Gryd.IO

Appearance

GrydAudit Configuration

This guide covers all configuration options available in GrydAudit.

Basic Configuration

Connection String

The simplest configuration using a connection string:

csharp
services.AddGrydAudit(
    Configuration.GetConnectionString("AuditDb")!);

Custom DbContext Options

For more control over the database configuration:

csharp
services.AddGrydAudit(options =>
{
    options.UseSqlServer(connectionString, sqlOptions =>
    {
        sqlOptions.EnableRetryOnFailure(3);
        sqlOptions.CommandTimeout(30);
    });
    
    // Development settings
    if (environment.IsDevelopment())
    {
        options.EnableSensitiveDataLogging();
        options.EnableDetailedErrors();
    }
});

Database Providers

SQL Server

csharp
services.AddGrydAudit(options =>
    options.UseSqlServer(connectionString));

PostgreSQL

csharp
services.AddGrydAudit(options =>
    options.UseNpgsql(connectionString));

SQLite (Testing)

csharp
services.AddGrydAudit(options =>
    options.UseSqlite("Data Source=audit.db"));

In-Memory (Unit Testing)

csharp
services.AddGrydAudit(options =>
    options.UseInMemoryDatabase("AuditTestDb"));

Component Registration

Application Layer Only

Register just the CQRS handlers:

csharp
services.AddGrydAuditApplication();

Infrastructure Layer Only

Register just the DbContext and repository:

csharp
services.AddGrydAuditInfrastructure(connectionString);

API Layer Only

Register just the controllers:

csharp
services.AddGrydAuditApi();

Audit Context Configuration

Default HTTP Context Provider

The default implementation extracts audit context from HttpContext:

csharp
services.AddScoped<IAuditContext, HttpContextAuditContext>();

Custom Audit Context

Implement your own context provider:

csharp
public class CustomAuditContext : IAuditContext
{
    public string? UserId { get; set; }
    public string? UserName { get; set; }
    public string? TenantId { get; set; }
    public string? IpAddress { get; set; }
    public string? UserAgent { get; set; }
    public string? CorrelationId { get; set; }
}

services.AddScoped<IAuditContext>(sp =>
{
    var httpContext = sp.GetService<IHttpContextAccessor>()?.HttpContext;
    return new CustomAuditContext
    {
        UserId = httpContext?.User?.FindFirst("sub")?.Value,
        TenantId = httpContext?.User?.FindFirst("tenant_id")?.Value,
        // ... other mappings
    };
});

Interceptor Configuration

Selective Entity Auditing

By default, all entities implementing IAuditableEntity are audited. To customize:

csharp
services.AddScoped<AuditSaveChangesInterceptor>(sp =>
    new AuditSaveChangesInterceptor(
        sp.GetRequiredService<IAuditContext>(),
        sp.GetRequiredService<IAuditStore>(),
        entityFilter: entity => entity.GetType().Name != "TemporaryEntity"
    ));

Excluding Properties

To exclude certain properties from audit tracking:

csharp
public class Product : IAuditableEntity
{
    public Guid Id { get; set; }
    public string Name { get; set; }
    
    [NotAudited]
    public byte[] LargeBlob { get; set; } // Won't be tracked
}

Sensitive Data Handling

Property Exclusion (LGPD/GDPR)

GrydAudit uses IAuditableEntity.AuditExcludedProperties to completely exclude sensitive properties from audit logs:

csharp
public class Customer : BaseEntity, IAuditableEntity
{
    public Guid Id { get; set; }
    public string Name { get; set; } = string.Empty;
    public string Cpf { get; set; } = string.Empty;          // Sensitive
    public string CreditCardNumber { get; set; } = string.Empty; // Sensitive

    public bool AuditEnabled => true;
    public string? AuditCategory => "PII";

    // These properties will NEVER appear in audit logs
    public IEnumerable<string> AuditExcludedProperties =>
        ["Cpf", "CreditCardNumber"];
}

Global Exclusions

Properties excluded from all entities by default (configured via AuditInterceptorOptions):

  • Password, PasswordHash, Secret, Token, ApiKey, RefreshToken

Data Masking (Logging)

For log output (not audit storage), GrydAudit integrates with SensitiveDataMasker from Gryd.Observability to mask values in structured logs.

TIP

See LGPD & Data Protection for complete examples covering CPF, health data, financial data, and compliance checklists.

Retention Policies

Automatic Cleanup

Configure automatic cleanup of old audit logs:

csharp
services.AddHostedService<AuditLogCleanupService>();

services.Configure<AuditRetentionOptions>(options =>
{
    options.RetentionDays = 90;
    options.CleanupBatchSize = 1000;
    options.CleanupInterval = TimeSpan.FromHours(24);
});

Multi-Tenancy

GrydAudit automatically captures TenantId from IAuditContext. Ensure your tenant resolution is configured before the audit interceptor runs:

csharp
// In middleware pipeline
app.UseMultiTenancy(); // Sets TenantId in context
app.UseAuthentication();
app.UseAuthorization();
// Audit interceptor reads TenantId automatically

Logging

Configure logging for audit operations:

csharp
{
  "Logging": {
    "LogLevel": {
      "GrydAudit": "Information",
      "GrydAudit.Infrastructure": "Warning"
    }
  }
}

Environment-Specific Settings

appsettings.json

json
{
  "GrydAudit": {
    "ConnectionString": "Server=localhost;Database=AuditDb;...",
    "RetentionDays": 90,
    "EnableDetailedLogs": false
  }
}

appsettings.Development.json

json
{
  "GrydAudit": {
    "ConnectionString": "Server=localhost;Database=AuditDb_Dev;...",
    "EnableDetailedLogs": true
  }
}

Released under the MIT License.

Copyright © 2024-present Gryd.IO Team