Skip to main content

Secrets telemetry

Secrets telemetry provides information about configured secrets engine operations.

Default metrics

vault.secret.kv.count

Metric typeValueDescription
gaugenumberNumber of entries in each key-value secrets engines

OpenBao organizes the key-value pair count by cluster, namespace, and mount point.

vault.secret.lease.creation

Metric typeValueDescription
counternumberNumber of leases created by secrets engines

OpenBao organizes the lease count by cluster, namespace, secret engine, mount point, and time to live (TTL).

PKI metrics

secrets.pki.tidy.cert_store_current_entry

Metric typeValueDescription
gaugenumberIndex of the certificate store entry currently being verified by the tidy operation

secrets.pki.tidy.cert_store_deleted_count

Metric typeValueDescription
counternumberNumber of entries deleted from the certificate store

secrets.pki.tidy.cert_store_total_entries_remaining

Metric typeValueDescription
gaugenumberNumber of entries in the certificate store checked, but not removed, during the tidy operation

secrets.pki.tidy.cert_store_total_entries

Metric typeValueDescription
gaugenumberNumber of entries in the certificate store to verify during the tidy operation

secrets.pki.tidy.duration

Metric typeValueDescription
summarymsTime required to complete the PKI tidy operation

secrets.pki.tidy.failure

Metric typeValueDescription
counternumberNumber of times the PKI tidy operation failed to finish due to errors

secrets.pki.tidy.revoked_cert_current_entry

Metric typeValueDescription
gaugenumberIndex of the revoked certificate store entry currently being verified by the tidy operation

secrets.pki.tidy.revoked_cert_deleted_count

Metric typeValueDescription
counternumberNumber of entries deleted from the certificate store for revoked certificates

secrets.pki.tidy.revoked_cert_total_entries_fixed_issuers

Metric typeValueDescription
gaugenumberNumber of entries in the certificate store found to have incorrect issuer information that were fixed during the tidy operation

secrets.pki.tidy.revoked_cert_total_entries_incorrect_issuers

Metric typeValueDescription
gaugenumberTotal number of entries in the certificate store found to have incorrect issuer information

secrets.pki.tidy.revoked_cert_total_entries_remaining

Metric typeValueDescription
gaugenumberNumber of revoked certificates in the certificate store checked, but not removed, during the tidy operation

secrets.pki.tidy.revoked_cert_total_entries

Metric typeValueDescription
gaugenumberNumber of revoked certificate entries in the certificate store to be verified during the tidy operation

secrets.pki.tidy.start_time_epoch

Metric typeValueDescription
gaugesecondsEpoch time (seconds since 1970-01-01) when the PKI tidy operation began

The start time metric reports a value of 0 if the PKI tidy operation is not currently active.

secrets.pki.tidy.success

Metric typeValueDescription
counternumberNumber of times the PKI tidy operation completed successfully

Secrets database metrics

Metrics related to your configured secrets engines, including database-specific metrics for each named secrets engine. For example, if you enable a PostgreSQL secrets engine called postgresql-prod, the related CreateUser.error metric is database.postgresql-prod.CreateUser.error.

database.Close

Metric typeValueDescription
summarymsTime required to close a database secret engine (across all database secrets engines)

database.Close.error

Metric typeValueDescription
counternumberNumber of errors encountered across all database secrets engines while closing database connections

database.CreateUser

Metric typeValueDescription
summarymsTime required to create a user across all database secrets engines

database.CreateUser.error

Metric typeValueDescription
counternumberNumber of errors encountered across all database secrets engines while creating users

database.Initialize

Metric typeValueDescription
summarymsTime required to initialize a database secret engine (across all database secrets engines)

database.Initialize.error

Metric typeValueDescription
counternumberNumber of errors encountered across all database secrets engines while initializing the database

database.{NAME}.Close

Metric typeValueDescription
summarymsTime required to close the database secrets engine {NAME}

database.{NAME}.Close.error

Metric typeValueDescription
counternumberNumber of errors encountered for the named database secrets engines while closing database connections

database.{NAME}.CreateUser

Metric typeValueDescription
summarymsTime required to create a user for the named database secrets engine

database.{NAME}.CreateUser.error

Metric typeValueDescription
counternumberNumber of errors encountered for the named database secrets engines while creating users

database.{NAME}.Initialize

Metric typeValueDescription
summarymsTime required to initialize a database secret engine for the named database

database.{NAME}.Initialize.error

Metric typeValueDescription
counternumberNumber of errors encountered for the named database secrets engines while initializing the database

database.{NAME}.RenewUser

Metric typeValueDescription
summarymsTime required to renew a user for the named database secrets engine

database.{NAME}.RenewUser.error

Metric typeValueDescription
counternumberNumber of errors encountered for the named database secrets engines while renewing users

database.{NAME}.RevokeUser

Metric typeValueDescription
summarymsTime required to revoke a user for the named database secrets engine

database.{NAME}.RevokeUser.error

Metric typeValueDescription
counternumberNumber of errors encountered for the named database secrets engines while revoking users

database.RenewUser

Metric typeValueDescription
summarymsTime required to renew a user across all database secrets engines

database.RenewUser.error

Metric typeValueDescription
counternumberNumber of errors encountered across all database secrets engines while renewing users

database.RevokeUser

Metric typeValueDescription
summarymsTime required to revoke a user across all database secrets engines

database.RevokeUser.error

Metric typeValueDescription
counternumberNumber of errors encountered across all database secrets engines while revoking users