About audit export in DSM

This document provides a conceptual overview of the Audit Export feature in DevOps Secret Manager. It explains how the Segura® Platform consolidates scattered information to provide a unified view of compliance and governance.

Applicability

The Audit Export report was developed to meet the needs of security analysts and auditors who need to quickly provide evidence of secret consumption.

In recurring audit scenarios, this feature removes the manual effort of correlating data and enables:

Compliance: generation of evidence for internal and external controls.
Governance: full visibility into which applications are using credentials, with which authorizations, and in which environments.
Incident response: quick identification of misuse or unauthorized use through the consumption trail.

Functionality

The report intelligence is based on entity correlation. The system processes data from DevOps Secret Manager, PAM Core, and Cloud Entitlements to display a record whenever there is verified evidence of a relationship or consumption.

Correlation structure

The report unifies 4 core pillars:

Applications: metadata such as Line of Business, tags, and application type.
Authorizations: requester identity and access environment.
Secrets: description, tags, and rotation mechanisms (engines).
Credentials: relationships with PAM, cloud, ephemeral credentials, or Key/Value keys.

Time logic

The report date filter is based on the SECRET_LAST_ACCESS column. This means the audit focuses on the actual use of the secret, making it possible to identify access through UI, API, or automations within specific periods (7, 30, or 90 days).

Security and privacy

The Segura® Platform prioritizes sensitive data protection even in audit reports: