Main site

Getting started

Getting started with CipherStash Audit

CipherStash Audit enables SQL statement and data access logging for PostgreSQL databases. This tutorial walks you through how to get started with Audit. You will:

  • Install the prerequisites
  • Enable audit logging for a PostgreSQL database
  • View audit logs in the CipherStash Dashboard

At the end of the guide, you will have enabled audit logging for your PostgreSQL database and be able to view the logs in the CipherStash Dashboard.

Installing prerequisites

This guide assumes you have a CipherStash account, CipherStash Proxy running, the CipherStash CLI, and a PostgreSQL database. If you haven't already, follow the Getting started with CipherStash Proxy guide, and/or create a CipherStash account by visiting https://dashboard.cipherstash.com/.

PostgreSQL

PostgreSQL Note

This guide assumes you have a PostgreSQL instance running locally on port 5432. If you want to use a hosted PostgreSQL service, we recommend using Supabase or AWS RDS.

Enabling audit logging

To enable audit logging, you need to configure the CipherStash Proxy to start collecting logs and sending them to the CipherStash API.

Step 1: Create a CipherStash account

If you haven't already, create a CipherStash account by visiting https://cipherstash.com/signup.

Step 2: Generate a cipherstash-proxy.toml configuration file

Select the workspace you want to use for the audit logs in the CipherStash Dashboard, and click on the Proxy Deployment tab.

Click on the PROXY CONFIG WIZARD button to generate a cipherstash-proxy.toml configuration file. This will prompt you to input the details of your PostgreSQL database, and generate a configuration file for you to download. You will need the following details:

  • Database name
  • Database username
  • Database password
  • Database host
  • Database port

Make sure to select the Audit product under the Features section, and click on the Generate config button. This will download a cipherstash-proxy.toml configuration file that looks like this:

1workspace_id = "..."
2client_access_key = "..."
3
4[audit]
5subscriber = "cipherstash"
6
7[database]
8name = "postgres"
9port = 5432
10host = "db"
11username = "postgres"
12password = "password"

To enable Audit in CipherStash Proxy, set the subscriber to cipherstash and configure the workspace_id and client_access_key.

Step 3: Run CipherStash Proxy

Run the CipherStash Proxy with the cipherstash-proxy.toml configuration file you generated in the previous step.

1docker run \
2    -v $(pwd)/cipherstash-proxy.toml:/etc/cipherstash-proxy/cipherstash-proxy.toml \
3    -p 6432:6432 \
4    cipherstash/cipherstash-proxy:latest

Step 4: Verify the logs are being sent

To verify that the logs are being sent to the CipherStash API, check the logs in the CipherStash Dashboard either under the Statement Logs or Data Access Logs sections.

Viewing audit logs

Once you have enabled audit logging, you can view the logs in the CipherStash Dashboard!

If you have any feedback on what type of visualizations or aggregations you'd like to see, let us know by emailing support.

Previous
CipherStash Proxy
Next
CipherStash Encrypt