Skip to content

Feature Request: Configurable Retention Policy for Audit Logs and Secret Access Events #922

Description

@pramudyawibowo

Is your feature request related to a problem?

In self-hosted environments, secret access events and audit logs can grow very quickly due to application workloads, CI/CD pipelines, and Kubernetes integrations.

Currently, there is no configurable retention policy for these events. As a result:

  • PostgreSQL database size continuously increases over time
  • Audit log queries may become slower as event volume grows
  • Administrators must manually manage old records
  • Storage requirements increase even when historical events are no longer needed

For organizations running Phase at scale, this creates unnecessary operational overhead.

Describe the solution you'd like

Add configurable retention policies for audit logs and secret-related events.

Examples:

AUDIT_LOG_RETENTION_DAYS=365
SECRET_READ_EVENT_RETENTION_DAYS=90
SECRET_UPDATE_EVENT_RETENTION_DAYS=365
SECRET_DELETE_EVENT_RETENTION_DAYS=3650
API_ACCESS_LOG_RETENTION_DAYS=30

Alternatively, expose the configuration in the admin UI:

Settings
└── Audit Logs
    └── Retention Policies

Desired behavior:

  • Automatic cleanup of expired events
  • Different retention periods per event type
  • Scheduled cleanup job (daily or configurable)
  • Option to disable retention completely
  • Visibility into current log/event storage usage

Describe alternatives you've considered

Currently, the only workaround is to manually delete old records directly from PostgreSQL or implement custom database maintenance jobs outside of Phase.

While this works, it has several drawbacks:

  • Additional operational complexity
  • Risk of accidentally removing important audit data
  • Different organizations must build and maintain their own cleanup processes
  • No centralized retention management within Phase

Additional context

This feature would be particularly useful for self-hosted deployments with:

  • High-frequency secret access
  • Kubernetes workloads
  • CI/CD pipelines
  • Large development teams

A built-in retention mechanism would help keep the database size manageable while still allowing organizations to meet their own compliance and audit requirements.

Metadata

Metadata

Labels

enhancementNew feature or request

Type

No type
No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions