# Monitor Kubernetes ConfigMaps & Secrets in GCP

It is quite common to lose the integrity of configmaps/secrets for the following reasons:

* You have a large team with more than 5 people
    
* You do not use any Config/Secret Management Tool
    
* Lack of team collaboration
    

Anyway, that's not the point. All you need is to run the following query in the Logging service to find out which users made changes to which configmap or secret.

```json
protoPayload.@type = "type.googleapis.com/google.cloud.audit.AuditLog" AND protoPayload.serviceName = "k8s.io"
resource.type="k8s_cluster"
protoPayload.authenticationInfo.principalEmail !~ "system" AND protoPayload.authenticationInfo.principalEmail !~ "gserviceaccount"
protoPayload.methodName="io.k8s.core.v1.configmaps.update" OR protoPayload.methodName="io.k8s.core.v1.secrets.update"
```