A password manager is only as trustworthy as its accountability layer. SealedKeys logs every view, copy, edit and deletion — with user identity, timestamp and IP — in an immutable audit trail you can filter and export.
Recorded when a team member opens and decrypts a vault item — not just that they visited the vault.
Clicking the copy button on any field is logged separately from a view — useful for distinguishing browse from actual use.
Who created the item, when, and from which IP. Useful for onboarding audits.
Every field change logged with before/after content hash, user and timestamp.
Deletions are logged even after the item is removed — the audit trail is immutable.
Access grant and revocation events logged at the organisation level.
Authentication failures and MFA failures recorded — useful for detecting credential stuffing.
Each event includes: timestamp · user email · user IP · vault · secret name (not value)
A credential was used without authorisation. The audit log tells you exactly which team member accessed it, from which IP, and at what time — in seconds, not hours of investigation.
ISO 27001, SOC 2 and Cyber Essentials all require evidence of access control. The audit log is your artefact — filterable, exportable, and timestamped.
When a contractor leaves, the offboarding checklist uses the audit log to identify every secret they accessed. You know exactly what to rotate — no guesswork.
Demonstrate to clients that their credentials are managed with full accountability. Show an access history for any secret — who viewed it, when, from where.
Filterable by vault, user and event type
Filterable and exportable as JSON or CSV
Configurable retention, SIEM integration
SealedKeys logs: secret viewed, secret copied (each field copy is a separate event), secret created, secret edited, secret deleted, team member invited, team member removed, failed login attempts, and MFA events. All events include timestamp, user identity and IP address.
Free plan: 30 days of audit log history. Pro plan: 1 year. Enterprise: configurable retention. Logs are immutable — they cannot be edited or deleted by team members or admins.
Yes. The audit log can be exported as JSON or CSV from the Audit Log page. Useful for feeding into SIEM tools, compliance artefacts or incident reports.
Audit log entries are append-only and cannot be modified or deleted by any user, including organisation admins. Only SealedKeys infrastructure could alter them — and this would be a terms of service violation. For cryptographic audit log integrity guarantees, contact hello@sealedkeys.com to discuss enterprise requirements.
Yes. Logging events doesn't require SealedKeys to read your secrets. When a team member views a secret, the decryption happens in their browser — SealedKeys logs that the event occurred, not the plaintext content. The audit log records access patterns, not secret values.
Yes. The audit log provides evidence for SOC 2 CC6 (logical access) and CC7 (system operations) controls, and ISO 27001 Annex A 9.4 (system and application access control). Export it as an artefact for your audit. SealedKeys can provide a pentest report and architecture documentation on request.
25 items free. 30-day audit log on Free, 1 year on Pro. No credit card.