Audit File Access for Compliance and Security
Overview
This guide shows how to retrieve cryptographically verifiable audit records for encrypted containers. Locktera generates immutable audit logs for all container access events, including successful and denied decryption attempts.
Audit records provide visibility into who accessed a container, when access occurred, and which identity or application performed the operation. This enables organizations to meet regulatory, security, and forensic requirements without exposing container contents.
Audit logging is enforced independently of storage systems and cannot be modified or deleted.
What You Will Build
In this guide, you will:
-
Retrieve cryptographically verifiable audit records for a container
-
View permitted and denied container access attempts
-
Identify the identity and application responsible for each access event
-
Verify the timestamp and operation associated with each event
-
Confirm the container’s complete, immutable access history
Key Concepts
Audit Records
Audit records are generated automatically whenever a container access event occurs, including:
-
Container decryption attempts
-
Successful container decryptions
-
Access denials
-
Access grants and revocations
-
Policy modifications
Audit records are cryptographically bound to the container and cannot be altered.
Audit Record Contents
Each audit record includes:
-
Container ID
-
Accessing identity (user or system)
-
Access result (permitted or denied)
-
Timestamp of access attempt
-
Operation type (decode, drm update, revoke, etc.)
-
Requesting application or API client
Audit logs do not expose container contents.
Immutability of Audit Logs
Audit records are append-only and cannot be modified or deleted.
This ensures:
-
Reliable forensic analysis
-
Tamper-resistant audit trails
-
Verifiable chain-of-custody
Common Compliance Use Cases
Audit logging supports compliance with:
-
HIPAA audit requirements
-
CJIS security policies
-
SOC 2 audit controls
-
Evidence chain-of-custody tracking
-
Enterprise security monitoring
Architecture Flow
Recipient or Application
│
│ Access container
▼
Encrypted Container (.tera)
│
│ Access evaluated
▼
Audit Record Generated
│
▼
Audit Log Available via API
Prerequisites
-
Container owner API key
-
Existing encrypted container
Base URL:
https://share.locktera.com/api/v1
Authentication header:
Authorization: Bearer YOUR_API_KEY
Step 1 — Retrieve Audit Records for a Container
Retrieve audit records associated with a specific container.
Request
curl -X GET $BASE_URL/users/{user_id}/containers/{container_id}/events \
-H "Authorization: Bearer YOUR_API_KEY"
Response
[
{
"org_id": "YOUR_USER_ID",
"container_id": "CONTAINER_ID",
"ts": "2025-01-01T00:00:00Z",
"user": "user@company.com",
"ip": "192.168.0.50",
"action": "container.create",
"detail": { ... }
},
{
"org_id": "YOUR_USER_ID",
"container_id": "CONTAINER_ID",
"ts": "2025-01-01T01:00:00Z",
"user": "viewer@example.com",
"ip": "8.1.237.72",
"action": "container.load",
"detail": { ... }
},
{
"org_id": "YOUR_USER_ID",
"container_id": "CONTAINER_ID",
"ts": "2025-01-01T01:00:00Z",
"user": "viewer@example.com",
"ip": "8.1.237.72",
"action": "object.load",
"detail": { ... }
}
]
Audit records indicate:
-
Who attempted access (
user) -
When access occurred (
ts) -
What operation was performed (
action) -
Which system or application initiated access (
ip) -
Details about the operation (
detail)
This enables verification of authorized and unauthorized access attempts.
Security Properties
Audit logging ensures:
-
All container access events are recorded
-
Audit records cannot be modified or deleted
-
Audit trails are cryptographically reliable
-
Audit logs do not expose container contents
-
Audit visibility is independent of storage systems
Chain-of-Custody Support
Audit logs provide verifiable evidence of container access history.
This supports:
-
Digital evidence handling
-
Legal and regulatory compliance
-
Security incident investigation
-
Enterprise access monitoring
Summary
Locktera provides immutable audit logs for all encrypted container access events. These audit records enable organizations to verify access activity, detect unauthorized access attempts, and meet regulatory and forensic requirements without exposing protected container contents.
