Configure Encryption for Downloadable Logs¶
Alation Cloud Service Applies to Alation Cloud Service instances of Alation
When you download logs from the Alation user interface, Alation downloads them as plain text by default. However, you can configure your Alation instance to encrypt downloaded logs to meet your organization’s security or compliance requirements.
Encryption renders the logs unreadable and is not recommended. This information is provided for transparency and in case your organization requires encryption for downloaded logs.
Where You Can Download Logs¶
Downloadable logs are available in two places:
Connector logs: Available for connectors installed on an Alation Agent, accessible from Admin Settings > Agents.
Server audit logs: Available in Admin Settings > Logging.
Log Encryption Flag¶
Log download encryption is controlled by a server-side configuration flag alation.feature_flags.DEV_enable_encrypted_log_on_prem_download. This flag determines whether logs are encrypted when downloaded from the Alation user interface.
Flag value |
Behavior |
|---|---|
|
Logs are downloaded unencrypted and can be read directly. |
|
Logs are downloaded encrypted. |
As an Alation Cloud Service user, you cannot modify server-side configuration flags directly. To change the encryption behavior for your instance, contact Alation Support and request that the flag alation.feature_flags.DEV_enable_encrypted_log_on_prem_download be set to your desired value (true to enable encryption, false to disable it).
Note
Currently, logs downloaded in encrypted format cannot be decrypted after the fact. If you need to share logs with Alation Support for troubleshooting, make sure to download them while encryption is disabled. If you have encryption enabled, ask Support to disable it, download the logs, then ask Support to re-enable encryption if that is your preferred configuration.