String | Mandatory |
spki_hash_algorithm |
Encryption algorithm used. Prescribed value:
|
String | Mandatory |
private_key_used_algorithm |
Encryption algorithms used in this operation. Example: RSA/ECB/PKCS1Padding |
String | Mandatory |
private_key_supported_algorithms |
Encryption and signature algorithms supported by this key. Example: "["RSA/ECB/PKCS1Padding","SHA1withRSA", |
String | Mandatory |
private_key_mode |
Type of private key used during the operation. Prescribed values:
|
String | Mandatory |
Example of logs for the successful takeout action:
{
"tenant_id":"025f02fe-bee2-444b-bf76-b5ead30327c0",
"reason":"reason of the request",
"google_application": "gmail",
"email":"alice@gmail.com",
"google_email": "alice.google@gmail.com",
"kek_id": "ed7e4c13-6199-30a3-7bce-1c82a9e31e21",
"algorithm": "RSA/ECB/PKCS1Padding",
"spki_hash_base64":"EUVOiaJF1j3cfQnp6IaGjmFr5bSdarcicOAoSG9RJWI=",
"spki_hash_algorithm":"SHA-256",
"private_key_used_algorithm": "RSA/ECB/PKCS1Padding",
"private_key_supported_algorithms": "["RSA/ECB/PKCS1Padding","SHA1withRSA","SHA256withRSA"]",
"private_key_mode": "private-key-pem|private-key-name"
}