diff --git a/controllers/retrieveSecrets.go b/controllers/retrieveSecrets.go
index 5753aae..24e5e70 100644
--- a/controllers/retrieveSecrets.go
+++ b/controllers/retrieveSecrets.go
@@ -152,6 +152,14 @@ func retrieveSpecifiedSecret(s *models.Secret, c *gin.Context) {
 	}
 
 	if len(results) == 1 {
+
+		// Create audit record
+		a := models.Audit{
+			UserId:    UserId,
+			EventText: fmt.Sprintf("Retrieved Secret Id %d", results[0].SecretId),
+		}
+		a.AuditAdd()
+
 		// output results as json
 		c.JSON(http.StatusOK, gin.H{"message": "success", "data": results})
 	} else if len(results) > 1 {
@@ -191,6 +199,13 @@ func ListSecrets(c *gin.Context) {
 		output = append(output, ListSecret(secret.Secret))
 	}
 
+	// Create audit record
+	a := models.Audit{
+		UserId:    UserId,
+		EventText: fmt.Sprintf("Listed %d secrets, %+v", len(output), s),
+	}
+	a.AuditAdd()
+
 	// output results as json
 	c.JSON(http.StatusOK, gin.H{"message": "success", "data": output})
 
diff --git a/main.go b/main.go
index f940d37..752bb33 100644
--- a/main.go
+++ b/main.go
@@ -276,8 +276,8 @@ func main() {
 	secretRoutes.POST("/retrieve", controllers.RetrieveSecret) // TODO deprecate, replace retrieve with get
 	secretRoutes.POST("/get", controllers.RetrieveSecret)
 	secretRoutes.GET("/list", controllers.ListSecrets)
-	secretRoutes.POST("/retrieveMultiple", controllers.RetrieveMultpleSecrets) // TODO is this still required?
-	secretRoutes.POST("/store", controllers.StoreSecret)                       // TODO deprecate, replace store with add
+	//secretRoutes.POST("/retrieveMultiple", controllers.RetrieveMultpleSecrets) // TODO is this still required?
+	secretRoutes.POST("/store", controllers.StoreSecret) // TODO deprecate, replace store with add
 	secretRoutes.POST("/add", controllers.StoreSecret)
 
 	secretRoutes.POST("/update", controllers.UpdateSecret)