What is a Recording?
A Recording is the audit trail for a session. VaultPAM captures the session at the proxy layer, stores it for later review, and makes it available to authorized viewers in the admin console.
What gets recorded
VaultPAM records the session body itself, not just metadata:
- For RDP, the recording captures the visual session.
- For SSH, the recording captures the terminal activity.
That gives you a reviewable history of what happened during privileged access.
How playback works
Authorized admins can open a recording in the console and replay it later. Playback helps with incident response, compliance reviews, and coaching when someone needs to understand how a session unfolded.
Retention and download
The retention policy determines how long recordings remain available. When policy allows it, admins can download a copy for external review or archive it in a separate evidence system.
Who can view a recording
Recordings are not public. Access is governed by Safe policy, organization roles, and the visibility settings in your deployment. If you can review a recording, it is because the admin path explicitly allows it.