Oracle Cloud Infrastructure Documentation

Key Management Metrics

You can monitor the usage of your Key Management service master encryption keys by using A measurement related to health, capacity, or performance of a given resource. (Monitoring service). Example: CpuUtilization, The trigger rule and query to evaluate and related configuration, such as notification details to use when the trigger is breached. Alarms passively monitor your cloud resources using metrics in Monitoring., and notifications. For more information, see Monitoring Overview and Notifications Overview.

This topic describes the metrics emitted by the Key Management service in the oci_kms_keys namespace.

Resources: master encryption keys.

Overview of the Key Management Service Metrics

The Key Management service metrics help you measure the success and error count of cryptographic operations. You can use metrics data to diagnose and troubleshoot problems with keys.

To view a default set of metrics charts in the Console, navigate to the key that you're interested in, and then click Metrics. You also can use the Monitoring service to create custom queries.

Prerequisites

IAM policies: To monitor resources, you must be given the required type of access in a An IAM document that specifies who has what type of access to your resources. It is used in different ways: to mean an individual statement written in the policy language; to mean a collection of statements in a single, named "policy" document (which has an Oracle Cloud ID (OCID) assigned to it); and to mean the overall body of policies your organization uses to control access to resources. written by an administrator, whether you're using the Console or the REST API with an SDK, CLI, or other tool. The policy must give you access to the monitoring services as well as the resources being monitored. If you try to perform an action and get a message that you don’t have permission or are unauthorized, confirm with your administrator the type of access you've been granted and which A collection of related resources that can be accessed only by certain groups that have been given permission by an administrator in your organization. you should work in. For more information on user authorizations for monitoring, see the Authentication and Authorization section for the related service: Monitoring or Notifications.

Available Metrics: oci_kms_keys

The metrics listed in the following table are automatically available for any master encryption keys that you create. You do not need to enable monitoring on the resource to get these metrics.

Key Management service metrics for keys include the following A qualifier provided in a metric definition. (Monitoring service.) Example: Resource identifier (resourceId), provided in the definitions of oci_computeagent metrics.:

resourceDisplayName
The friendly name of the resource to which the metrics apply.
resourceId
The An Oracle-assigned unique ID called an Oracle Cloud Identifier (OCID). This ID is included as part of the resource's information in both the Console and API. of the resource to which the metrics apply.
responseCode
The HTTP response code to the cryptographic operation to which the metrics apply.
Metric Metric Display Name Unit Description Dimensions

EncryptResponseCount

Encrypt Response Count

count

HTTP responses received by the service for Encrypt calls.

resourceDisplayName

resourceId

responseCode

DecryptResponseCount

Decrypt
Response Count

count

HTTP responses received by the service for Decrypt calls.

GenerateDataEncryptionKeyResponseCount*

GenerateDataEncryptionKey Response Count

count

HTTP responses received by the service for GenerateDataEncryptionKey calls.

Using the Console

To view default metric charts for a single master encryption key
To view default metric charts for multiple master encryption keys

Using the API

For information about using the API and signing requests, see REST APIs and Security Credentials. For information about SDKs, see Software Development Kits and Command Line Interface.

Use the following APIs for monitoring: