Secrets telemetry
Secrets telemetry provides information about configured secrets engine operations.
Default metrics
vault.secret.kv.count
| Metric type | Value | Description |
|---|---|---|
| gauge | number | Number of entries in each key-value secrets engines |
OpenBao organizes the key-value pair count by cluster, namespace, and mount point.
vault.secret.lease.creation
| Metric type | Value | Description |
|---|---|---|
| counter | number | Number of leases created by secrets engines |
OpenBao organizes the lease count by cluster, namespace, secret engine, mount point, and time to live (TTL).
PKI metrics
secrets.pki.tidy.cert_store_current_entry
| Metric type | Value | Description |
|---|---|---|
| gauge | number | Index of the certificate store entry currently being verified by the tidy operation |
secrets.pki.tidy.cert_store_deleted_count
| Metric type | Value | Description |
|---|---|---|
| counter | number | Number of entries deleted from the certificate store |
secrets.pki.tidy.cert_store_total_entries_remaining
| Metric type | Value | Description |
|---|---|---|
| gauge | number | Number of entries in the certificate store checked, but not removed, during the tidy operation |
secrets.pki.tidy.cert_store_total_entries
| Metric type | Value | Description |
|---|---|---|
| gauge | number | Number of entries in the certificate store to verify during the tidy operation |
secrets.pki.tidy.duration
| Metric type | Value | Description |
|---|---|---|
| summary | ms | Time required to complete the PKI tidy operation |
secrets.pki.tidy.failure
| Metric type | Value | Description |
|---|---|---|
| counter | number | Number of times the PKI tidy operation failed to finish due to errors |
secrets.pki.tidy.revoked_cert_current_entry
| Metric type | Value | Description |
|---|---|---|
| gauge | number | Index of the revoked certificate store entry currently being verified by the tidy operation |
secrets.pki.tidy.revoked_cert_deleted_count
| Metric type | Value | Description |
|---|---|---|
| counter | number | Number of entries deleted from the certificate store for revoked certificates |
secrets.pki.tidy.revoked_cert_total_entries_fixed_issuers
| Metric type | Value | Description |
|---|---|---|
| gauge | number | Number of entries in the certificate store found to have incorrect issuer information that were fixed during the tidy operation |
secrets.pki.tidy.revoked_cert_total_entries_incorrect_issuers
| Metric type | Value | Description |
|---|---|---|
| gauge | number | Total number of entries in the certificate store found to have incorrect issuer information |
secrets.pki.tidy.revoked_cert_total_entries_remaining
| Metric type | Value | Description |
|---|---|---|
| gauge | number | Number of revoked certificates in the certificate store checked, but not removed, during the tidy operation |
secrets.pki.tidy.revoked_cert_total_entries
| Metric type | Value | Description |
|---|---|---|
| gauge | number | Number of revoked certificate entries in the certificate store to be verified during the tidy operation |
secrets.pki.tidy.start_time_epoch
| Metric type | Value | Description |
|---|---|---|
| gauge | seconds | Epoch time (seconds since 1970-01-01) when the PKI tidy operation began |
The start time metric reports a value of 0 if the PKI tidy operation is not
currently active.
secrets.pki.tidy.success
| Metric type | Value | Description |
|---|---|---|
| counter | number | Number of times the PKI tidy operation completed successfully |
Secrets database metrics
Metrics related to your configured secrets engines, including
database-specific metrics for each named secrets engine. For example, if you
enable a PostgreSQL secrets engine called postgresql-prod, the related
CreateUser.error metric is database.postgresql-prod.CreateUser.error.
database.Close
| Metric type | Value | Description |
|---|---|---|
| summary | ms | Time required to close a database secret engine (across all database secrets engines) |
database.Close.error
| Metric type | Value | Description |
|---|---|---|
| counter | number | Number of errors encountered across all database secrets engines while closing database connections |
database.CreateUser
| Metric type | Value | Description |
|---|---|---|
| summary | ms | Time required to create a user across all database secrets engines |
database.CreateUser.error
| Metric type | Value | Description |
|---|---|---|
| counter | number | Number of errors encountered across all database secrets engines while creating users |
database.Initialize
| Metric type | Value | Description |
|---|---|---|
| summary | ms | Time required to initialize a database secret engine (across all database secrets engines) |
database.Initialize.error
| Metric type | Value | Description |
|---|---|---|
| counter | number | Number of errors encountered across all database secrets engines while initializing the database |
database.{NAME}.Close
| Metric type | Value | Description |
|---|---|---|
| summary | ms | Time required to close the database secrets engine {NAME} |
database.{NAME}.Close.error
| Metric type | Value | Description |
|---|---|---|
| counter | number | Number of errors encountered for the named database secrets engines while closing database connections |
database.{NAME}.CreateUser
| Metric type | Value | Description |
|---|---|---|
| summary | ms | Time required to create a user for the named database secrets engine |
database.{NAME}.CreateUser.error
| Metric type | Value | Description |
|---|---|---|
| counter | number | Number of errors encountered for the named database secrets engines while creating users |
database.{NAME}.Initialize
| Metric type | Value | Description |
|---|---|---|
| summary | ms | Time required to initialize a database secret engine for the named database |
database.{NAME}.Initialize.error
| Metric type | Value | Description |
|---|---|---|
| counter | number | Number of errors encountered for the named database secrets engines while initializing the database |
database.{NAME}.RenewUser
| Metric type | Value | Description |
|---|---|---|
| summary | ms | Time required to renew a user for the named database secrets engine |
database.{NAME}.RenewUser.error
| Metric type | Value | Description |
|---|---|---|
| counter | number | Number of errors encountered for the named database secrets engines while renewing users |
database.{NAME}.RevokeUser
| Metric type | Value | Description |
|---|---|---|
| summary | ms | Time required to revoke a user for the named database secrets engine |
database.{NAME}.RevokeUser.error
| Metric type | Value | Description |
|---|---|---|
| counter | number | Number of errors encountered for the named database secrets engines while revoking users |
database.RenewUser
| Metric type | Value | Description |
|---|---|---|
| summary | ms | Time required to renew a user across all database secrets engines |
database.RenewUser.error
| Metric type | Value | Description |
|---|---|---|
| counter | number | Number of errors encountered across all database secrets engines while renewing users |
database.RevokeUser
| Metric type | Value | Description |
|---|---|---|
| summary | ms | Time required to revoke a user across all database secrets engines |
database.RevokeUser.error
| Metric type | Value | Description |
|---|---|---|
| counter | number | Number of errors encountered across all database secrets engines while revoking users |