Unable to ascertain vault agent authentication status from metrics
#26569
Labels
Comments
|
HI @markafarrell, thank you so much for raising this and for submitting your PR? I wonder if instead of adding a new metric, the server logs would be helpful? See https://github.com/hashicorp/vault/blob/main/command/agentproxyshared/auth/auth.go#L480 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Currently
vault agentonly exposes counters for authentication failures and successes. It does not expose a metric to tell you the current state of authentication (i.e.vault agenthas successfully authenticated and has a valid token orvault agenthas been unable to authenticate and does not have a valid token).Describe the solution you'd like
It would be good to expose a gauge (
vault.agent.auth.authenticated) that is set to1ifvault agenthas a valid token or0if it does not.This metric could then be used for alerting to act if
vault agentdoes not have a valid token.Describe alternatives you've considered
Currently this can be done in a round about way for looking at the value of
vault.agent.auth.failureandvault.agent.auth.successin a sliding window, however, it would be nicer if there was a single metric that told you the current status ofvault agentauthentication.The text was updated successfully, but these errors were encountered: