> ## Documentation Index
> Fetch the complete documentation index at: https://www.c1.ai/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Search Audit Events

> SearchAuditEvents returns audit events for a secret owned by the calling user.
 Returns sanitized OCSF events (IP addresses stripped for non-admin consumption).



## OpenAPI

````yaml https://spec.speakeasy.com/conductor-one/conductorone/my-source-with-code-samples post /api/v1/search/secrets/audit_events
openapi: 3.1.0
info:
  description: The C1 API is a HTTP API for managing C1 resources.
  title: C1 API
  version: 0.1.0-alpha
servers:
  - description: The C1 API server for the current tenant.
    url: https://{tenantDomain}.conductor.one
    variables:
      tenantDomain:
        default: example
        description: The domain of the tenant to use for this request.
security:
  - bearerAuth: []
    oauth: []
paths:
  /api/v1/search/secrets/audit_events:
    post:
      tags:
        - Secrets
      summary: Search Audit Events
      description: >-
        SearchAuditEvents returns audit events for a secret owned by the calling
        user.
         Returns sanitized OCSF events (IP addresses stripped for non-admin consumption).
      operationId: c1.api.secrets.v1.PaperSecretService.SearchAuditEvents
      requestBody:
        content:
          application/json:
            schema:
              $ref: >-
                #/components/schemas/c1.api.secrets.v1.PaperSecretServiceSearchAuditEventsRequest
      responses:
        '200':
          content:
            application/json:
              schema:
                $ref: >-
                  #/components/schemas/c1.api.secrets.v1.PaperSecretServiceSearchAuditEventsResponse
          description: >-
            PaperSecretServiceSearchAuditEventsResponse contains a page of audit
            events
             for the requested secret.
      x-codeSamples:
        - lang: go
          label: SearchAuditEvents
          source: "package main\n\nimport(\n\t\"context\"\n\t\"github.com/conductorone/conductorone-sdk-go/pkg/models/shared\"\n\tconductoronesdkgo \"github.com/conductorone/conductorone-sdk-go\"\n\t\"log\"\n)\n\nfunc main() {\n    ctx := context.Background()\n\n    s := conductoronesdkgo.New(\n        conductoronesdkgo.WithSecurity(shared.Security{\n            BearerAuth: \"<YOUR_BEARER_TOKEN_HERE>\",\n            Oauth: \"<YOUR_OAUTH_HERE>\",\n        }),\n    )\n\n    res, err := s.PaperSecret.SearchAuditEvents(ctx, nil)\n    if err != nil {\n        log.Fatal(err)\n    }\n    if res.PaperSecretServiceSearchAuditEventsResponse != nil {\n        // handle response\n    }\n}"
        - lang: typescript
          label: Typescript (SDK)
          source: >-
            import { ConductoroneSDKTypescript } from
            "conductorone-sdk-typescript";


            const conductoroneSDKTypescript = new ConductoroneSDKTypescript({
              security: {
                bearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
                oauth: "<YOUR_OAUTH_HERE>",
              },
            });


            async function run() {
              const result = await conductoroneSDKTypescript.paperSecret.searchAuditEvents();

              console.log(result);
            }


            run();
components:
  schemas:
    c1.api.secrets.v1.PaperSecretServiceSearchAuditEventsRequest:
      description: >-
        PaperSecretServiceSearchAuditEventsRequest searches audit events for a
        secret
         owned by the calling user. Only the secret creator may query events. Results
         are sanitized to include only time, event type, and actor information.
      properties:
        pageSize:
          description: Maximum number of results per page (0 uses server default, max 100).
          format: int32
          readOnly: false
          type: integer
        pageToken:
          description: Pagination token from a previous response's next_page_token.
          readOnly: false
          type: string
        vaultId:
          description: Required. The vault ID of the secret whose audit events to retrieve.
          readOnly: false
          type: string
      title: Paper Secret Service Search Audit Events Request
      type: object
      x-speakeasy-name-override: PaperSecretServiceSearchAuditEventsRequest
    c1.api.secrets.v1.PaperSecretServiceSearchAuditEventsResponse:
      description: >-
        PaperSecretServiceSearchAuditEventsResponse contains a page of audit
        events
         for the requested secret.
      properties:
        list:
          description: >-
            Sanitized OCSF events containing only time, event type, and actor
            fields.
             Sensitive fields such as IP addresses, messages, and raw payloads are removed.
          items:
            additionalProperties: true
            readOnly: false
            type: object
          nullable: true
          readOnly: false
          type: array
        nextPageToken:
          description: >-
            Token to retrieve the next page of results. Empty when no more pages
            exist.
          readOnly: false
          type: string
      title: Paper Secret Service Search Audit Events Response
      type: object
      x-speakeasy-name-override: PaperSecretServiceSearchAuditEventsResponse
  securitySchemes:
    bearerAuth:
      scheme: bearer
      type: http
    oauth:
      description: >-
        This API uses OAuth2 with the Client Credential flow.

        Client Credentials must be sent in the BODY, not the headers.

        For an example of how to implement this, refer to the
        [c1TokenSource.Token()](https://github.com/ConductorOne/conductorone-sdk-go/blob/3375fe7c0126d17e7ec4e711693dee7b791023aa/token_source.go#L101-L187)
        function.
      flows:
        clientCredentials:
          scopes: {}
          tokenUrl: /auth/v1/token
      type: oauth2

````