> ## Documentation Index
> Fetch the complete documentation index at: https://docs.controlplane.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Audit Context

> Create and manage audit contexts that enable workloads and third-party systems to write tamper-proof audit trail entries alongside Control Plane platform events.

## Overview

Control Plane exposes a tamper-proof audit trail service for both Control Plane and custom workload actions.

To use this feature, a unique **Audit Context** needs to be created for your workload.

The audit context named `cpln` already exists to audit the actions that occur while using Control Plane.

Please refer to the [audit trail](/core/audittrail) reference page for additional details on how to query the audit trail and how to securely capture actions for your workloads.

## Create an Audit Context

Refer to the [Create an Audit Context](/guides/create-audit-context) guide for additional details.

## Permissions

The permissions below are used to define [policies](/reference/policy) together with one or more of the four
[principal types](/concepts/access-control):

| Permission | Description              | Implies                                           |
| :--------- | :----------------------- | :------------------------------------------------ |
| create     | Create new contexts      |                                                   |
| edit       | Modify existing contexts | view                                              |
| manage     | Full access              | create, edit, manage, readAudit, view, writeAudit |
| readAudit  | Read from this context   | view                                              |
| view       | Read-only view           |                                                   |
| writeAudit | Write to this context    | view                                              |

## Access Report

Displays the permissions granted to principals for the audit context.

## Writing audit records from a workload

1. Make sure the workload is assigned an identity that is granted writeAudit permissions to your custom audit context.
2. Write events using the internal audit endpoint

   ```bash theme={null}
   #minimal example
   curl -H "Content-Type: application/json" -X POST http://127.0.0.1:43000/audit/org/${CPLN_ORG}/auditctx/custom-audit-context?async=true -d '{"resource": {"id": "anyid123", "type": "anytype"}}'
   ```

## CLI

To view the CLI documentation for Audit Contexts, see the [Audit Context CLI reference](/cli-reference/commands/auditctx).