Skip to main content

Core system telemetry

Core system telemetry provides information about the operational health of your OpenBao instance.

Default metrics

vault.core.active

Metric typeValueDescription
gaugebooleanIndicates whether the OpenBao node is active
  • A value of 1 indicates that the node is active.
  • A value of 0 indicates that the node is in standby.

vault.core.check_token

Metric typeValueDescription
summarymsTime required to complete a token check

vault.core.fetch_acl_and_token

Metric typeValueDescription
summarymsTime required to fetch ACL and token entries

vault.core.handle_login_request

Metric typeValueDescription
summarymsTime required to complete a login request

vault.core.handle_request

Metric typeValueDescription
summarymsTime required to complete a non-login request

vault.core.in_flight_requests

Metric typeValueDescription
gaugerequestsNumber of requests currently in progress

vault.core.leadership_lost

Metric typeValueDescription
summarymsTotal time that a high-availability cluster node last maintained leadership

Leadership time updates occur whenever leadership changes. Frequent updates to vault.core.leadership_lost with low leadership times indicates flapping as leader status rotates between nodes.

vault.core.leadership_setup_failed

Metric typeValueDescription
summarymsTime taken by the most recent leadership setup failure

Setup failure time is an important health metric for your high-availability OpenBao installation. We strongly recommend that you closely monitor vault.core.leadership_setup_failed and set alerts that keep you informed of the overall cluster leadership status.

vault.core.license.expiration_time_epoch

Metric typeValueDescription
gaugetimestampEpoch time (seconds since 1970-01-01) at which the license will expire

vault.core.locked_users

Metric typeValueDescription
gaugeusersThe number of users currently locked out of OpenBao

The number of locked users refreshes every 15 minutes.

vault.core.mount_table.num_entries

Metric typeValueDescription
gaugeobjectsNumber of mounts in the given mount table

Mountpoint count metrics include labels to indicate whether the relevant table is an authentication table or a logical table and whether the table is replicated or local.

vault.core.mount_table.size

Metric typeValueDescription
gaugebytesThe current size of the relevant mount table.

Table size metrics include labels to indicate whether the relevant table is an authentication table or a logical table and whether the table is replicated or local.

vault.core.post_unseal

Metric typeValueDescription
summarymsTime required to complete post-unseal operations

vault.core.pre_seal

Metric typeValueDescription
summarymsTime required to complete pre-seal operations

vault.core.seal-internal

Metric typeValueDescription
summarymsTime required to complete internal OpenBao seal operations

vault.core.seal-with-request

Metric typeValueDescription
summarymsTime required to complete seal operations that were triggered by explicit request

vault.core.step_down

Metric typeValueDescription
summarymsTime required to step down cluster leadership

vault.core.unseal

Metric typeValueDescription
summarymsTime required to complete unseal operations

vault.core.unsealed

Metric typeValueDescription
gaugebooleanIndicates whether OpenBao is currently unsealed
  • A value of 1 indicates OpenBao is currently unsealed and clients can read secrets.
  • A value of 0 indicates OpenBao is currently sealed and clients cannot read secrets.

Barrier metrics

vault.barrier.delete

Metric typeValueDescription
summarymsTime required to complete a DELETE operation at the barrier

vault.barrier.get

Metric typeValueDescription
summarymsTime required to complete a GET operation at the barrier

vault.barrier.list

Metric typeValueDescription
summarymsTime required to complete a LIST operation at the barrier

vault.barrier.put

Metric typeValueDescription
summarymsTime required to complete a PUT operation at the barrier

Caching metrics

vault.cache.delete

Metric typeValueDescription
counternumberNumber of deletes from the LRU cache

vault.cache.hit

Metric typeValueDescription
counternumberNumber of hits against the LRU cache that avoided a read from configured storage

vault.cache.miss

Metric typeValueDescription
counternumberNumber of misses against the LRU cache that required a read from configured storage

vault.cache.write

Metric typeValueDescription
counternumberNumber of writes to the LRU cache

Metric collection metrics

vault.metrics.collection

Metric typeValueDescription
summarymsThe average time required (per gauge type) to collect usage data

vault.metrics.collection.error

Metric typeValueDescription
counternumberThe total number of errors (per gauge type) that OpenBao encountered while collecting usage data

vault.metrics.collection.interval

Metric typeUnitsDescription
summarytime durationThe current value of usage_gauge_period

Quota metrics

Quota metrics relate to rate limit and lease count quotas. Each metric comes with a name label that identifies the specific quota.

