Ledger (Data Governance)
Ledger is the data governance service for the Shift Platform. It provides audit event logging, retention policy management, and field-level classification to help teams maintain compliance and data accountability.
What It Does
- Audit Events — Emit and query audit events that record who did what, to which resource, and when.
- Retention Policies — Define how long data should be retained, scoped by service or resource type.
- Field Classifications — Classify individual data fields by sensitivity level (e.g., PII, public, confidential) with justification.
Key Concepts
| Concept | Description |
|---|---|
| Audit Event | An immutable record of an action performed by an actor on a resource. |
| Retention Policy | A rule defining how long data in a given scope should be retained. |
| Classification | A sensitivity label applied to a specific field within a service's data model. |
Configuration
| Setting | Value |
|---|---|
| Storage Directory | .ledger/ |
| API Dev Port | 4004 |
| Web Dev Port | 4104 |
| Gateway Prefix | /api/v1/ledger/* |
Getting Started
Emit your first audit event:
shift-cli ledger events emit
Or via the API:
curl -X POST http://localhost:3000/api/v1/ledger/events \
-H "Content-Type: application/json" \
-d '{
"action": "service.deployed",
"actor": "ci-pipeline",
"resource": "payment-api",
"metadata": {"version": "1.2.3", "environment": "production"}
}'
Then set up retention policies and field classifications:
shift-cli ledger policies create
shift-cli ledger classifications create