Secret audit
Secret Audit displays a list secret audit reports.
Secret audit reports make it easier for the management to understand the permission distribution of each secret in the system so that when users change, they can accurately and quickly grasp the addition and deletion of permissions. At the same time, it also allows auditors to globally observe the distribution of permissions of each user and the apparent ownership of each key.
A secret audit report contains the following information about each secret:
-
target server
-
user account accessing the secret
-
folder where the secret resides
-
secret name
-
user/user group with access to the secret
-
secret access permission level for the user accessing the secret
For each report entry; the report name and the date when the report was generated is displayed.
The report name follows the following naming convention:
|
The Secret Audit tab includes the following options:
Generate Report |
Select Generate Report to generate a new secret audit report. |
Search |
Enter a search term in the search field, then hit |
Refresh |
To refresh the contents, click the refresh icon. |
The following options are available for each of the generated report:
View |
Select to view the selected report. When viewed from within FortiPAM, a secret audit report looks like the following:
|
Download |
Select to export the selected report to your computer as a csv file. |
Delete |
Select to delete the selected reports. |
CLI configuration to generate secret audit report example
-
In the CLI console, enter the following command:
execute audit secret-access