ShrouDB
Get started
Reference

Telemetry

Observability, audit logging, and OpenTelemetry integration.

Every engine emits through a unified shroudb-telemetry layer with four fan-outs: console, audit file, OpenTelemetry, and Chronicle.

Audit event format

rust
tracing::info!(
    op = "cipher.encrypt",
    resource = "payments",
    result = "ok",
    duration_ms = 12,
    actor = %token_fingerprint,
);
audit.jsonl
{"ts":"2025-01-01T12:00:00Z","op":"cipher.encrypt","resource":"payments","result":"ok","duration_ms":12,"actor":"tok_abc"}
{"ts":"2025-01-01T12:00:01Z","op":"sigil.issue","resource":"jwt","result":"ok","duration_ms":8,"actor":"tok_abc"}

Configuration

moat.toml
[telemetry]
console    = true
audit_file = "/var/log/shroudb/audit.jsonl"

[telemetry.otel]
endpoint     = "http://tempo:4317"
service_name = "shroudb"
environment  = "prod"
sample_rate  = 1.0

Chronicle integration

When Chronicle is enabled in Moat, audit events are routed to the Chronicle engine for queryable storage. You get QUERY, HOTSPOTS, ERRORS, and ACTORS over the same stream the audit file captures.

OpenTelemetry targets

  • Jaeger — point endpoint at the Jaeger OTLP collector.
  • Grafana Tempo — point at the Tempo OTLP receiver.
  • Datadog — use the Datadog OTLP ingest endpoint.

Jaeger example

docker-compose.yml
services:
  jaeger:
    image: jaegertracing/all-in-one:latest
    ports:
      - "16686:16686"   # UI
      - "4317:4317"     # OTLP gRPC

  shroudb:
    image: ghcr.io/shroudb/moat:latest
    depends_on: [jaeger]
    environment:
      SHROUDB_MASTER_KEY: ${SHROUDB_MASTER_KEY}
    volumes:
      - ./moat.toml:/etc/shroudb/moat.toml