> ## Documentation Index
> Fetch the complete documentation index at: https://conductorone-docs-mcp-bridge-private-server.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Search Audit Events

> SearchAuditEvents returns audit events for paper secrets.
 Can filter by vault_id, actor (user ID or email), client IP.



## OpenAPI

````yaml https://spec.speakeasy.com/conductor-one/conductorone/my-source-with-code-samples post /api/v1/search/secrets-admin/audit_events
openapi: 3.1.0
info:
  description: The C1 API is a HTTP API for managing C1 resources.
  title: C1 API
  version: 0.1.0-alpha
servers:
  - description: The C1 API server for the current tenant.
    url: https://{tenantDomain}.conductor.one
    variables:
      tenantDomain:
        default: example
        description: The domain of the tenant to use for this request.
security:
  - bearerAuth: []
    oauth: []
paths:
  /api/v1/search/secrets-admin/audit_events:
    post:
      tags:
        - Secrets Admin
      summary: Search Audit Events
      description: |-
        SearchAuditEvents returns audit events for paper secrets.
         Can filter by vault_id, actor (user ID or email), client IP.
      operationId: c1.api.secrets.v1.PaperSecretAdminService.SearchAuditEvents
      requestBody:
        content:
          application/json:
            schema:
              $ref: >-
                #/components/schemas/c1.api.secrets.v1.PaperSecretAdminServiceSearchAuditEventsRequest
      responses:
        '200':
          content:
            application/json:
              schema:
                $ref: >-
                  #/components/schemas/c1.api.secrets.v1.PaperSecretAdminServiceSearchAuditEventsResponse
          description: Successful response
      x-codeSamples:
        - lang: go
          label: SearchAuditEvents
          source: "package main\n\nimport(\n\t\"context\"\n\t\"github.com/conductorone/conductorone-sdk-go/pkg/models/shared\"\n\tconductoronesdkgo \"github.com/conductorone/conductorone-sdk-go\"\n\t\"log\"\n)\n\nfunc main() {\n    ctx := context.Background()\n\n    s := conductoronesdkgo.New(\n        conductoronesdkgo.WithSecurity(shared.Security{\n            BearerAuth: \"<YOUR_BEARER_TOKEN_HERE>\",\n            Oauth: \"<YOUR_OAUTH_HERE>\",\n        }),\n    )\n\n    res, err := s.PaperSecretAdmin.SearchAuditEvents(ctx, nil)\n    if err != nil {\n        log.Fatal(err)\n    }\n    if res.PaperSecretAdminServiceSearchAuditEventsResponse != nil {\n        // handle response\n    }\n}"
        - lang: typescript
          label: Typescript (SDK)
          source: >-
            import { ConductoroneSDKTypescript } from
            "conductorone-sdk-typescript";


            const conductoroneSDKTypescript = new ConductoroneSDKTypescript({
              security: {
                bearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
                oauth: "<YOUR_OAUTH_HERE>",
              },
            });


            async function run() {
              const result = await conductoroneSDKTypescript.paperSecretAdmin.searchAuditEvents();

              console.log(result);
            }


            run();
components:
  schemas:
    c1.api.secrets.v1.PaperSecretAdminServiceSearchAuditEventsRequest:
      description: The PaperSecretAdminServiceSearchAuditEventsRequest message.
      properties:
        actorEmail:
          description: Filter by external email (partial match via full-text search)
          type:
            - string
            - 'null'
        actorUserId:
          description: Filter by C1 user ID (internal users)
          type:
            - string
            - 'null'
        clientIp:
          description: Filter by client IP (exact match)
          type:
            - string
            - 'null'
        pageSize:
          description: The pageSize field.
          format: int32
          type:
            - integer
            - 'null'
        pageToken:
          description: The pageToken field.
          type:
            - string
            - 'null'
        vaultId:
          description: Filter by specific vault
          type:
            - string
            - 'null'
      title: Paper Secret Admin Service Search Audit Events Request
      type: object
      x-speakeasy-name-override: PaperSecretAdminServiceSearchAuditEventsRequest
    c1.api.secrets.v1.PaperSecretAdminServiceSearchAuditEventsResponse:
      description: The PaperSecretAdminServiceSearchAuditEventsResponse message.
      properties:
        list:
          description: |-
            List contains OCSF events directly as JSON structs.
             Follows the same pattern as SystemLogServiceListEventsResponse.
          items:
            additionalProperties: true
            type: object
          type:
            - array
            - 'null'
        nextPageToken:
          description: The nextPageToken field.
          type:
            - string
            - 'null'
      title: Paper Secret Admin Service Search Audit Events Response
      type: object
      x-speakeasy-name-override: PaperSecretAdminServiceSearchAuditEventsResponse
  securitySchemes:
    bearerAuth:
      scheme: bearer
      type: http
    oauth:
      description: >-
        This API uses OAuth2 with the Client Credential flow.

        Client Credentials must be sent in the BODY, not the headers.

        For an example of how to implement this, refer to the
        [c1TokenSource.Token()](https://github.com/ConductorOne/conductorone-sdk-go/blob/3375fe7c0126d17e7ec4e711693dee7b791023aa/token_source.go#L101-L187)
        function.
      flows:
        clientCredentials:
          scopes: {}
          tokenUrl: /auth/v1/token
      type: oauth2

````