Confidential Computing audit logging

This document describes audit logging for Confidential Computing. Google Cloud services write audit logs that record administrative activities and accesses within your Google Cloud resources. For more information, see Cloud Audit Logs overview.

This page was last generated on 2024-05-23 18:15:50 UTC.

Service name

Confidential Computing audit logs use the service name confidentialcomputing.googleapis.com.

Methods by permission type

Methods that check DATA_READ, DATA_WRITE, and ADMIN_READ permission types are Data Access audit logs. Methods that check ADMIN_WRITE permission types are Admin Activity audit logs.

Permission type Methods
ADMIN_WRITE google.cloud.confidentialcomputing.v1.ConfidentialComputing.CreateChallenge
google.cloud.confidentialcomputing.v1.ConfidentialComputing.VerifyAttestation
google.cloud.confidentialcomputing.v1alpha1.ConfidentialComputing.CreateChallenge
google.cloud.confidentialcomputing.v1alpha1.ConfidentialComputing.VerifyAttestation

Audit logs per API interface

For information about which permissions are evaluated and how for each method, see the Identity and Access Management documentation for Confidential Computing.

google.cloud.confidentialcomputing.v1.ConfidentialComputing

Details about audit logs associated with methods belonging to google.cloud.confidentialcomputing.v1.ConfidentialComputing.

google.cloud.confidentialcomputing.v1.ConfidentialComputing.CreateChallenge

  • Method: google.cloud.confidentialcomputing.v1.ConfidentialComputing.CreateChallenge
  • Audit log Type: Admin Activity
  • Permissions:
    • confidentialcomputing.challenges.create - ADMIN_WRITE
  • Method is a Long Running Operation or Streaming: No.
  • Filter for this method: protoPayload.methodName="google.cloud.confidentialcomputing.v1.ConfidentialComputing.CreateChallenge"

google.cloud.confidentialcomputing.v1.ConfidentialComputing.VerifyAttestation

  • Method: google.cloud.confidentialcomputing.v1.ConfidentialComputing.VerifyAttestation
  • Audit log Type: Admin Activity
  • Permissions:
    • confidentialcomputing.challenges.verify - ADMIN_WRITE
  • Method is a Long Running Operation or Streaming: No.
  • Filter for this method: protoPayload.methodName="google.cloud.confidentialcomputing.v1.ConfidentialComputing.VerifyAttestation"

google.cloud.confidentialcomputing.v1alpha1.ConfidentialComputing

Details about audit logs associated with methods belonging to google.cloud.confidentialcomputing.v1alpha1.ConfidentialComputing.

google.cloud.confidentialcomputing.v1alpha1.ConfidentialComputing.CreateChallenge

  • Method: google.cloud.confidentialcomputing.v1alpha1.ConfidentialComputing.CreateChallenge
  • Audit log Type: Admin Activity
  • Permissions:
    • confidentialcomputing.challenges.create - ADMIN_WRITE
  • Method is a Long Running Operation or Streaming: No.
  • Filter for this method: protoPayload.methodName="google.cloud.confidentialcomputing.v1alpha1.ConfidentialComputing.CreateChallenge"

google.cloud.confidentialcomputing.v1alpha1.ConfidentialComputing.VerifyAttestation

  • Method: google.cloud.confidentialcomputing.v1alpha1.ConfidentialComputing.VerifyAttestation
  • Audit log Type: Admin Activity
  • Permissions:
    • confidentialcomputing.challenges.verify - ADMIN_WRITE
  • Method is a Long Running Operation or Streaming: No.
  • Filter for this method: protoPayload.methodName="google.cloud.confidentialcomputing.v1alpha1.ConfidentialComputing.VerifyAttestation"