> ## Documentation Index
> Fetch the complete documentation index at: https://www.c1.ai/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Search Audit Events

> SearchAuditEvents returns audit events for paper secrets.
 Can filter by vault_id, actor (user ID or email), client IP.



## OpenAPI

````yaml https://spec.speakeasy.com/conductor-one/conductorone/my-source-with-code-samples post /api/v1/search/secrets-admin/audit_events
openapi: 3.1.0
info:
  description: The C1 API is a HTTP API for managing C1 resources.
  title: C1 API
  version: 0.1.0-alpha
servers:
  - description: The C1 API server for the current tenant.
    url: https://{tenantDomain}.conductor.one
    variables:
      tenantDomain:
        default: example
        description: The domain of the tenant to use for this request.
security:
  - bearerAuth: []
    oauth: []
paths:
  /api/v1/search/secrets-admin/audit_events:
    post:
      tags:
        - Secrets Admin
      summary: Search Audit Events
      description: |-
        SearchAuditEvents returns audit events for paper secrets.
         Can filter by vault_id, actor (user ID or email), client IP.
      operationId: c1.api.secrets.v1.PaperSecretAdminService.SearchAuditEvents
      requestBody:
        content:
          application/json:
            schema:
              $ref: >-
                #/components/schemas/c1.api.secrets.v1.PaperSecretAdminServiceSearchAuditEventsRequest
      responses:
        '200':
          content:
            application/json:
              schema:
                $ref: >-
                  #/components/schemas/c1.api.secrets.v1.PaperSecretAdminServiceSearchAuditEventsResponse
          description: Successful response
      x-codeSamples:
        - lang: go
          label: SearchAuditEvents
          source: "package main\n\nimport(\n\t\"context\"\n\t\"github.com/conductorone/conductorone-sdk-go/pkg/models/shared\"\n\tconductoronesdkgo \"github.com/conductorone/conductorone-sdk-go\"\n\t\"log\"\n)\n\nfunc main() {\n    ctx := context.Background()\n\n    s := conductoronesdkgo.New(\n        conductoronesdkgo.WithSecurity(shared.Security{\n            BearerAuth: \"<YOUR_BEARER_TOKEN_HERE>\",\n            Oauth: \"<YOUR_OAUTH_HERE>\",\n        }),\n    )\n\n    res, err := s.PaperSecretAdmin.SearchAuditEvents(ctx, nil)\n    if err != nil {\n        log.Fatal(err)\n    }\n    if res.PaperSecretAdminServiceSearchAuditEventsResponse != nil {\n        // handle response\n    }\n}"
        - lang: typescript
          label: Typescript (SDK)
          source: >-
            import { ConductoroneSDKTypescript } from
            "conductorone-sdk-typescript";


            const conductoroneSDKTypescript = new ConductoroneSDKTypescript({
              security: {
                bearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
                oauth: "<YOUR_OAUTH_HERE>",
              },
            });


            async function run() {
              const result = await conductoroneSDKTypescript.paperSecretAdmin.searchAuditEvents();

              console.log(result);
            }


            run();
components:
  schemas:
    c1.api.secrets.v1.PaperSecretAdminServiceSearchAuditEventsRequest:
      description: The PaperSecretAdminServiceSearchAuditEventsRequest message.
      properties:
        actorEmail:
          description: Filter by external email (partial match via full-text search)
          readOnly: false
          type: string
        actorUserId:
          description: Filter by C1 user ID (internal users)
          readOnly: false
          type: string
        clientIp:
          description: Filter by client IP (exact match)
          readOnly: false
          type: string
        pageSize:
          description: The pageSize field.
          format: int32
          readOnly: false
          type: integer
        pageToken:
          description: The pageToken field.
          readOnly: false
          type: string
        vaultId:
          description: Filter by specific vault
          readOnly: false
          type: string
      title: Paper Secret Admin Service Search Audit Events Request
      type: object
      x-speakeasy-name-override: PaperSecretAdminServiceSearchAuditEventsRequest
    c1.api.secrets.v1.PaperSecretAdminServiceSearchAuditEventsResponse:
      description: The PaperSecretAdminServiceSearchAuditEventsResponse message.
      properties:
        list:
          description: |-
            List contains OCSF events directly as JSON structs.
             Follows the same pattern as SystemLogServiceListEventsResponse.
          items:
            additionalProperties: true
            readOnly: false
            type: object
          nullable: true
          readOnly: false
          type: array
        nextPageToken:
          description: The nextPageToken field.
          readOnly: false
          type: string
      title: Paper Secret Admin Service Search Audit Events Response
      type: object
      x-speakeasy-name-override: PaperSecretAdminServiceSearchAuditEventsResponse
  securitySchemes:
    bearerAuth:
      scheme: bearer
      type: http
    oauth:
      description: >-
        This API uses OAuth2 with the Client Credential flow.

        Client Credentials must be sent in the BODY, not the headers.

        For an example of how to implement this, refer to the
        [c1TokenSource.Token()](https://github.com/ConductorOne/conductorone-sdk-go/blob/3375fe7c0126d17e7ec4e711693dee7b791023aa/token_source.go#L101-L187)
        function.
      flows:
        clientCredentials:
          scopes: {}
          tokenUrl: /auth/v1/token
      type: oauth2

````