Export Hashicorp Vault health to Prometheus.
To run it:
make
./vault_exporter [flags]| Metric | Meaning | Labels |
|---|---|---|
| vault_up | Was the last query of Vault successful, | |
| vault_initialized | Is the Vault initialised (according to this node). | |
| vault_sealed | Is the Vault node sealed. | |
| vault_standby | Is this Vault node in standby. | |
| vault_replication_dr_primary | Is this Vault node a primary disaster recovery replica. | |
| vault_replication_dr_secondary | Is this Vault node a secondary disaster recovery replica. | |
| vault_replication_performance_primary | Is this Vault node a primary performance replica. | |
| vault_replication_performance_secondary | Is this Vault node a secondary performance replica. | |
| vault_info | Various info about the Vault node. | version, cluster_name, cluster_id |
./vault_exporter --helpvault-tls-cacert: The path to a PEM-encoded CA cert file to use to verify the Vault server SSL certificate.vault-tls-client-cert: The path to the certificate for Vault communication.vault-tls-client-key: The path to the private key for Vault communication.insecure-ssl: Set SSL to ignore certificate validation.log.format: Set the log target and format. Example:logger:syslog?appname=bob&local=7orlogger:stdout?json=truelog.level: Logging level.infoby default.version: Show application version.web.listen-address: Address to listen on for web interface and telemetry.web.telemetry-path: Path under which to expose metrics.
The vault_exporter supports all environment variables provided by the official
vault/api package,
including VAULT_TOKEN to set the Auth token.
Is my Vault sealed?
vault_sealed != 0
Is my Vault Up?
vault_up != 0
You can deploy this exporter using the damoun/vault-exporter Docker image.
For example:
docker pull damoun/vault-exporter
docker run -d -p 9410:9410 \
--env VAULT_ADDR=http://127.0.0.1:8200 \
damoun/vault-exporter