Change Events & CI/CD Integration
Track deployments, configuration changes, and CI/CD events for incident correlation.
Overview
Change events let you annotate your OnePAM timeline with deployments, configuration changes, and other CI/CD milestones. When an incident occurs, correlating it with recent changes helps pinpoint the root cause faster.
Record every deployment with version, author, and environment.
Overlay change events on access timelines for quick diagnosis.
Integrate with GitHub Actions, GitLab CI, Jenkins, and more.
API Reference
POST /api/v1/change-events
Submit a change event via the REST API. Requires an API key with change-events:write scope.
Request Body
{
"title": "Deploy v2.4.1 to production",
"description": "Rolled out new session recording features",
"type": "deployment",
"environment": "production",
"source": "github-actions",
"author": "deploy-bot",
"version": "v2.4.1",
"commit_sha": "abc123def456",
"repository": "onepam/webapp",
"tags": {
"team": "platform",
"service": "api-gateway"
}
}curl Example
curl -X POST https://onepam.example.com/api/v1/change-events \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"title": "Deploy v2.4.1 to production",
"type": "deployment",
"environment": "production",
"version": "v2.4.1",
"commit_sha": "abc123def456"
}'CI/CD Integration
# .github/workflows/deploy.yml
- name: Notify OnePAM of deployment
if: success()
run: |
curl -s -X POST "${{ secrets.ONEPAM_URL }}/api/v1/change-events" \
-H "Authorization: Bearer ${{ secrets.ONEPAM_API_KEY }}" \
-H "Content-Type: application/json" \
-d '{
"title": "Deploy ${{ github.ref_name }} to production",
"type": "deployment",
"environment": "production",
"version": "${{ github.ref_name }}",
"commit_sha": "${{ github.sha }}",
"repository": "${{ github.repository }}",
"author": "${{ github.actor }}"
}'# .gitlab-ci.yml
notify_onepam:
stage: post-deploy
script:
- |
curl -s -X POST "${ONEPAM_URL}/api/v1/change-events" \
-H "Authorization: Bearer ${ONEPAM_API_KEY}" \
-H "Content-Type: application/json" \
-d "{
\"title\": \"Deploy ${CI_COMMIT_TAG} to production\",
\"type\": \"deployment\",
\"environment\": \"production\",
\"version\": \"${CI_COMMIT_TAG}\",
\"commit_sha\": \"${CI_COMMIT_SHA}\",
\"repository\": \"${CI_PROJECT_PATH}\",
\"author\": \"${GITLAB_USER_LOGIN}\"
}"
only:
- tags// Jenkinsfile
pipeline {
agent any
stages {
stage('Deploy') {
steps {
sh 'make deploy'
}
}
stage('Notify OnePAM') {
steps {
withCredentials([string(credentialsId: 'onepam-api-key', variable: 'API_KEY')]) {
sh """
curl -s -X POST "${ONEPAM_URL}/api/v1/change-events" \
-H "Authorization: Bearer ${API_KEY}" \
-H "Content-Type: application/json" \
-d '{
"title": "Deploy ${env.BUILD_TAG}",
"type": "deployment",
"environment": "production",
"version": "${env.BUILD_NUMBER}",
"commit_sha": "${env.GIT_COMMIT}",
"author": "${env.BUILD_USER}"
}'
"""
}
}
}
}
}Event Types
| Type | Description | Example |
|---|---|---|
deployment |
Application or infrastructure deployment | Deploy v2.4.1 to production |
config_change |
Configuration file or setting change | Updated firewall rules on db-01 |
rollback |
Revert to a previous version | Rollback to v2.3.9 |
scaling |
Auto-scaling or manual scaling event | Scaled web tier from 3 to 6 instances |
maintenance |
Scheduled maintenance window | Database maintenance window started |
access_change |
Access policy or permission change | Added SSH access for new contractor |
Incident Correlation
Once change events are flowing, OnePAM automatically correlates them with access activity:
- Change events appear as annotations on the dashboard timeline
- Alerts include a "Recent Changes" section showing deployments within the last hour
- Session recordings can be filtered by time window around a change event
- The API supports querying change events by time range for integration with external tools