Boundary
Enable session recording on a target
Enterprise
This feature requires HCP Boundary Plus or Boundary Enterprise
You must enable session recording for any targets that you want to record sessions on. When you create a storage bucket, Boundary provides you with an ID. You use the storage bucket's ID to associate a target with the storage bucket.
Requirements
- One or more storage buckets to store the recordings.
- Session recording is only supported for SSH targets at this time.
- A KMS key with the purpose
bsr
must be added to the controller configuration. The key is used for encrypting data and checking the integrity of recordings. Refer to Create the controller configuration and thebsr
KMS key documentation for more information about configuring a KMS block. - The targets must be configured with an ingress or egress worker filter that includes a worker with access to the storage bucket you created. Refer to SSH target attributes for more information.
- You must enable injected application credentials on any target that you want to use for session recording.
Complete the following steps to enable session recording on a target.
Log in to Boundary.
Click Orgs in the navigation pane.
Select the org that contains the target you want to enable for session recording.
Select the project that contains the target you want to enable for session recording.
Select Targets in the navigation pane.
Do one of the following:
- To create a new target, select New Target.
- To edit an existing target, select the target, and then select Edit Form.
Configure the target with any relevant attributes. The following setting is required for session recording:
- Select SSH for the Type.
Click Save.
Click Enable recording.
Enable the Record sessions for this target option.
Select the storage bucket where you want to store recordings from this target.
You can also create a new storage bucket.
Click Save.
The target is now enabled for session recording. Any user session that connects to the target is automatically recorded.
Next steps
After you have enabled session recording, you may want to configure storage policies to codify the lifecycle management of your session recordings.