Tamper-Proof Storage

The Audit Trail plugin provides application-level immutability out of the box: there are no APIs to modify or delete audit log entries, and the plugin only ever appends new entries via the sink's write() method. However, anyone with direct database access could still alter or remove records.

For organisations that require true tamper-proof audit trails — for compliance with regulations like SOX, HIPAA, or PCI-DSS — the plugin's strategy pattern allows you to integrate with storage backends that enforce immutability at the infrastructure level.

Approaches