[{"data":1,"prerenderedAt":416},["ShallowReactive",2],{"blog-prompts/add-database-audit":3},{"id":4,"title":5,"body":6,"category":395,"date":396,"dateModified":397,"description":398,"draft":399,"extension":400,"faq":401,"featured":399,"headerVariant":402,"image":401,"keywords":401,"meta":403,"navigation":404,"ogDescription":405,"ogTitle":401,"path":406,"readTime":401,"schemaOrg":407,"schemaType":408,"seo":409,"sitemap":410,"stem":411,"tags":412,"twitterCard":414,"__hash__":415},"blog/blog/prompts/add-database-audit.md","Add Database Audit Logging with AI Prompts",{"type":7,"value":8,"toc":385},"minimark",[9,16,21,24,82,86,89,157,161,164,221,231,235,238,306,315,331,335,338,359,373],[10,11,12],"tldr",{},[13,14,15],"p",{},"Audit logging tracks who changed what data and when. These prompts help you implement audit trails using database triggers, application-level logging, or ORM middleware. Essential for compliance, debugging, and security incident investigation.",[17,18,20],"h2",{"id":19},"database-trigger-approach","Database Trigger Approach",[13,22,23],{},"Copy this prompt to generate PostgreSQL audit triggers that automatically log every INSERT, UPDATE, and DELETE. Your AI will create the audit_log table schema, a generic trigger function, per-table trigger setup, and indexed query helpers.",[25,26,28,31,34,37,62,65,79],"prompt-box",{"title":27},"PostgreSQL Audit Triggers",[13,29,30],{},"Create PostgreSQL audit triggers for my tables.",[13,32,33],{},"Tables to audit: users, posts, payments",[13,35,36],{},"Audit log should capture:",[38,39,40,44,47,50,53,56,59],"ol",{},[41,42,43],"li",{},"Table name",[41,45,46],{},"Operation (INSERT, UPDATE, DELETE)",[41,48,49],{},"Old values (for UPDATE/DELETE)",[41,51,52],{},"New values (for INSERT/UPDATE)",[41,54,55],{},"User who made the change",[41,57,58],{},"Timestamp",[41,60,61],{},"Client IP if available",[13,63,64],{},"Create:",[38,66,67,70,73,76],{},[41,68,69],{},"audit_log table schema",[41,71,72],{},"Generic trigger function that works for any table",[41,74,75],{},"Trigger creation for each table",[41,77,78],{},"Helper function to query audit history",[13,80,81],{},"Store old/new values as JSONB for flexibility.\nInclude indexes for common queries (by table, by user, by time).",[17,83,85],{"id":84},"application-level-audit","Application-Level Audit",[13,87,88],{},"Use this prompt to add audit logging at the ORM layer for Prisma, Sequelize, TypeORM, or Drizzle. Your AI will generate middleware hooks that intercept writes, capture before/after state, and log changed fields with actor information.",[25,90,92,95,102,105,122,125,137,140],{"title":91},"ORM Audit Middleware",[13,93,94],{},"Add audit logging at the application level.",[13,96,97,98],{},"ORM: ",[99,100,101],"span",{},"Prisma/Sequelize/TypeORM/Drizzle",[13,103,104],{},"Create middleware/hooks that:",[38,106,107,110,113,116,119],{},[41,108,109],{},"Intercept all write operations",[41,111,112],{},"Capture before/after state",[41,114,115],{},"Log the authenticated user",[41,117,118],{},"Include request context (IP, user agent)",[41,120,121],{},"Write to audit table or external service",[13,123,124],{},"For Prisma specifically:",[126,127,128,131,134],"ul",{},[41,129,130],{},"Use middleware or Prisma Client extensions",[41,132,133],{},"Handle nested writes correctly",[41,135,136],{},"Capture the user from request context",[13,138,139],{},"Output format should include:",[126,141,142,145,148,151,154],{},[41,143,144],{},"Entity type and ID",[41,146,147],{},"Action performed",[41,149,150],{},"Changed fields only (not entire record)",[41,152,153],{},"Actor information",[41,155,156],{},"Timestamp with timezone",[17,158,160],{"id":159},"soft-delete-with-history","Soft Delete with History",[13,162,163],{},"Paste this prompt to implement soft deletes with full version history. Your AI will generate migration scripts for deletedAt/deletedBy columns, query helpers to filter deleted records, a history table with triggers, and a restore function.",[25,165,167,170,173,190,193,204,207],{"title":166},"Soft Delete Pattern",[13,168,169],{},"Implement soft delete with full history tracking.",[13,171,172],{},"Instead of deleting records:",[38,174,175,178,181,184,187],{},[41,176,177],{},"Add deletedAt timestamp column",[41,179,180],{},"Add deletedBy user reference",[41,182,183],{},"Filter out deleted records by default",[41,185,186],{},"Allow admins to view deleted records",[41,188,189],{},"Implement restore functionality",[13,191,192],{},"Also create a history table pattern:",[126,194,195,198,201],{},[41,196,197],{},"users_history stores all versions",[41,199,200],{},"Each update creates a new history row",[41,202,203],{},"Can reconstruct state at any point in