Anti-tampering protection is an additional layer of security that safeguards your system against side-channel attacks by unauthorized direct database access. By implementing this feature, Vault protects your data from potential leaks and prevents privilege escalation.
Anti-tampering protection is, by default, set to log events. Here, Vault adds a warning message to the system log when it detects potential tampering. You can set anti-tampering protection to an enforce mode. In this mode, Vault returns an error for any request made after a potential tampering attempt in addition to the logging.
For more information about setting up anti-tampering, how events are reported, and how to reenable Vault after it's locked by the enforce mode, see the Anti-tampering guide.