The observability dashboard is available on Business and Enterprise plans. If you are on a Free or Starter plan, you will see an upgrade prompt when you navigate to the dashboard. See billing for plan details.
Opening the dashboard
Navigate to Observability in the console sidebar. The dashboard loads your current environment’s data and begins auto-refreshing every 30 seconds. Click Refresh at any time to fetch the latest data immediately.Dashboard tabs
The dashboard is organized into four tabs:| Tab | What it shows |
|---|---|
| Overview | Top-level stats, performance metrics, attestation lifecycle breakdown, and a compact service status panel. |
| Services | Per-service health, SLA compliance bars, uptime percentages, and latency details for each microservice. |
| Usage & Quotas | Current consumption of mints, verifications, storage, and other metered resources against your plan limits. |
| Security | Cryptographic integrity, tenant isolation, and audit trail posture cards with detailed control tables for cryptography, access, and data protection. |
Overview
The overview tab displays four primary stat cards:- Total attestations — active, revoked, and superseded counts.
- Active issuers — how many of your issuers are currently trusted.
- Audit events — total events recorded with hash-chain integrity.
- System health — how many backend services are healthy out of the total monitored.
- Average latency across all services.
- P95 latency — the worst-case response time for the slowest service.
- Health checks performed since the page was opened.
| Color | Latency |
|---|---|
| Green | Under 200 ms |
| Blue | 200–500 ms |
| Amber | 500 ms – 1 s |
| Red | Over 1 s |
Services
The services tab shows the health of seven backend services:| Service | Description |
|---|---|
| Trust Registry | Identity, issuers, keys, and governance |
| Attestation Service | Credential minting and lifecycle |
| Signing Service | Cryptographic key management and signing |
| Transparency Log | Tamper-evident append-only Merkle tree |
| Verification Service | Credential verification and validation |
| Audit Service | Tamper-proof audit trail with hash chaining |
| Billing Service | Usage metering and subscription management |
Uptime percentages shown on the services tab are session-scoped — they reset each time you open the dashboard. For historical uptime data, visit the public status page or query the status API.
Usage and quotas
The usage tab shows your current consumption for each metered resource — mints, verifications, storage, and any other plan-limited operations. Progress bars indicate how close you are to each limit.Security
The security tab gives you a live view of your environment’s security posture across three dimensions. At the top, three posture cards summarize overall strength:| Posture card | What it measures |
|---|---|
| Cryptographic integrity | Ed25519 signatures, SHA-256 audit hashing, and Merkle tree transparency. |
| Tenant isolation | PostgreSQL row-level security, per-tenant keys, and gateway-level enforcement. |
| Audit trail | Hash-chained event count with integrity verification status. Shows “Attention” until your first audit event is recorded. |
Cryptographic controls
| Control | Algorithm | Description |
|---|---|---|
| Attestation signing | Ed25519 (EdDSA) | Every attestation is cryptographically signed with an Ed25519 key. |
| Audit hash chain | SHA-256 | Audit events are chained with SHA-256 hashes so tampering is detectable. |
| Auth / JWKS | ES256 (ECDSA P-256) | JWT tokens and JWKS keys use ES256 for authentication. |
| Transparency log | Merkle tree / SHA-256 | A tamper-evident Merkle tree provides public auditability. |
Access controls
| Control | Mechanism | Description |
|---|---|---|
| Row-level security | PostgreSQL RLS | All database tables enforce tenant isolation at the row level. |
| RBAC | Role-based access control | Granular permissions scoped to your defined roles. |
| API gateway | nginx + rate limiting | Per-IP and per-tenant rate limits enforced at the gateway. |
| Service auth | Internal service keys | Service-to-service communication is authenticated with shared keys. |
Data protection controls
| Control | Mechanism | Description |
|---|---|---|
| Tenant isolation | Multi-tenant RLS | Complete data segregation between tenants at the database level. |
| Audit immutability | Append-only + hash chain | Events cannot be deleted or modified after creation. Shows “Attention” until your first event is recorded. |
| Key rotation | Per-issuer key lifecycle | Keys can be rotated and superseded without losing historical attestations. |
Auto-refresh
The dashboard polls all data sources every 30 seconds. The status indicator in the top-right corner shows the last update time and overall system health:- Green pulse — all systems operational.
- Amber pulse — one or more services degraded.
- Red pulse — one or more services down.
Programmatic monitoring
For machine-readable health data outside the console, use the status API or the billing usage endpoint. These endpoints let you integrate Truthlocks metrics into your own dashboards or alerting pipelines.Next steps
Health and readiness
Health endpoints, status page, and monitoring integrations.
Billing usage
Track mints, verifications, and storage via the API.
Rate limits
Plan quotas and how to handle 429 and 402 responses.
Audit logs
Query and export your audit trail.