Email Alerts

Configuring email notifications for vault events in SikkerKey.

Email alerts send a notification to your account email address when a selected action fires. You choose which actions trigger an email from the Alerts page in the dashboard.

Email alerts require a paid plan. Free plans can view the preferences page but cannot enable notifications.

Configuring Email Alerts

From the dashboard, go to the Alerts page. The Email Alerts card shows all alertable actions grouped by category, each with a severity badge and a toggle checkbox.

Filtering

Use the dropdown filters at the top of the email alerts card to narrow the list:

  • Severity filter: show only actions of a specific severity level
  • Category filter: show only actions in a specific category
  • Clear: reset both filters

Quick Actions

Two buttons let you enable entire severity levels at once:

  • Enable all critical: enables notifications for all critical-severity actions
  • Enable all high: enables notifications for all high-severity actions

Group Toggle

Click the checkbox next to a category name (e.g. "Secrets") to toggle all visible actions in that category at once. If all are enabled, clicking disables them all. If any are disabled, clicking enables them all.

Saving

Changes are not saved automatically. After toggling actions, click Save changes in the card header. The button only appears when you have unsaved changes.

When you save, the entire preference set is replaced. The backend receives the full list of enabled actions and replaces all existing preferences for your account.

What You Receive

When an enabled action fires, you receive an email containing:

  • Action: the event type (e.g. "Auth Failure", "Machine Register")
  • Detail: a human-readable description of what happened
  • Secret: the secret ID, if the event involves a secret
  • Machine: the machine ID (truncated), if the event involves a machine
  • Source IP: the IP address that triggered the event

Emails are sent asynchronously and do not block the operation that triggered them.

Recommended Configuration

For most vaults, enabling alerts for critical and high severity actions provides good coverage without noise:

  • auth_failure: someone failed to authenticate
  • machine_register: a new machine was bootstrapped
  • machine_revoke: a machine was permanently removed
  • secret_read_denied: a machine tried to read a secret it doesn't have access to
  • secret_delete: a secret was deleted
  • permission_grant: someone was given new access
  • 2fa_disable: two-factor authentication was turned off
  • password_change: the account password was changed

You can fine-tune from there based on your security requirements.