Key Manager - Log Reference
This page lists important log events emitted by the Securosys Key Manager UI.
These are events that are relevant for an operations team that is hosting the KM UI, TSB, or the HSM cluster. These events are actionable, and you should consider writing alerting rules for them. For example, this includes failure to log in to the TSB or HSM. It also includes important user account and authentication events.
The Key Manager UI also emits many other log events. However, in contrast to the selected events listed here, those events are more informational, are for application debugging or for auditing purposes, and are not directly actionable for an operations team. For example, this includes clients making bad requests. These events are usually propagated back to the client.
Format
The Key Manager UI writes logs as JSON in the following format:
{
"timestamp": "2026-03-24T18:00:18.936Z",
"level": "INFO",
"event": "DATA_OBJECT_UPDATED",
"category": "DATA_OBJECT",
"user": "john.doe@securosys.com",
"role": "user",
"provider": "microsoft",
"resource": "KMIP-USERS",
"details": {},
"result": "SUCCESS",
"api_url": "https://tsb.example.com",
"session_id": "139894456870640"
}
Note: The JSON is written as a single line, but shown here as multi-line for readability.
Categories
The following categories are available:
AUTHENTICATION
KEY_MANAGEMENT
CERTIFICATE_MANAGEMENT
USER_MANAGEMENT
APPROVER_MANAGEMENT
CRYPTO_OPERATION
DATA_OBJECT
PROFILE_MANAGEMENT
KMIP_MANAGEMENT
SYSTEM
Results
The following result types are available:
SUCCESS
DENIED
ERROR
Log Events
The following are the most important log events:
| Level | Category | Event | Details | Action / Description |
|---|---|---|---|---|
| ERROR | SYSTEM | SSL_ERROR | Check that the Key Manager UI can validate the certificate chain for the backend services that it connects to (TSB, OAuth, MCP). This usually happens when these services use TLS certificates from private CAs. | |
| ERROR | SYSTEM | REQUEST_ERROR | Check that the Key Manager UI can reach the backend services that it connects to (TSB, OAuth, MCP). | |
| ERROR | SYSTEM | REQUEST_TIMEOUT | Check that the Key Manager UI can reach the backend services that it connects to (TSB, OAuth, MCP). | |
| ERROR | SYSTEM | MTLS_FAILED | mTLS certificate/key file not found. | Check that mTLS is correctly configured. |
| ERROR | %s | %s_FAILED For example: USER_UPDATE_FAILED or KEY_DELETE_FAILED. | An operation failed. These will have result="ERROR". Check the TSB logs and HSM logs. | |
| ERROR | DATA_OBJECT | DATA_OBJECT_CORRUPTED | Do not manually modify the data objects that the KM UI creates. Delete the data object in question and restart the KM UI. | |
| ERROR | AUTHENTICATION | LOGIN_ERROR | Check TSB connectivity and credentials. | |
| WARNING | AUTHENTICATION | LOGIN_FAILURE | A user tried to log in with invalid credentials. | |
| WARNING | AUTHENTICATION | LOGIN_DENIED | A user successfully authenticated with OAuth but is denied access due to authorization restrictions. | |
| INFO | AUTHENTICATION | LOGIN_SUCCESS | A user successfully authenticated. | |
| INFO | USER_MANAGEMENT | USER_CREATED | A new local user has been created. | |
| INFO | USER_MANAGEMENT | USER_UPDATED | A local user has been modified. | |
| INFO | KMIP_MANAGEMENT | KMIP_USER_CREATED | A new KMIP user has been created. |