Goal
The goal would be that the client using "libkmsp11" library could provide some custom fields that would be present in Audit Logs on Google Cloud.
Why
We would like to have the ability to match sign operation logs that we already have on our side with the audit logs that are available on Google Cloud. Currently the audit logs for sign operations only contain request data and some info about clients but there is no way of linking requests from our side with logs on Google Cloud. We noticed "metadata" field in Google Cloud audit logs, but could not find a way to set them for KMS requests.
I think most basic implementation would be to provide one file through environment variable (like configuration file) that contains key value pairs that would be then passed as custom audit log fields.
Goal
The goal would be that the client using "libkmsp11" library could provide some custom fields that would be present in Audit Logs on Google Cloud.
Why
We would like to have the ability to match sign operation logs that we already have on our side with the audit logs that are available on Google Cloud. Currently the audit logs for sign operations only contain request data and some info about clients but there is no way of linking requests from our side with logs on Google Cloud. We noticed "metadata" field in Google Cloud audit logs, but could not find a way to set them for KMS requests.
I think most basic implementation would be to provide one file through environment variable (like configuration file) that contains key value pairs that would be then passed as custom audit log fields.