Overview

CircleCI audit logs capture important activities and changes within your CircleCI organization. This reference guide lists common and important events you may encounter in your audit logs.

Note: This list is not comprehensive, and you may see additional action types logged that are not represented below.

• ams.invitation.accepted - User accepted an invitation to join an organization
• ams.invitation.created - Invitation sent to a user to join an organization
• ams.invitation.revoked - Organization invitation was revoked or cancelled

• audit_log.download_url.generated - Download URL created for audit log export
• audit_log.requested - Audit log data was requested for viewing or export

• build.create - New build was initiated

• checkout-key.create - Deploy key created for repository checkout
• checkout-key.delete - Deploy key removed from project
• checkout-key.delete-all - All deploy keys removed from project

• component.cancel_release - Component release was cancelled
• component.promote_release - Component promoted to a release version

• context.create - New context created for storing environment variables
• context.delete - Context removed from organization
• context.env_var.delete - Environment variable removed from context
• context.env_var.store - Environment variable added or updated in context
• context.group_add - Security group granted access to context
• context.group_remove - Security group access removed from context
• context.restriction.create - Access restriction applied to context
• context.restriction.delete - Access restriction removed from context
• context.secrets.accessed - Context secrets were accessed during workflow execution

• deploy-keys.delete - Deploy key removed from project

• group.delete - Security group deleted
• group.update - Security group settings modified
• group_member.add - User added to security group
• group_member.remove - User removed from security group

• orb.namespace.create - New orb namespace created
• orb.orb.create - New orb created
• orb.publish.dev - Orb published as development version
• orb.publish.release - Orb published as stable release
• orb.version.promote - Orb version promoted from dev to release

• org.contacts.updated - Organization contact information updated
• org.create - New organization created
• org.rename - Organization name changed
• org.workflows.deleted - Organization workflows were deleted
• org_member.remove - Member removed from organization
• organization.settings.update - Organization settings modified

• project.add - Project added to organization
• project.api_token.create - API token created for project
• project.create - New project created
• project.delete - Project deleted
• project.env_var.copy - Environment variables copied between projects
• project.env_var.create - Environment variable added to project
• project.env_var.delete - Environment variable removed from project
• project.follow - User started following project
• project.rollback - Project rolled back to previous version
• project.settings.update - Project settings modified
• project.setup - Project initial setup completed
• project.ssh_key.create - SSH key added to project
• project.ssh_key.delete - SSH key removed from project
• project.stop_building - Project building disabled
• project.toggle-abusive - Project marked or unmarked as abusive
• project.unfollow - User stopped following project
• project_group_role_grant.create - Role permissions granted to group for project
• project_group_role_grant.update - Role permissions modified for group on project

• release_integration.create - Release integration configured
• release_integration.delete - Release integration removed
• release_integration.token.create - Token created for release integration
• release_integration.token.revoke - Token revoked for release integration

• role_grant.delete - Role permissions removed from user
• role_grant.update - Role permissions modified for user

• schedule.create - New workflow schedule created
• schedule.delete - Workflow schedule removed
• schedule.update - Workflow schedule modified

• trigger.create - New trigger created for pipeline
• trigger.delete - Trigger removed from pipeline
• trigger_event.create - Trigger event was generated

• webhook.create - New webhook endpoint configured
• webhook.delete - Webhook endpoint removed
• webhook.update - Webhook configuration modified

• workflow.cancel - Workflow execution cancelled
• workflow.job.context.request - Job requested access to context
• workflow.job.finish - Job completed execution
• workflow.job.scheduled - Job was scheduled for execution
• workflow.job.start - Job began execution
• workflow.retry - Workflow execution retried
• workflow.schedule.start - Scheduled workflow started
• workflow.start - Workflow execution initiated

Additional Information

These audit log events help you monitor and track important activities within your CircleCI organization. You can use this information to:

• Monitor security-related activities like permission changes and access grants
• Track project and workflow lifecycle events
• Review context and environment variable modifications
• Audit organizational changes and member management

Additional Resources: 

• CircleCI Documentation : Audit logs
• Request Audit logs from the CircleCI UI
• Stream Audit Logs