account: name (subdomain) of the affected Spacelift account;
action: name of the performed action;
actor: actor performing the action - the
::format shows both the actor identity (second element), and the source of the identity (first element)
context: some contextual metadata about the request;
data: action-specific payload showing arguments passed to the request. Any sensitive arguments (like secrets) are sanitized;
X-Signatureheader contains the SHA1 hash of the payload, while
X-Signature-256contains the SHA256 hash. We're using the exact same mechanism as GitHub to generate signatures, please refer to this article for details.