Skip to content
OpenFirma OpenFirma
Blog

audit

Module: config::audit

Section titled “Module: config::audit”

Contents

Section titled “Contents”

Structs

Enums

  • AuditSink - Audit event output sink selector.

firma_sidecar::config::audit::AuditConfig

Section titled “firma_sidecar::config::audit::AuditConfig”

Struct

Audit emitter configuration.

Controls where enforcement events are written and how they are signed.

SinkRequired fields
stdoutnone
filefile_path
grpcgrpc_url
walgrpc_url, wal_path

Fields:

  • sink: AuditSink - Output sink. Default: stdout.
  • file_path: Option<std::path::PathBuf> - Path for the file sink. Ignored by other sinks.
  • grpc_url: Option<String> - Downstream audit service URL for grpc and wal sinks.
  • wal_path: Option<std::path::PathBuf> - Local WAL directory for the wal sink.
  • wal_max_bytes: u64 - Maximum WAL size in bytes. Default: 100 MiB.
  • signing_key_path: Option<std::path::PathBuf> - Path to the ECDSA private key used for event signing.
  • signing_key_env: Option<String> - Environment variable containing the ECDSA private key (PEM).

Methods:

  • fn validate(self: &Self) -> Result<(), String> - Validate the audit configuration.

Trait Implementations:

  • Clone
    • fn clone(self: &Self) -> AuditConfig
  • Deserialize
    • fn deserialize<__D>(__deserializer: __D) -> _serde::__private228::Result<Self, <__D as >::Error>
  • Debug
    • fn fmt(self: &Self, f: & mut $crate::fmt::Formatter) -> $crate::fmt::Result
  • Default
    • fn default() -> Self

firma_sidecar::config::audit::AuditSink

Section titled “firma_sidecar::config::audit::AuditSink”

Enum

Audit event output sink selector.

Variants:

  • Stdout - Structured JSON lines written to stdout (default for containers).
  • File - Append-only file sink.
  • Grpc - Streaming gRPC sink to a downstream audit service.
  • Wal - Write-ahead log: buffers events locally when gRPC is

Traits: Eq, Copy

Trait Implementations:

  • Clone
    • fn clone(self: &Self) -> AuditSink
  • Display
    • fn fmt(self: &Self, f: & mut fmt::Formatter) -> fmt::Result
  • Debug
    • fn fmt(self: &Self, f: & mut $crate::fmt::Formatter) -> $crate::fmt::Result
  • Default
    • fn default() -> AuditSink
  • PartialEq
    • fn eq(self: &Self, other: &AuditSink) -> bool
  • Deserialize
    • fn deserialize<__D>(__deserializer: __D) -> _serde::__private228::Result<Self, <__D as >::Error>