From 2ea9b669438cdff048d74cb49c9f6777e9018371 Mon Sep 17 00:00:00 2001 From: BlackDex Date: Sun, 20 Nov 2022 19:15:45 +0100 Subject: Add Organizational event logging feature This PR adds event/audit logging support for organizations. By default this feature is disabled, since it does log a lot and adds extra database transactions. All events are touched except a few, since we do not support those features (yet), like SSO for example. This feature is tested with multiple clients and all database types. Fixes #229 --- .env.template | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) (limited to '.env.template') diff --git a/.env.template b/.env.template index e06c09bd..736b6463 100644 --- a/.env.template +++ b/.env.template @@ -1,13 +1,14 @@ +# shellcheck disable=SC2034,SC2148 ## Vaultwarden Configuration File ## Uncomment any of the following lines to change the defaults ## ## Be aware that most of these settings will be overridden if they were changed ## in the admin interface. Those overrides are stored within DATA_FOLDER/config.json . ## -## By default, vaultwarden expects for this file to be named ".env" and located +## By default, Vaultwarden expects for this file to be named ".env" and located ## in the current working directory. If this is not the case, the environment ## variable ENV_FILE can be set to the location of this file prior to starting -## vaultwarden. +## Vaultwarden. ## Main data folder # DATA_FOLDER=data @@ -80,11 +81,27 @@ ## This setting applies globally to all users. # EMERGENCY_ACCESS_ALLOWED=true +## Controls whether event logging is enabled for organizations +## This setting applies to organizations. +## Default this is disabled. Also check the EVENT_CLEANUP_SCHEDULE and EVENTS_DAYS_RETAIN settings. +# ORG_EVENTS_ENABLED=false + +## Number of days to retain events stored in the database. +## If unset (the default), events are kept indefently and also disables the scheduled job! +# EVENTS_DAYS_RETAIN= + ## Job scheduler settings ## ## Job schedules use a cron-like syntax (as parsed by https://crates.io/crates/cron), ## and are always in terms of UTC time (regardless of your local time zone settings). ## +## The schedule format is a bit different from crontab as crontab does not contains seconds. +## You can test the the format here: https://crontab.guru, but remove the first digit! +## SEC MIN HOUR DAY OF MONTH MONTH DAY OF WEEK +## "0 30 9,12,15 1,15 May-Aug Mon,Wed,Fri" +## "0 30 * * * * " +## "0 30 1 * * * " +## ## How often (in ms) the job scheduler thread checks for jobs that need running. ## Set to 0 to globally disable scheduled jobs. # JOB_POLL_INTERVAL_MS=30000 @@ -108,6 +125,10 @@ ## Cron schedule of the job that grants emergency access requests that have met the required wait time. ## Defaults to hourly (5 minutes after the hour). Set blank to disable this job. # EMERGENCY_REQUEST_TIMEOUT_SCHEDULE="0 5 * * * *" +## +## Cron schedule of the job that cleans old events from the event table. +## Defaults to daily. Set blank to disable this job. Also without EVENTS_DAYS_RETAIN set, this job will not start. +# EVENT_CLEANUP_SCHEDULE="0 10 0 * * *" ## Enable extended logging, which shows timestamps and targets in the logs # EXTENDED_LOGGING=true @@ -133,7 +154,7 @@ ## Enable WAL for the DB ## Set to false to avoid enabling WAL during startup. ## Note that if the DB already has WAL enabled, you will also need to disable WAL in the DB, -## this setting only prevents vaultwarden from automatically enabling it on start. +## this setting only prevents Vaultwarden from automatically enabling it on start. ## Please read project wiki page about this setting first before changing the value as it can ## cause performance degradation or might render the service unable to start. # ENABLE_DB_WAL=true -- cgit v1.2.3