wrap, unwrap, privilegedwrap and digest actions
-
wrap: a wrap request has been made. This is the case whenever a key is encrypted.
-
unwrap: an unwrap request has been made. This is the case whenever a key is decrypted.
-
privilegedwrap: a privilegedwrap request has been made. This is the case whenever a bulk file import is in progress.
-
digest: a digest request has been made. This is the case whenever a migration or encryption operation to a backup KACLS is in progress.
All these actions generate an "info" severity log in the event of success, or a "crit" severity log in the event of an error.
The log fields for these actions are as follows:
|
Field |
Description |
Type |
Required/Optional |
|---|---|---|---|
|
tenant_id |
Tenant identifier. Example: 025f02fe-bee2-444b-bf76-b5ead30327c0 |
String in uuid v4 format | Mandatory |
|
reason |
Additional context about the operation. Example: Reason of the request | String | Mandatory |
|
|
User's email address. Example: alice.dupont@gmail.com |
String | Mandatory |
| google_email | User's Google account email address. This field is always absent in the case of a digest action. Example: alice.google@gmail.com | String |
Optional |
| google_application |
Google Workspace application concerned by the operation. Prescribed values:
|
String | Mandatory |
| resource_name |
Resource identifier. Example: //googleapis.com/drive/files/1OJsaKJM5JES1yi79QCKx-13wOR1i8JPU" |
String | Mandatory |
| perimeter_id | Identifier for additional verification of authentication and authorization requests. Example: Perimeter_id of the request | String | Mandatory |
| kek_id |
Identifier of the KEK used. Example: ed7e4c13-6199-30a3-7bce-1c82a9e31e21 |
String | Mandatory |