Skip to main content

Audit Log

Overview

Every action in ID Wispera is logged. The audit log provides complete visibility into credential usage across creation, access, modification, revocation, sharing, and delegation events.

What Gets Logged

Each audit entry captures:
FieldDescription
ActorWho performed the action (user, MCP agent, delegate)
TimestampWhen it occurred, with timezone
PlatformWhich platform or integration triggered the action
PurposeThe stated reason for the access
Action typeOne of: creation, access, modification, revocation, sharing, delegation

Viewing the Audit Log

Use the CLI to view the full audit trail: 
idw audit
To view the audit trail for a specific passport: 
idw audit <passport-id>

MCP Audit Trail

Every credential access through the MCP integration is logged automatically: 
2024-01-15 10:30:45 | ACCESSED | passport: OpenAI Production
                     | actor: mcp-agent
                     | purpose: Making API call for user request
MCP audit entries include the purpose field provided by the AI agent, giving you full context for why a credential was accessed.

Audit Log Integrity

The audit log is designed to be tamper-resistant:
  • Append-only — Entries cannot be modified or deleted.
  • Encrypted with the vault — The log is protected by the same AES-256-GCM encryption as your credentials, making it tamper-evident.
  • Delegation chain tracking — Full delegation chain events are recorded, so you can trace access back through every link.

Export Formats

The audit log supports export for integration with external compliance and monitoring tools: 
# Export to CSV
idw audit --export csv > audit-report.csv

# Export to JSON
idw audit --export json > audit-report.json
Pipe the JSON export into tools like jq for ad-hoc analysis, or feed the CSV into your SIEM platform for centralized monitoring.

Compliance Considerations

Audit Requirements

ID Wispera’s audit log satisfies common compliance requirements:
  • Complete access history for every credential
  • Actor identification on every event
  • Timestamps with timezone for accurate chronology
  • Platform and purpose tracking for access justification
  • Export to CSV and JSON for external review

Data Residency

  • Credentials are stored locally on your machine
  • No cloud sync is required
  • Optional self-hosted sync for team environments
  • Audit logs stay local alongside the vault
Because all data remains local by default, ID Wispera can help satisfy data residency requirements without additional configuration.

Access Control

The policy engine supports fine-grained access control:
  • Role-based restrictions via tags
  • Time-based access windows
  • Approval workflows for sensitive credentials
  • Delegation limits to control credential sharing depth

Incident Response

Credential Exposure

If a credential has been exposed:
  1. Immediately revoke the passport: 
    idw revoke <passport-id> --reason "Exposed in [location]"
  2. Review the audit log to understand the scope of exposure: 
    idw audit <passport-id>
  3. Rotate the credential at the source provider.
  4. Create a new passport with the fresh credential.
Do not skip the rotation step. Revoking the passport in ID Wispera does not invalidate the credential at the source provider. You must rotate the credential directly with the provider.

Vault Compromise

If you suspect the vault file or passphrase has been compromised:
  1. Generate new credentials at all source providers.
  2. Create a new vault with idw init.
  3. Import the fresh credentials into the new vault.
  4. Securely delete the old vault file.

Suspicious Activity

If you notice anomalous patterns in the audit log:
  1. Review the audit log for unauthorized access entries.
  2. Check for unusual access patterns (unexpected times, unknown actors).
  3. Verify delegation chains for unauthorized delegates.
  4. Revoke any suspicious passports immediately.
  5. Notify affected parties if credentials may have been misused.

Next steps

Security architecture

Understand the encryption model and threat model behind ID Wispera.

Policy engine

Configure declarative access control rules for credential governance.

SDK usage

Integrate ID Wispera programmatically into your applications.