Close
logodocs

Gateway Log Encryption

By default, logging is enabled only to strongDM servers. By turning on gateway/relay logging, you will now have logs located on the individual gateways/relays for your organizations, if any. Enabling public key encryption for relay logging will encrypt these logs so they cannot be viewed without the private key. To learn how to review encrypted relay logs, visit Using Relay Logs.

To turn on relay encryption, ensure that Log locally on relays? is set to Yes and Local encryption? is set to Public key.

Enabling relay log encryption
Enabling relay log encryption

At this point, a text box will appear at the bottom of the page where you can paste in the public key you already created. Copy and paste the entire contents of this file into the text box, including the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- lines.

If you have already set up server encryption, this box will already contain a public key. Relay and server encryption use the same key.

Entering the public key
Entering the public key

Finally, click on the update button. You will receive a confirmation notice before the changes take effect.

Encryption change confirmation
Encryption change confirmation

When you click save & restart, this will restart all of your existing gateways and relays. Only go ahead with the change if you are ready for a brief service interruption with datasources only accessible via those means.

Previous
Logging Tour
Next
Log Locally to Gateways