vault.quota.lease_count.counter

Metric typeValueDescription
gaugeleaseTotal number of leases associated with the named quota rule

The number of leases reported is specific to the quota rule listed in the name label, not the number of leases in general. For example, if the named rule allows for 50 leases max and there are currently 40 leases in the scope of that quota rule, the value of vault.quota.lease_count.counter is 40 even if there are 1000 other leases that are unscoped or in the scope of other quota rules.

vault.quota.lease_count.max

Metric typeValueDescription
gaugeleaseMaximum number of leases allowed by the named quota rule

vault.quota.lease_count.violation

Metric typeValueDescription
counternumberNumber of requests rejected due to exceeding the named lease count quota

vault.quota.rate_limit.violation

Metric typeValueDescription
counternumberNumber of requests rejected due to exceeding the named rate limit quota rule

Rollback metrics

Rollback metrics for each configured mount point. Metric names convert forward slashes (/) in mount names to dashes (-). For example, if you have the auth/token backend configured, the corresponding mount point metric string is auth-token

vault.rollback.attempt.{MOUNTPOINT}

Metric typeValueDescription
summarymsTime required to perform a rollback operation on the given mount point

vault.rollback.inflight

Metric typeValueDescription
gaugenumberNumber of rollback operations inflight

vault.rollback.queued

Metric typeValueDescription
guagenumberThe number of rollback operations waiting to be started

vault.rollback.waiting

Metric typeValueDescription
summarymsTime between queueing a rollback operation and the operation starting

Route metrics

Mount-specific route metrics for each configured mount point. Metric names convert forward slashes (/) in mount names to dashes (-). For example, if you have the auth/token backend configured, the corresponding mount point metric string is auth-token

vault.route.create.{MOUNTPOINT}

Metric typeValueDescription
summarymsTime required to send a create request to the backend and for the backend to complete the operation for the given mount point

vault.route.delete.{MOUNTPOINT}

Metric typeValueDescription
summarymsTime required to send a delete request to the backend and for the backend to complete the operation for the given mount point

vault.route.list.{MOUNTPOINT}

Metric typeValueDescription
summarymsTime required to send a list request to the backend and for the backend to complete the operation for the given mount point

vault.route.read.{MOUNTPOINT}

Metric typeValueDescription
summarymsTime required to send a read request to the backend and for the backend to complete the operation for the given mount point

vault.route.rollback.{MOUNTPOINT}

Metric typeValueDescription
summarymsTime required to send a rollback request to the backend and for the backend to complete the operation for the given mount point

OpenBao automatically schedules and performs mount point rollback operations to clean up partial errors.

Runtime metrics

Runtime metrics relate specifically to the Go runtime for your OpenBao instance.

vault.runtime.alloc_bytes

Metric typeValueDescription
gaugebytesSpace currently allocated to OpenBao processes

The number of allocated bytes may peak from time to time, but should always return to a steady state value in a health OpenBao installation.

vault.runtime.free_count

Metric typeValueDescription
gaugenumberNumber of freed objects

vault.runtime.gc_pause_ns

Metric typeValueDescription
summarynsTime required to complete the last garbage collection run

vault.runtime.heap_objects

Metric typeValueDescription
gaugenumberTotal number of objects on the heap in memory

The vault.runtime.heap_objects metric is a good memory pressure indicator. We recommend monitoring vault.runtime.heap_objects to establish an accurate baseline and thresholds for alerting on the health of your OpenBao installation.

vault.runtime.malloc_count

Metric typeValueDescription
gaugenumberTotal number of allocated heap objects in memory

vault.runtime.num_goroutines

Metric typeValueDescription
gaugenumberTotal number of Go routines running in memory

The vault.runtime.num_goroutines metric is a good system load indicator. We recommend monitoring vault.runtime.num_goroutines to establish an accurate baseline and thresholds for alerting on the health of your OpenBao installation.

vault.runtime.sys_bytes

Metric typeValueDescription
gaugenumberTotal number of bytes allocated to OpenBao

The total number of allocated system bytes includes space currently used by the heap plus space that has been reclaimed by, but not returned to, the operating system.

vault.runtime.total_gc_pause_ns

Metric typeValueDescription
gaugensThe total garbage collector pause time since OpenBao was last started

vault.runtime.total_gc_runs

Metric typeValueDescription
gaugenumberThe total number of garbage collection runs since OpenBao was last started