Monitoring Azure Key Vault
Instana offers comprehensive monitoring of your Azure Key Vault by providing end-to-end visibility into your environment.
After you install the Instana host agent, the Azure Key Vault sensor is automatically installed and enabled. You can view the infrastructure metrics that are related to the Azure Key Vault in the Instana UI.
For more information about other supported Azure services, see Azure.
Configuring the Azure Key Vault sensor
To monitor your Azure Key Vault, complete the following steps:
-
Enable the Azure service in the agent configuration file (
<agentinstall_dir>/etc/instana/configuration.yaml) by using the following configuration:com.instana.plugin.azure: enabled: true subscription: "[Your-Subscription-Id]" tenant: "[Your-Tenant-Id]" principals: - id: "[Your-Service-Principal-Account-Id]" secret: "[Your-Service-Principal-Secret]"For more information about installing the Azure agent, see Installation.
-
Make sure the Azure Key Vault sensor is enabled in the agent configuration file (
<agentinstall_dir>/etc/instana/configuration.yaml):com.instana.plugin.azure.keyvault: enabled: true
Defining tags and resource groups for service filtering
You can define multiple tags and resource groups that are separated by a comma. The tags must be defined as a key-value pair that is separated by a colon (:). To simplify the configuration, define the tags and resource groups for inclusion or exclusion in discovery. If a tag or resource group is defined in both include and exclude lists, the excluded list takes precedence. If you want to include all services without filtering, avoid defining any configuration.
-
To include services with tags into discovery, use the following configuration:
com.instana.plugin.azure.keyvault: include_tags: # Comma separated list of tags in key:value format (e.g. env:prod,env:staging) -
To exclude services with tags from discovery, use the following configuration:
com.instana.plugin.azure.keyvault: exclude_tags: # Comma separated list of tags in key:value format (e.g. env:dev,env:test) -
To include services with resource groups into discovery, use the following configuration:
com.instana.plugin.azure.keyvault: include_resource_groups: # Comma separated list of resource groups (e.g. rg_prod,rg_staging) -
To exclude services with resource groups from discovery, use the following configuration:
com.instana.plugin.azure.keyvault: exclude_resource_groups: # Comma separated list of resource groups (e.g. rg_dev,rg_test)
Disabling the Azure Key Vault sensor
To disable monitoring of the Azure Key Vault services, use the following configuration:
com.instana.plugin.azure.keyvault:
enabled: false
Viewing metrics
To view the metrics, complete the following steps:
- From the navigation menu in the Instana UI, select Infrastructure.
- Click a specific monitored host.
You can see a host dashboard with all the collected metrics and monitored processes.
Metrics are pulled every minute, which is the resolution that Azure provides for the monitoring of these services.
Configuration data
| Key vault details | Description |
|---|---|
| Name | Name of the key vault |
| Resource Group | Resource group of the vault |
| Location | Location of the vault |
| Subscription Id | Subscription ID of the vault |
| Type | Type of the resource |
| Provisioning State | Provisioning state of the vault |
| Tier | Billing tier of a particular vault |
Performance metrics
| Metric | Name | Unit | Aggregation | Description |
|---|---|---|---|---|
| Vault | ||||
| Overall Vault Availability | Availability | Percent | Average | The availability of vault requests |
| Overall Vault Saturation | SaturationShoebox | Percent | Average | The vault capacity that is used |
| Service API | ||||
| Total Service Api Hits | ServiceApiHit | Count | Count | The total number of service API hits |
| Overall Service Api Latency | ServiceApiLatency | Milliseconds | Average | The overall latency of service API requests |
| Total Service Api Results | ServiceApiResult | Count | Count | The total number of service API results |