LogVaultLogVault
Docs

Immutability & Chain Integrity

Audit logs are only valuable if they can be trusted. LogVault uses cryptographic hash chaining to ensure events cannot be modified, deleted, or reordered after creation.

🔗 Visual Chain Integrity

Genesis
Event 2
Event 3
Event 4
···
Latest

Each event is cryptographically linked to the previous one. A continuous horizontal line means the chain is intact.

Why Immutability Matters

In a compliance audit, the first question is always: "How do we know these logs haven't been tampered with?" LogVault provides cryptographic proof of integrity.

  • Regulatory Requirements - SOC 2, HIPAA, and ISO 27001 all require tamper-evident logging
  • Legal Evidence - Immutable logs can be used as evidence in legal proceedings
  • Incident Response - Trust your logs when investigating security incidents

How Hash Chaining Works

Every event is signed using HMAC-SHA256 when it's created. Then, a chain_hash is computed that links it to the previous event:

Bash
1chain_hash = SHA256(signature + ":" + prev_hash + ":LogVault")

This creates an unbreakable chain where:

  • Deletions break the chain (missing link detected)
  • Insertions are detected (prev_hash won't match)
  • Modifications invalidate the signature and chain_hash
  • Reordering breaks the prev_hash links

Event Structure

JSON
1{
2  "id": "550e8400-e29b-41d4-a716-446655440000",
3  "action": "user.login",
4  "user_id": "user_123",
5  "timestamp": "2025-11-29T12:00:00Z",
6  "signature": "hmac_sha256_a1b2c3d4e5f6...",
7  "prev_hash": "chain_hash_of_previous_event...",
8  "chain_hash": "sha256_computed_from_formula..."
9}

Verification Methods

1. Dashboard Verification

The LogVault dashboard shows chain integrity at a glance with a visual indicator:

Chain Integrity: ✓ Verified
1,523 linked events • 100% coverage

2. SDK Verification

Python
1from logvault import Client
2
3client = Client("lv_live_your_api_key")
4
5# Verify entire chain
6result = client.verify_chain()
7print(f"Chain valid: {result['is_valid']}")
8print(f"Events verified: {result['events_checked']}")
9
10# Get proof for a specific event
11proof = client.get_event_proof("event_id_here")
12print(f"Chain hash: {proof['proof']['chain_hash']}")
13
14# Verify locally (offline, zero-trust)
15local_result = client.verify_event_locally(proof['event'])
16print(f"Local verification: {local_result['is_valid']}")

3. CLI Verification (Zero Trust)

For true zero-trust verification, use the CLI to verify events without relying on LogVault's JavaScript:

Bash
1# Install CLI
2pip install logvault
3
4# Verify entire chain
5logvault verify --api-key $LOGVAULT_API_KEY
6
7# Verify specific event
8logvault verify event_id_here
9
10# Export compliance report
11logvault export-report --format pdf

Database-Level Protection

In addition to cryptographic signatures, LogVault uses database-level constraints:

  • No UPDATE permission - The database user cannot modify existing records
  • No DELETE permission - Records can only be removed by the retention policy
  • Append-only tables - INSERT is the only allowed operation
  • Row-level locking - Prevents race conditions during chain insertion

Compliance Reports

For SOC 2 audits, you can export a compliance report directly from the dashboard. This report includes:

  • Executive summary with chain status
  • Total events and chain coverage percentage
  • First and last chained events with hashes
  • Verification instructions for auditors
  • Sample event hashes for spot-checking
View Chain API Reference →