Audit File Access for Compliance and Security

Overview

This guide shows how to retrieve cryptographically verifiable audit records for encrypted containers. Locktera generates immutable audit logs for all container access events, including successful and denied decryption attempts.

Audit records provide visibility into who accessed a container, when access occurred, and which identity or application performed the operation. This enables organizations to meet regulatory, security, and forensic requirements without exposing container contents.

Audit logging is enforced independently of storage systems and cannot be modified or deleted.

What You Will Build

In this guide, you will:

  1. Retrieve cryptographically verifiable audit records for a container

  2. View permitted and denied container access attempts

  3. Identify the identity and application responsible for each access event

  4. Verify the timestamp and operation associated with each event

  5. Confirm the container’s complete, immutable access history

Key Concepts

Audit Records

Audit records are generated automatically whenever a container access event occurs, including:

  • Container decryption attempts

  • Successful container decryptions

  • Access denials

  • Access grants and revocations

  • Policy modifications

Audit records are cryptographically bound to the container and cannot be altered.

Audit Record Contents

Each audit record includes:

  • Container ID

  • Accessing identity (user or system)

  • Access result (permitted or denied)

  • Timestamp of access attempt

  • Operation type (decode, drm update, revoke, etc.)

  • Requesting application or API client

Audit logs do not expose container contents.

Immutability of Audit Logs

Audit records are append-only and cannot be modified or deleted.

This ensures:

  • Reliable forensic analysis

  • Tamper-resistant audit trails

  • Verifiable chain-of-custody

Common Compliance Use Cases

Audit logging supports compliance with:

  • HIPAA audit requirements

  • CJIS security policies

  • SOC 2 audit controls

  • Evidence chain-of-custody tracking

  • Enterprise security monitoring

Architecture Flow

Recipient or Application

        │ Access container

Encrypted Container (.tera)

        │ Access evaluated

Audit Record Generated


Audit Log Available via API

Prerequisites

  • Container owner API key

  • Existing encrypted container

Base URL:

https://share.locktera.com/api/v1

Authentication header:

Authorization: Bearer YOUR_API_KEY

Step 1 — Retrieve Audit Records for a Container

Retrieve audit records associated with a specific container.

Request

curl -X GET $BASE_URL/users/{user_id}/containers/{container_id}/events \
  -H "Authorization: Bearer YOUR_API_KEY"

Response

[
  {
    "org_id": "YOUR_USER_ID",
    "container_id": "CONTAINER_ID",
    "ts": "2025-01-01T00:00:00Z",
    "user": "user@company.com",
    "ip": "192.168.0.50",
    "action": "container.create",
    "detail": { ... }
  },
  {
    "org_id": "YOUR_USER_ID",
    "container_id": "CONTAINER_ID",
    "ts": "2025-01-01T01:00:00Z",
    "user": "viewer@example.com",
    "ip": "8.1.237.72",
    "action": "container.load",
    "detail": { ... }
  },
  {
    "org_id": "YOUR_USER_ID",
    "container_id": "CONTAINER_ID",
    "ts": "2025-01-01T01:00:00Z",
    "user": "viewer@example.com",
    "ip": "8.1.237.72",
    "action": "object.load",
    "detail": { ... }
  }
] 

Audit records indicate:

  • Who attempted access (user)

  • When access occurred (ts)

  • What operation was performed (action)

  • Which system or application initiated access (ip)

  • Details about the operation (detail)

This enables verification of authorized and unauthorized access attempts.

Security Properties

Audit logging ensures:

  • All container access events are recorded

  • Audit records cannot be modified or deleted

  • Audit trails are cryptographically reliable

  • Audit logs do not expose container contents

  • Audit visibility is independent of storage systems

Chain-of-Custody Support

Audit logs provide verifiable evidence of container access history.

This supports:

  • Digital evidence handling

  • Legal and regulatory compliance

  • Security incident investigation

  • Enterprise access monitoring

Summary

Locktera provides immutable audit logs for all encrypted container access events. These audit records enable organizations to verify access activity, detect unauthorized access attempts, and meet regulatory and forensic requirements without exposing protected container contents.