Graphorin API reference v0.1.0
Graphorin API reference / @graphorin/security / / SecretsAuditEvent
Interface: SecretsAuditEvent
Defined in: packages/security/src/secrets/audit-emitter.ts:54
One audit event. The payload is intentionally minimal — never carry the secret value itself, only metadata that is safe to log (resolver / store identifier, key name, actor pointer).
Stable
Properties
| Property | Modifier | Type | Description | Defined in |
|---|---|---|---|---|
action | readonly | SecretsAuditAction | Discriminator. | packages/security/src/secrets/audit-emitter.ts:56 |
actor? | readonly | SecretsAuditActor | Optional actor pointer. | packages/security/src/secrets/audit-emitter.ts:70 |
decision | readonly | SecretsAuditDecision | Outcome. | packages/security/src/secrets/audit-emitter.ts:58 |
metadata? | readonly | Readonly<Record<string, unknown>> | Optional structured metadata. Must be safe to log. | packages/security/src/secrets/audit-emitter.ts:72 |
source | readonly | string | Stable identifier of the SecretsStore / resolver that fired the event. | packages/security/src/secrets/audit-emitter.ts:62 |
target | readonly | string | Target of the action. For secret:* events this is the secret key; for secrets:downgrade events this is the kind of store the factory downgraded to (e.g. 'env'). | packages/security/src/secrets/audit-emitter.ts:68 |
ts | readonly | number | Epoch milliseconds at which the event fired. | packages/security/src/secrets/audit-emitter.ts:60 |