Monitoring Azure Key Vault

Instana offers comprehensive monitoring of your Azure Key Vault by providing end-to-end visibility into your environment. After you install the Instana host agent, the Azure Key Vault sensor is automatically installed and enabled. You can view the infrastructure metrics that are related to the Azure Key Vault in the Instana UI.

For more information about other supported Azure services, see Azure.

Configuring the Azure Key Vault sensor

To monitor your Azure Key Vault, complete the following steps:

  1. Enable the Azure service in the agent configuration file (<agentinstall_dir>/etc/instana/configuration.yaml) by using the following configuration:

    com.instana.plugin.azure:
      enabled: true
      subscription: "[Your-Subscription-Id]"
      tenant: "[Your-Tenant-Id]"
      principals:
        - id: "[Your-Service-Principal-Account-Id]"
          secret: "[Your-Service-Principal-Secret]"
    

    For more information about installing the Azure agent, see Installation.

  2. Make sure the Azure Key Vault sensor is enabled in the agent configuration file (<agentinstall_dir>/etc/instana/configuration.yaml):

    com.instana.plugin.azure.keyvault:
    enabled: true
    

Defining tags and resource groups for service filtering

You can define multiple tags and resource groups that are separated by a comma. The tags must be defined as a key-value pair that is separated by a colon (:). To simplify the configuration, define the tags and resource groups for inclusion or exclusion in discovery. If a tag or resource group is defined in both include and exclude lists, the excluded list takes precedence. If you want to include all services without filtering, avoid defining any configuration.

  • To include services with tags into discovery, use the following configuration:

    com.instana.plugin.azure.keyvault:
      include_tags: # Comma separated list of tags in key:value format (e.g. env:prod,env:staging)
    
  • To exclude services with tags from discovery, use the following configuration:

    com.instana.plugin.azure.keyvault:
      exclude_tags: # Comma separated list of tags in key:value format (e.g. env:dev,env:test)
    
  • To include services with resource groups into discovery, use the following configuration:

    com.instana.plugin.azure.keyvault:
      include_resource_groups: # Comma separated list of resource groups (e.g. rg_prod,rg_staging)
    
  • To exclude services with resource groups from discovery, use the following configuration:

    com.instana.plugin.azure.keyvault:
      exclude_resource_groups: # Comma separated list of resource groups (e.g. rg_dev,rg_test)
    

Discovery filtering can be configured on the global level for all Azure services. When you define filters for Azure Key Vault, global filters are overridden. For more information about the global discovery filtering of the Azure service, see Azure Configuration.

Disabling the Azure Key Vault sensor

To disable monitoring of the Azure Key Vault services, use the following configuration:

com.instana.plugin.azure.keyvault:
  enabled: false

Viewing metrics

To view the metrics, complete the following steps:

  1. From the navigation menu in the Instana UI, select Infrastructure.
  2. Click a specific monitored host.

You can see a host dashboard with all the collected metrics and monitored processes.

Metrics are pulled every minute, which is the resolution that Azure provides for the monitoring of these services.

Configuration data

Namespace details Description
Name Name of the key vault
Resource Group Resource group of the vault
Location Location of the vault
Type Type of the resource
Provisioning State Provisioning state of the vault
Tier Billing tier of a particular vault

Performance metrics

Metric Name Unit Aggregation Description
Vault
Overall Vault Availability Availability Percent Average The availability of vault requests
Overall Vault Saturation SaturationShoebox Percent Average The vault capacity that is used
Service API
Total Service Api Hits ServiceApiHit Count Count The total number of service API hits
Overall Service Api Latency ServiceApiLatency Milliseconds Average The overall latency of service API requests
Total Service Api Results ServiceApiResult Count Count The total number of service API results