Expand description
KV secrets engine usage analyzer.
⚠️ DEPRECATED: Use kv-analysis analyze instead.
# Old (deprecated):
vault-audit kv-analyzer logs/*.log --output kv_usage.csv
# New (recommended):
vault-audit kv-analysis analyze logs/*.log --output kv_usage.csvSee kv_analysis for the unified command.
Analyzes KV mount access patterns from audit logs and generates detailed usage statistics per path and entity. Supports multi-file analysis (compressed or uncompressed) for long-term trend tracking.
§Usage
# Single file analysis (plain or compressed)
vault-audit kv-analyzer audit.log --output kv_usage.csv
vault-audit kv-analyzer audit.log.gz --output kv_usage.csv
# Multi-day analysis with compressed files
vault-audit kv-analyzer day1.log.gz day2.log.gz day3.log.gz --output kv_usage.csv
# Filter specific KV mount
vault-audit kv-analyzer *.log --kv-prefix "appcodes/" --output appcodes.csvCompressed File Support: Processes .gz and .zst files with no manual decompression.
§Output
Generates a CSV report with:
- Mount point
- Normalized secret path (without /data/ or /metadata/)
- Number of unique entities accessing the secret
- Total operations count
- List of unique paths accessed
§KV v2 Path Normalization
Automatically normalizes KV v2 paths:
secret/data/myapp/config→secret/myapp/configsecret/metadata/myapp/config→secret/myapp/config