Credential audit trail?

Is there a plan / possibility to provide an audit trail for items accessed by a team member? Typically team members only use a fraction of the info stored in team vaults -- when they leave it would be helpful to only rotate secrets that had been accessed rather than everything in the vault.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:audit

Comments

  • MaxSiegel
    MaxSiegel
    1Password Alumni
    edited October 2016

    Hey @graemej!

    That's an excellent idea, and a number of other customers have requested this feature. I'll let the team know about your interest as well. :)

    There's been a healthy discussion about adding audit trails for items that are accessed in this discussion thread, among others. These particular points stand out:

    [B]efore sharing sensitive information with someone, it's important to assume that it can never be taken back. After all, while a username and password can be changed, they likely already possess any information to which these have granted them access.

    and:

    Even if we try to track access on the individual item level (which is going to be a large undertaking on its own), this information won't be sent to the server if the client is offline.

    A more reliable solution would be to create multiple vaults and organize access on the vault level. Our client apps are being updated to make it easy to work with multiple vaults.

    Again, this is a feature we're definitely looking into adding, but there are a number of technical (and human-created!) pitfalls that we need to be careful about before releasing this feature.

    ref: B5-1208

This discussion has been closed.