time",[13,205,206],{},"Include:",[126,208,209,212,215,218],{},[41,210,211],{},"Migration to add soft delete columns",[41,213,214],{},"Query helpers to include/exclude deleted",[41,216,217],{},"History table schema and triggers",[41,219,220],{},"Restore function",[222,223,224],"warning-box",{},[13,225,226,230],{},[227,228,229],"strong",{},"Audit logs should be immutable:"," Never allow UPDATE or DELETE on audit tables. Use separate credentials with INSERT-only permissions for the audit connection.",[17,232,234],{"id":233},"compliance-ready-audit","Compliance-Ready Audit",[13,236,237],{},"Use this prompt to build compliance-grade audit logging for SOC2, HIPAA, GDPR, or PCI-DSS. Your AI will generate read-access logging, login/logout trails, permission change tracking, log integrity verification, and sample compliance report queries.",[25,239,241,244,250,253,270,273,290,292],{"title":240},"Compliance Audit Setup",[13,242,243],{},"Create audit logging suitable for compliance requirements.",[13,245,246,247],{},"Compliance needs: ",[99,248,249],{},"SOC2/HIPAA/GDPR/PCI-DSS",[13,251,252],{},"Requirements:",[38,254,255,258,261,264,267],{},[41,256,257],{},"All access to sensitive data is logged",[41,259,260],{},"Logs cannot be modified or deleted",[41,262,263],{},"Logs are retained for required period",[41,265,266],{},"Can demonstrate who accessed what",[41,268,269],{},"Failed access attempts are logged",[13,271,272],{},"Implement:",[38,274,275,278,281,284,287],{},[41,276,277],{},"Read access logging (not just writes)",[41,279,280],{},"Login/logout audit trail",[41,282,283],{},"Permission change logging",[41,285,286],{},"Data export/download logging",[41,288,289],{},"Failed authentication attempts",[13,291,206],{},[126,293,294,297,300,303],{},[41,295,296],{},"Log retention policy",[41,298,299],{},"Log integrity verification (checksums)",[41,301,302],{},"Secure log storage recommendations",[41,304,305],{},"Sample compliance report queries",[307,308,309],"tip-box",{},[13,310,311,314],{},[227,312,313],{},"Pro tip:"," Consider using a separate database or external service for audit logs. This prevents audit logs from being deleted if the main database is compromised and improves query performance.",[316,317,318,325],"faq-section",{},[319,320,322],"faq-item",{"question":321},"Should I audit all tables or just sensitive ones?",[13,323,324],{},"Start with sensitive data (users, payments, permissions). Auditing everything creates storage and performance overhead. Add more tables based on compliance requirements or incident needs.",[319,326,328],{"question":327},"How long should I keep audit logs?",[13,329,330],{},"Depends on compliance requirements. SOC2 typically requires 1 year, HIPAA requires 6 years, financial regulations may require 7 years. When in doubt, keep them longer.",[17,332,334],{"id":333},"further-reading","Further Reading",[13,336,337],{},"Want to understand the vulnerability before fixing it? These guides explain what's happening and why.",[126,339,340,347,353],{},[41,341,342],{},[343,344,346],"a",{"href":345},"/blog/vulnerabilities/exposed-api-keys","Understanding exposed API keys",[41,348,349],{},[343,350,352],{"href":351},"/blog/how-to/hide-api-keys","How to hide API keys step-by-step",[41,354,355],{},[343,356,358],{"href":357},"/blog/best-practices/secrets","Secret management best practices",[360,361,362,368],"related-articles",{},[363,364],"related-card",{"description":365,"href":366,"title":367},"Protect your data","/blog/prompts/database-backup-setup","Database Backup Setup",[363,369],{"description":370,"href":371,"title":372},"Protect sensitive data","/blog/prompts/encrypt-database-fields","Encrypt Database Fields",[374,375,378,382],"cta-box",{"href":376,"label":377},"/","Start Free Scan",[17,379,381],{"id":380},"check-your-audit-coverage","Check Your Audit Coverage",[13,383,384],{},"Scan your database for tables missing audit trails.",{"title":386,"searchDepth":387,"depth":387,"links":388},"",2,[389,390,391,392,393,394],{"id":19,"depth":387,"text":20},{"id":84,"depth":387,"text":85},{"id":159,"depth":387,"text":160},{"id":233,"depth":387,"text":234},{"id":333,"depth":387,"text":334},{"id":380,"depth":387,"text":381},"prompts","2026-02-12","2026-03-06","AI prompts to add audit logging to your database. Track who changed what, when, and why with proper audit trails for compliance and debugging.",false,"md",null,"cyan",{},true,"AI prompts to implement database audit trails and change tracking.","/blog/prompts/add-database-audit","[object Object]","BlogPosting",{"title":5,"description":398},{"loc":406},"blog/prompts/add-database-audit",[413],"Database","summary_large_image","K8JbVQ8Mv_EWH_RHVVkJRKwr7kOpFmidrlZuITXQLEQ",1775843939039]