»Audit Log Management
Vault audit logging is available by default on all production-grade clusters.
The audit logs are written locally to the Vault instance and stored in an encrypted Amazon S3 bucket which is in the same region as the Vault cluster.
You can retrieve the audit logs in one-hour increments from the HCP portal. API support to retrieve audit logs is planned.
NOTE: Audit logging is not available on Dev-tier clusters.
The plan tiers contain a set amount of storage that persists both snapshot data and audit log data. Therefore, the audit log retention varies based on the plan tier and size.