docs: add SSH session recording compliance guide#2226
Open
desimone wants to merge 1 commit into
Open
Conversation
✅ Deploy Preview for pomerium-docs ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
|
|
desimone
force-pushed
the
bdd/eng-4106-docs-ssh-session-recording-audit-compliance-guide
branch
from
9855e02 to
f76a156
Compare
desimone
added a commit
that referenced
this pull request
Jun 8, 2026
- Scope per-request encryption note to S3 (S3-only option) - Relabel evidence-flow diagram edges to 'emits' to avoid implying audit logs are routed off Pomerium Core - Correct HEAD/existence-check accuracy: S3 HEAD requests carry no access_id or user-agent HMAC and Azure/GCS don't surface them; exclude HEAD checks when auditing for un-annotated reads - Drop the route-policy evidence row (a recording's existence already implies the route policy was active at capture time; policy can change) Addresses alexandreLamarre review comments on #2226.
Contributor
Author
|
Thanks @alexandreLamarre — addressed the technical-accuracy comments in 62ea1c3:
One open item: nesting this under the Session Recording tab depends on #2214 (which introduces that tab) landing first — there's no session-recording tab on |
desimone
added a commit
that referenced
this pull request
Jun 8, 2026
- Remove the HEAD/existence-check blurbs entirely (steps 2 and 4) per review -- they added unrelated context to the correlation guidance. - Refine evidence-flow diagram: the default Core cluster emits Console access audit logs, and the Console surfaces session-recording access logs, rather than a generic 'emits audit logs' edge. Addresses alexandreLamarre follow-up comments on #2226.
alexandreLamarre
left a comment
alexandreLamarre
left a comment
Contributor
There was a problem hiding this comment.
Besides the two open comments about audit entries & nesting the tab, I think this is ready to go once it is rebased
Add the SSH session recording audit and compliance guide under the Session Recording docs, including WORM/retention guidance, audit-log correlation, evidence collection, operational controls, and compliance control mapping. Also update the Session Recording page and sidebar so the guide is nested under Session Recording and clarify that entries with access_id carry the matching user_hmac_id. AI assistance: Codex helped rebase, address review feedback, and validate the docs. Final wording and validation were manually reviewed before publishing.
desimone
force-pushed
the
bdd/eng-4106-docs-ssh-session-recording-audit-compliance-guide
branch
from
3368c27 to
e2170ad
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a follow-on guide, "SSH Session Recording for Audit and Compliance," as a companion to the SSH Session Recording reference page. The reference page covers how to turn recording on; this guide covers how to operate it so recordings hold up as audit evidence under SOC 2, PCI DSS, HIPAA, and FedRAMP.
It leads with a shared-responsibility model -- Pomerium produces a tamper-evident record and a correlatable audit trail, and the customer configures storage immutability, encryption, retention, and identity controls -- then walks through WORM/object lock plus retention, encryption at rest, least-privilege storage access, audit-log correlation between Pomerium and cloud-provider logs, integrity verification, playback governance, a control-mapping table across the four frameworks, and the feature's limitations with compensating controls. Each section includes concrete verification guidance. Includes an evidence-flow diagram, screenshots, and a short terminal recording captured from a live end-to-end deployment.
This branch is now rebased onto
main; the guide is nested under the Session Recording docs and cross-linked from the main Session Recording page.Review feedback addressed
docs/capabilities/session-recording/and added it beneath the Session Recording sidebar category.access_idalso carry the matchinguser_hmac_id.AI disclosure
Drafted with Claude and refined manually. Reviewed across Claude and Codex; adopted corrections include: managed storage roles can include delete and should not be treated as WORM protection; WORM verification must use a delete-capable principal to prove immutability rather than IAM; the S3 user-agent correlation string was softened to match SDK sanitization; encryption now leads with a bucket-default customer-managed key; least-privilege guidance gained custom-role nuance; and the final rebase/comment-addressing pass was reviewed and validated before publishing. The screenshots and terminal recording were captured from a live end-to-end run, and the documented behavior was verified against that deployment.
Validation
yarn format-checkyarn cspell "**/*"yarn buildgit diff --cached --checkChecklist