Expand description
KV secrets engine usage analyzer.
Analyzes KV mount access patterns from audit logs and generates detailed usage statistics per path and entity. Supports multi-file analysis for long-term trend tracking.
§Usage
# Single file analysis
vault-audit kv-analyzer audit.log --output kv_usage.csv
# Multi-day analysis
vault-audit kv-analyzer day1.log day2.log day3.log --output kv_usage.csv
# Filter specific KV mount
vault-audit kv-analyzer *.log --kv-prefix "appcodes/" --output appcodes.csv§Output
Generates a CSV report with:
- Mount point
- Normalized secret path (without /data/ or /metadata/)
- Number of unique entities accessing the secret
- Total operations count
- List of unique paths accessed
§KV v2 Path Normalization
Automatically normalizes KV v2 paths:
secret/data/myapp/config→secret/myapp/configsecret/metadata/myapp/config→secret/myapp/config