Introduction
The /sys/audit-hash endpoint can be used to discover whether a given plaintext string (the input parameter) appears in the audit log in an obfuscated form.
Use Case
In HCP Vault, the file audit device is enabled by default at the path hcp-main-audit
Assuming a Vault user wants to know the hash value of plaintext "unsupported path":
❯ vault write sys/audit-hash/hcp-main-audit input="unsupported path"
Key Value
--- -----
hash hmac-sha256:42f2ffe85b5a30cc24a57ca9c791c288a63571ef7bf068ded1ed4899915adc6f
Then the Vault user can use this newly calculated hash value to find if there is a match in the audit log.
Related documentation reference: