IssueTracker

Hello,

Operations are kept only a short time and they actually hold much less information than Audit logs actually keep (i.e. Compute Engine operations). Could you please tell me if I'm getting this wrong? Speaking of Audit logs, I'd like to say that logs only reflect the fact that there was an setMetadata operation and that metadata in question was an ssh-key (at least in this use case). However, user really does not know whether it was an addition of a key, removal etc. I got from this issue that key info is a sensitive information, but it would be good if we could somehow get a better view on what has been going on at specified times. This would be extremely useful for external audits.

Best regards, Daniel Jankovic

Hello,

According to the Public Issue Tracker Process, we wait for a bug to gain a handful of stars, and hopefully, comments from several users before the engineering team works on the issue. Though we can't provide an ETA on this issue nor guarantee their implementation, rest assured that your feedback is always taken very seriously.

To ensure a faster resolution and dedicated support for your issue, I kindly request you to file a support ticket by clicking here. Our support team will prioritize your request and provide you with the assistance you need.

Please note that the Issue Tracker is primarily meant for reporting bugs and requesting new features. For individual support issues, it is best to utilize the support ticketing system. If you have any additional issues or concerns, please don’t hesitate to create a new thread on the Issue Tracker. We appreciate your cooperation!

Thanks & Regards

Hello,

not sure if this was for me or not, but in the interest of bumping the issue a bit, I will reply anyway. I came here from a ticket actually - GCP support forwarded me here, even though this is not exactly matching my ticket 100%. Support ticket I opened was opened due to an external audit and the question they raised about provenance and historization of ssh-keys in Compute engine (i.e. metadata). They were worried about users with permission to do setMetadata (project wide or compute vm's) can add their own ssh-key and connect to the machine without project admins knowing about it. After going thoroughly through the (audit) logs, we found answers to the 'who' and 'when' questions, but we were left without answer to 'which key, which machine was affected'.

Thanks, Daniel Jankovic