Blogchain

Verifiable cloud activity, powered by DIDs and blockchain.

Comment

Inspiration

Cloud activity logs are scattered across providers and difficult to verify. We wanted to create a decentralized way to track and prove cloud actions—who did what, where, and when—across AWS, Azure, and beyond. With blockchain and DIDs, trust becomes transparent.

What it does

CloudSleuth is the agent we use to link user DIDs (via MetaMask or Azure OAuth) to their cloud accounts (ARNs or tenant IDs), fetches activity logs from AWS CloudTrail and Azure Monitor, and issues Verifiable Credentials (VCs) proving those actions. These VCs are signed and optionally stored on-chain using the Dock blockchain.

How we built it

Frontend: React app for logging in with MetaMask or Azure, and viewing cloud logs. Backend: Node.js + Express server to handle log fetching, token management, VC issuance, and DID-to-ARN mapping. Database: MongoDB Atlas to store user mappings and OAuth tokens. Blockchain: Dock node (via Docker) to issue and verify Verifiable Credentials. Cloud integrations: AWS: STS assume-role + CloudTrail log retrieval Azure: OAuth2 + Log Analytics queries

Challenges we ran into

Designing a cross-cloud identity model: Mapping DIDs to AWS ARNs and Azure Object IDs required balancing decentralization with cloud-native access control — not a trivial design problem. Bridging OAuth and blockchain: Integrating Azure OAuth2 flows with DID-based identity for issuing Verifiable Credentials involved coordinating two very different trust models.

Accomplishments that we're proud of

Built a working full-stack system that integrates real AWS and Azure logs with decentralized identity. Successfully issued VCs on the Dock chain linking a DID to a cloud resource (ARN). Unified multi-cloud activity tracking under one decentralized identity layer.

What we learned

How to connect to and use a local Dock blockchain node. How Azure's OAuth flow and Log Analytics API work in practice. The complexity of building trustable infrastructure—it's not just about access, but proving who did what. The power of Verifiable Credentials in audit and compliance use cases.

What's next for Blogchain

Add support for GCP logs and service accounts Move DID ↔ cloud identity mapping fully on-chain Use zero-knowledge proofs (ZKPs) to attest to log contents without revealing full data Explore integration with security audit tools and compliance platforms

Share this project:

Updates