Monitoring Vault Resources

Monitor vault management resources using metrics, alarms, and notifications.

For more information, see Monitoring and Notifications.

Overview of the Vault Metrics

Vault service helps you measure the success and error count of cryptographic operations on keys and the success and error count of HTTP responses to get, create, and update (getSecretBundle, listSecretBundleVersions, createSecret, and updateSecret) operations during the selected time range. You can use metrics data to diagnose and troubleshoot problems with keys and secrets.

To view a default set of metrics charts in the Console, navigate to the key or secret that you're interested in, and then click Metrics. You also can use the Monitoring service to create custom queries. See Building Metric Queries.

Prerequisites

IAM policies: To monitor resources, you must have the required type of access in a policy  written by an administrator, whether you're using the Console or the REST API with an SDK, CLI, or other tool. The policy must give you access to the monitoring services as well as the resources being monitored. If you try to perform an action and get a message that you don’t have permission or are unauthorized, confirm with your administrator the type of access you have and which compartment  you should work in. For more information about user authorizations for monitoring, see IAM Policies (Monitoring).

Available Metrics: oci_kms_keys

The metrics listed in the following table are automatically available for any master encryption keys that you create. You do not need to enable monitoring on the resource to get these metrics.

Vault service metrics for keys include the following dimensions :
RESOURCEDISPLAYNAME
The friendly name of the resource to which the metrics apply.
RESOURCEID
The OCID  of the resource to which the metrics apply.
RESPONSECODE
The HTTP response code to the cryptographic operation to which the metrics apply.
Metric Metric Display Name Unit Description Dimensions
EncryptResponseCount Encrypt Response Count

count

HTTP responses received by the service for Encrypt calls.

resourceDisplayName

resourceId

responseCode

DecryptResponseCount Decrypt Response Count

count

HTTP responses received by the service for Decrypt calls.

GenerateDataEncryptionKeyResponseCount GenerateDataEncryptionKey Response Count

count

HTTP responses received by the service for GenerateDataEncryptionKey calls.

Available Metrics: oci_secrets

The metrics listed in the following table are automatically available for any secrets that you create. You do not need to enable monitoring on the resource to get these metrics.

Vault service metrics for secrets include the following dimensions :
DISPLAYNAME
The friendly name of the resource to which the metrics apply.
RESOURCEID
The OCID  of the resource to which the metrics apply.
RESPONSECODE
The HTTP response code to the operation to which the metrics apply.
Metric Metric Display Name Unit Description Dimensions
GetSecretBundle GetSecretBundle

count

HTTP responses received by the service for GetSecretBundle calls during the selected time range.

displayName

resourceId

responseCode

ListSecretBundleVersions ListSecretBundleVersions

count

HTTP responses received by the service for ListSecretBundleVersions calls during the selected time range.

CreateSecret CreateSecret

count

HTTP responses received by the service for CreateSecret calls during the selected time range.

UpdateSecret UpdateSecret

count

HTTP responses received by the service for UpdateSecret calls during the selected time range.