Monitoring Vault Resources

Monitor vault management resources using metrics, alarms, and notifications.

For more information, see Monitoring and Notifications.

Overview of the Vault Metrics

Vault service metrics help you measure the success and error count of cryptographic operations on keys and the success and error count of HTTP responses to get, create, and update (getSecretBundle, listSecretBundleVersions, createSecret, and updateSecret) operations during the selected time range. You can use metrics data to diagnose and troubleshoot problems with keys and secrets.

To view a default set of metrics charts in the Console, navigate to the key or secret that you're interested in, and then click Metrics. You also can use the Monitoring service to create custom queries.

Prerequisites

IAM policies: To monitor resources, you must be given the required type of access in a policy  written by an administrator, whether you're using the Console or the REST API with an SDK, CLI, or other tool. The policy must give you access to the monitoring services as well as the resources being monitored. If you try to perform an action and get a message that you don’t have permission or are unauthorized, confirm with your administrator the type of access you've been granted and which compartment  you should work in. For more information about user authorizations for monitoring, see IAM Policies (Monitoring).

Available Metrics: oci_kms_keys

The metrics listed in the following table are automatically available for any master encryption keys that you create. You do not need to enable monitoring on the resource to get these metrics.

Vault service metrics for keys include the following dimensions :
RESOURCEDISPLAYNAME
The friendly name of the resource to which the metrics apply.
RESOURCEID
The OCID  of the resource to which the metrics apply.
RESPONSECODE
The HTTP response code to the cryptographic operation to which the metrics apply.
Metric Metric Display Name Unit Description Dimensions
EncryptResponseCount Encrypt Response Count

count

HTTP responses received by the service for Encrypt calls.

resourceDisplayName

resourceId

responseCode

DecryptResponseCount Decrypt Response Count

count

HTTP responses received by the service for Decrypt calls.

GenerateDataEncryptionKeyResponseCount GenerateDataEncryptionKey Response Count

count

HTTP responses received by the service for GenerateDataEncryptionKey calls.

Available Metrics: oci_secrets

The metrics listed in the following table are automatically available for any secrets that you create. You do not need to enable monitoring on the resource to get these metrics.

Vault service metrics for secrets include the following dimensions :
DISPLAYNAME
The friendly name of the resource to which the metrics apply.
RESOURCEID
The OCID  of the resource to which the metrics apply.
RESPONSECODE
The HTTP response code to the operation to which the metrics apply.
Metric Metric Display Name Unit Description Dimensions
GetSecretBundle GetSecretBundle

count

HTTP responses received by the service for GetSecretBundle calls during the selected time range.

displayName

resourceId

responseCode

ListSecretBundleVersions ListSecretBundleVersions

count

HTTP responses received by the service for ListSecretBundleVersions calls during the selected time range.

CreateSecret CreateSecret

count

HTTP responses received by the service for CreateSecret calls during the selected time range.

UpdateSecret UpdateSecret

count

HTTP responses received by the service for UpdateSecret calls during the selected time range.

View Vault Resource Metrics Using the Console

Use the Console to view vault metric charts for master encryption keys and secrets.

To view default metric charts for a single master encryption key
  1. Open the navigation menu, click Identity & Security, and then click Vault.
  2. Click a vault to view the resources it contains.
  3. Click a key name to view its details.
  4. Under Resources, click Metrics.

For more information about monitoring metrics and using alarms, see Monitoring. For information about notifications for alarms, see Notifications.

To view default metric charts for multiple master encryption keys
  1. Open the navigation menu and click Observability & Management. Under Monitoring, click Service Metrics.
  2. For Compartment, select the compartment that contains the master encryption keys that you're interested in.
  3. For Metric namespace, select oci_kms_keys.

    The Service Metrics page dynamically updates the page to show charts for each metric that is emitted by the selected metric namespace.

Tip

If there are multiple master encryption keys in the compartment, the charts default to show a separate line for each master encryption key. You can instead show a single line aggregated across all master encryption keys in the compartment by selecting the Aggregate Metric Streams check box.

For more information about monitoring metrics and using alarms, see Monitoring. For information about notifications for alarms, see Notifications.

To view default metric charts for a single secret
  1. Open the navigation menu, click Identity & Security, and then click Vault.
  2. Click a vault to view the resources it contains.
  3. Click Secrets.
  4. Click a secret name to view its details.
  5. Under Resources, click Metrics.

For more information about monitoring metrics and using alarms, see Monitoring. For information about notifications for alarms, see Notifications.

To view default metric charts for multiple secrets
  1. Open the navigation menu and click Observability & Management. Under Monitoring, click Service Metrics.
  2. For Compartment, select the compartment that contains the secrets that you're interested in.
  3. For Metric namespace, select oci_secrets.

    The Service Metrics page dynamically updates the page to show charts for each metric that is emitted by the selected metric namespace.

Tip

If there are multiple secrets in the compartment, the charts default to show a separate line for each secret. You can instead show a single line aggregated across all secrets in the compartment by selecting the Aggregate Metric Streams check box.

For more information about monitoring metrics and using alarms, see Monitoring. For information about notifications for alarms, see Notifications.