Monitoring Vault

The Vault sensor is automatically deployed and installed after you install the Instana agent.

Supported Versions

Currently supported versions for metrics and configuration data are all above 1.0.0.

Configuration

To enable sensor to gather metrics and configuration data you need to insert valid token in <agent_install_dir>/etc/instana/configuration.yaml:

com.instana.plugin.vault:
  token: '<INSERT_TOKEN_HERE>'

The authentication method for HashiCorp Vault Instana integration uses the Token Auth Method (API). Paths required for token are: /sys/health and /sys/metrics and required capability is read.

Metrics collection

To view the metrics, select Infrastructure in the sidebar of the Instana User interface, click a specific monitored host, and then you can see a host dashboard with all the collected metrics and monitored processes.

Configuration data

  • Process ID
  • Version
  • Initialized
  • Sealed
  • Standby
  • Performance standby
  • Start time

Performance metrics

Metric Description Granularity
Secrets created count Number of secrets created 1 second
Secrets created duration The time taken to create secrets 1 second
Secrets read count Number of secrets read 1 second
Secrets read duration The time taken to read secrets 1 second
Secrets updated count Number of secrets updated 1 second
Secrets updated duration The time taken to update secrets 1 second
Secrets deleted count Number of secrets deleted 1 second
Secrets deleted duration The time taken to delete secrets 1 second
Tokens created count Number of tokens created 1 second
Tokens created duration The time taken to create a token 1 second
Tokens lookup count Number of token lookups 1 second
Tokens lookup duration The time taken to lookup a token 1 second
Leader failure lost Duration of time taken by cluster leadership losses which have occurred in a highly available Vault cluster 1 second
Leader failure setup failed Duration of time taken by cluster leadership setup failures which have occurred in a highly available Vault cluster 1 second
Audit log request count Number of all audit log requests across all audit log devices 1 second
Audit log request failure Number of audit log request failures 1 second
Audit log request count duration Duration of time taken by all audit log requests across all audit log devices 1 second
Audit log response count Number of all audit log responses across all audit log devices 1 second
Audit log response failure Number of audit log response failures 1 second
Audit log response count duration Duration of time taken by all audit log responses across all audit log devices 1 second
Barrier operation put Number of PUT operations at the barrier 1 second
Barrier operation get Number of GET operations at the barrier 1 second
Barrier operation delete Number of DELETE operations at the barrier 1 second
Barrier operation list Number of LIST operations at the barrier 1 second
Secrets engine error initialize Number of database secrets engine initialization operation errors across all database secrets engines 1 second
Secrets engine error close Number of database secrets engine close operation errors across all database secrets engines 1 second
Secrets engine error create user Number of user creation operation errors across all database secrets engines 1 second
Secrets engine error renew user Number of user renewal operation errors across all database secrets engines 1 second
Secrets engine error revoke user Number of user revocation operation errors across all database secrets engines 1 second

Health signatures

For each sensor, there is a curated knowledgebase of health signatures that are evaluated continuously against the incoming metrics and are used to raise issues or incidents depending on user impact.

Built-in events trigger issues or incidents based on failing health signatures on entities, and custom events trigger issues or incidents based on defined thresholds of any given entity's individual metrics.

For information about built-events for the Vault, see the Built-in events reference.