GitLab

I put this here for comment, let me know what you think, or if you have additional idea.

Now that we have the per-user encrypted transaction log in iapi, I really want an audit log for user accounts. The audit events can be listed by the user and some of the more important ones should also generate a notification email.

Ideas for entries:

• pw settings change (pw / app pw / 2fa)
• security settings change: recovery email, recovery token displayed or mailed, pgp key changed
• invite code created
• services (resources) created / deleted
• logins (where and how), this one probably with a short ttl, e.g. stored just for 1-2 weeks

maybe longterm (if we can implement it in a reasonable way):

• login with new / unknown device