feat(config): add audit logging config keys

This commit is contained in:
kolaente 2026-06-10 21:01:28 +02:00
parent 5db25ab75c
commit a4bbd02d6a
2 changed files with 41 additions and 0 deletions

View File

@ -997,6 +997,37 @@
}
]
},
{
"key": "audit",
"comment": "Audit logging writes structured JSONL records of authentication, authorization and data lifecycle events. Requires the licensed `audit_logs` feature — with `audit.enabled: true` but no active license, listeners are registered but nothing is written until a license with the feature becomes active.",
"children": [
{
"key": "enabled",
"default_value": "false",
"comment": "Whether to enable audit logging."
},
{
"key": "logfile",
"default_value": "",
"comment": "The file audit log entries are written to, one JSON object per line. If empty, defaults to `audit.log` in the configured log path."
},
{
"key": "rotation",
"children": [
{
"key": "maxsizemb",
"default_value": "100",
"comment": "Rotate the audit log file once it exceeds this size in megabytes. Set to 0 to disable size-based rotation."
},
{
"key": "maxage",
"default_value": "30",
"comment": "Delete rotated audit log files older than this many days. This only applies to the local rotated files, it is not a retention policy. Set to 0 to keep rotated files forever."
}
]
}
]
},
{
"key": "outgoingrequests",
"children": [

View File

@ -220,6 +220,11 @@ const (
WebhooksProxyPassword Key = `webhooks.proxypassword`
WebhooksAllowNonRoutableIPs Key = `webhooks.allownonroutableips`
AuditEnabled Key = `audit.enabled`
AuditLogfile Key = `audit.logfile`
AuditRotationMaxSizeMB Key = `audit.rotation.maxsizemb`
AuditRotationMaxAge Key = `audit.rotation.maxage`
OutgoingRequestsAllowNonRoutableIPs Key = `outgoingrequests.allownonroutableips`
OutgoingRequestsProxyURL Key = `outgoingrequests.proxyurl`
OutgoingRequestsProxyPassword Key = `outgoingrequests.proxypassword`
@ -483,6 +488,11 @@ func InitDefaultConfig() {
WebhooksEnabled.setDefault(true)
WebhooksTimeoutSeconds.setDefault(30)
WebhooksAllowNonRoutableIPs.setDefault(false)
// Audit
AuditEnabled.setDefault(false)
AuditLogfile.setDefault("") // empty means <log.path>/audit.log, resolved at init
AuditRotationMaxSizeMB.setDefault(100)
AuditRotationMaxAge.setDefault(30)
// Outgoing Requests
OutgoingRequestsAllowNonRoutableIPs.setDefault(false)
OutgoingRequestsTimeoutSeconds.setDefault(30)