»audit enable

The audit enable command enables an audit device at a given path. If an audit device already exists at the given path, an error is returned. Additional options for configuring the audit device are provided as KEY=VALUE. Each audit device declares its own set of configuration options.

Once an audit device is enabled, almost every request and response will be logged to the device.


Enable the audit device "file" enabled at "file/":

$ vault audit enable file file_path=/tmp/my-file.txt
Success! Enabled the file audit device at: file/
$ vault audit enable file file_path=/tmp/my-file.txtSuccess! Enabled the file audit device at: file/

Full configuration parameters for each audit device are available on the Audit Devices page.


The following flags are available in addition to the standard set of flags included on all commands.

  • -description (string: "") - Human-friendly description for the purpose of this audit device.

  • -local (bool: false) - Mark the audit device as a local-only device. Local devices are not replicated or removed by replication.

  • -path (string: "") - Place where the audit device will be accessible. This must be unique across all audit devices. This defaults to the "type" of the audit device.