Vault is designed for data privacy, and traceability is embedded. Traceability is specifying a reason—a "purpose" in privacy terminology—whenever data is accessed. That reason is recorded as part of the audit logs retained by Vault.
Moreover, the policy management engine uses the reason to control access to data.
Vault includes 9 built-in reasons:
Otherwhen a different ad-hoc reason is specified
For example, this Get an object CLI call uses the
FraudPreventionSecurityAndCompliance reason to record the request for all of an object's details:
pvault object get \