We are beginning to use prometheus and grafana to monitor vault using the vault metrics api. It provides interesting plots regarding vault tokens, but what we'd really like to monitor is the performance and reliability of the oauth tokens maintained by this plugin.
Describe the Solution You Would Like
We would like for useful metrics to be collected using the vault metrics framework. I haven't been able to find any documentation about how to do it but I assume examples can be found in the vault source code, especially where it implements the kv secrets metrics. We would like metrics such as the rates of success and failure of getting access tokens from vault and from the server, and preferably also counts of different failure types.
Describe Alternatives You've Considered
An alternative would be to write a logstash filter on the vault audit log, but since vault already has this metrics collection framework it seems like this is a better, lower overhead approach that can more easily be reused by others. Also the audit log only shows the interactions between vault and vault clients, not the interaction between the vault plugin and oauth token issuers.
Use Case
We are beginning to use prometheus and grafana to monitor vault using the vault metrics api. It provides interesting plots regarding vault tokens, but what we'd really like to monitor is the performance and reliability of the oauth tokens maintained by this plugin.
Describe the Solution You Would Like
We would like for useful metrics to be collected using the vault metrics framework. I haven't been able to find any documentation about how to do it but I assume examples can be found in the vault source code, especially where it implements the kv secrets metrics. We would like metrics such as the rates of success and failure of getting access tokens from vault and from the server, and preferably also counts of different failure types.
Describe Alternatives You've Considered
An alternative would be to write a logstash filter on the vault audit log, but since vault already has this metrics collection framework it seems like this is a better, lower overhead approach that can more easily be reused by others. Also the audit log only shows the interactions between vault and vault clients, not the interaction between the vault plugin and oauth token issuers.