SHA-256 Hash Chains Explained

What is a hash chain?

A hash chain is a sequence of cryptographic hashes where each entry includes the hash of the previous entry. Think of it like a blockchain, but simpler and purpose-built for audit logs.

Each audit event in Trailbase is hashed using SHA-256, and that hash includes the hash of the previous event. This creates an unbreakable chain: if someone modifies, deletes, or reorders a single event, every subsequent hash becomes invalid.

Why does this matter?

When your enterprise customer's auditor asks “How do you guarantee these logs haven't been tampered with?”, you need a better answer than “we use a database with access controls.”

Hash chains provide cryptographic proof of integrity. Anyone with access to the chain can verify that no events have been modified after the fact. This is the standard that SOC 2 auditors and enterprise security teams expect.

How Trailbase implements it

When you send an audit event to Trailbase, here's what happens:

1. The event payload is serialized to a canonical JSON format (sorted keys, no whitespace)
2. We retrieve the hash of the previous event in the tenant's chain
3. We compute SHA-256(previous_hash + canonical_payload)
4. The event, its hash, and the previous hash are stored atomically

Verification is equally straightforward: walk the chain from any point, recompute each hash, and confirm it matches. If any hash doesn't match, you know exactly which event was tampered with.

What about performance?

SHA-256 is fast. Computing a hash takes microseconds, even for large payloads. The real engineering challenge is maintaining chain ordering under high concurrency. Trailbase handles this with per-tenant sequence locks and batch verification endpoints that can validate thousands of events per second.

Try it yourself

Every Trailbase plan includes hash chain integrity verification. Send your first event and verify the chain:

• Getting started guide — send your first event in under 5 minutes
• See pricing — starts free for developers