Skip to content
VaultTerm
Browse docs

Get Started

Credential Vault

Terminal & SSH

Teams & Organizations

Browser Extension

Privacy-First AI

Self-Hosting

Administration

Configuration Reference

Security & Architecture

API & Integrations

Troubleshooting & FAQ

terminal-ssh

Session recording

Terminal I/O and SFTP operations are recorded to the audit trail, with secrets revealed during a session auto-redacted from the recording. Recordings replay for review and compliance, and access to them is itself audited.

Updated Jun 23, 2026

A brokered session is already attributable — you know who connected to what. Session recording goes further: it captures what actually happened during the session, so a reviewer can replay the terminal exactly as it ran.

What gets recorded

  • Terminal I/O. The full output stream of an interactive shell is captured to a replayable cast, along with the terminal size, duration, byte count, and start time. Empty sessions where nothing happened are not stored.
  • SFTP operations. File transfers through the broker — list, download, upload, mkdir, rename, delete — are recorded to the audit trail with their path and size.
  • Single commands. Commands run against a host are written to your command history and the audit trail with their exit code and risk classification.

Secrets are auto-redacted

A recording must be safe to share with a reviewer, so secrets revealed during a session are automatically redacted from it. The same output stream that feeds the recording is also fed through a credential-exposure scanner, so a key or password that surfaces in the terminal is detected, flagged in the audit trail, and removed from the stored recording rather than preserved in plain text. This runs independently of whether the session is being recorded, so exposure is caught even on plans without recording.

Replay for review and compliance

Recordings are playable, not just listed. A reviewer can step through a recorded session to see exactly what ran, in order and with timing. An optional summary extracts the commands and risky actions from a recording deterministically, so the factual record holds even with no AI model involved; where AI is available it only narrates over those facts, defaulting to the self-hosted LAN model and reaching cloud only behind the redaction gate when the org has opted in. See Privacy-first AI.

Plan availability

CapabilityPlan
Terminal and SFTP audit-trail recordsAll plans
Session recording (replayable terminal casts)Team and above
RDP session recording (Windows hosts via the RDP broker)Enterprise

On plans without session recording, sessions run normally and remain fully audited — they just are not captured as replayable casts. RDP recording captures Windows host sessions brokered through the RDP path and is an Enterprise capability.

Access to recordings is audited

Viewing a recording is itself an audited event, as is deleting one. The audit trail therefore covers not only who ran the session but who later watched the recording of it — recordings don’t become an unwatched back channel into sensitive sessions.

Where to go next

All docs · Ask a question