vault icon indicating copy to clipboard operation
vault copied to clipboard
verified publisher icon hashicorp

Unable to ascertain `vault agent` authentication status from metrics

Open markafarrell opened this issue 1 year ago • 2 comments

Is your feature request related to a problem? Please describe. Currently vault agent only exposes counters for authentication failures and successes. It does not expose a metric to tell you the current state of authentication (i.e. vault agent has successfully authenticated and has a valid token or vault agent has been unable to authenticate and does not have a valid token).

Describe the solution you'd like It would be good to expose a gauge (vault.agent.auth.authenticated) that is set to 1 if vault agent has a valid token or 0 if it does not. This metric could then be used for alerting to act if vault agent does not have a valid token.

Describe alternatives you've considered Currently this can be done in a round about way for looking at the value of vault.agent.auth.failure and vault.agent.auth.success in a sliding window, however, it would be nicer if there was a single metric that told you the current status of vault agent authentication.

markafarrell avatar Apr 21 '24 23:04 markafarrell

HI @markafarrell, thank you so much for raising this and for submitting your PR? I wonder if instead of adding a new metric, the server logs would be helpful? See https://github.com/hashicorp/vault/blob/main/command/agentproxyshared/auth/auth.go#L480

divyaac avatar Apr 22 '24 20:04 divyaac

@divyaac See https://github.com/hashicorp/vault/pull/26570#issuecomment-2070976839

markafarrell avatar Apr 29 '24 02:04 markafarrell