Products & Technology

HCP Vault Adds 3 New Observability Integrations

New integrations with Datadog, Grafana Cloud, and Splunk offer pre-built dashboards for usage and performance monitoring in HCP Vault.

Nov 02 2021Michelle Peot, Megan LaFlamme

For organizations across the globe, monitoring activity logs, usage, and performance metrics is critical to governance programs, development, and business operations.

HashiCorp Cloud Platform (HCP) Vault now lets customers seamlessly integrate HCP Vault audit logs and metrics from their production-grade clusters with industry-standard observability SaaS platforms such as Datadog, Grafana Cloud (hosted Grafana and Loki), and Splunk. Along with these core integrations, HashiCorp offers pre-built metrics dashboards to accelerate the ability to track critical usage and performance metrics. And we’re planning to add more integrations in the coming months.

HCP Vault observability provider integration menu for easy setup.

HCP Vault has an observability provider integration menu for easy setup.

»Sample Use Cases and Metrics

These turnkey log and metrics integrations allow customers to enhance security operations, plan for sufficient infrastructure capacity, and identify opportunities to optimize usage patterns for cost savings. Examples include:

Identification of suspicious usage patterns: By tracking steady-state usage patterns, anomalies like tokens with unexpectedly long TTLs, unexplained spikes in new admin tokens, or unusual policy creation behaviors can be quickly identified, investigated, and remediated. These same metrics and events provide insights into opportunities to harden internal security practices.
Capacity planning: Latency metrics for key Vault operations, like token revoke and renew latencies, as well as the comparison of Vault usage trends to host performance metrics can inform whether the cluster needs to be resized to meet anticipated demand.
Cost optimization: Client count can impact cost. Identifying the infrastructure and organizational sources of tokens can help drive client reduction efforts, for example through the use of entity aliases.

For a full list of monitoring telemetry and audit device logs for HCP Vault, check out Vault’s cloud monitoring documentation.

»Sources of Data

Today, there are two core data sources from HCP Vault that improve visibility into events, performance, and usage:

HCP Vault audit logs now contain every request and response payload handled by Vault for a detailed history of how Vault has been used. Prior to audit log streaming support, customers could download only an hour of Vault audit logs at a time. See the documentation for details on how to configure Vault to stream audit logs to your existing Datadog, Grafana Cloud, or Splunk account.
HCP Vault metrics are a combination of Vault usage and performance metrics from the Vault /v1/sys/metrics endpoint and host performance metrics. The metrics are scoped to best practice, user actionable information in a managed service context. See the HCP Vault Metrics Guide for a full list of exported metrics and how to use them. For instructions on configuration metrics streaming to your existing Datadog, Grafana Cloud, or Splunk account, see the documentation.

»Getting Started with HCP Vault and Observability

The following tutorials will help you get started on HCP Vault real-time observability:

An overview of Vault metrics:
- HCP Vault Metrics Guide
Setting up an integration and destination for Vault metrics:
Setting up an integration and destination for audit logs:

»Sample Dashboards

To jumpstart the HCP Vault monitoring experience, we’ve created sample metrics dashboards for each of the three observability vendors:

»Try HCP Vault

As a fully managed service, HCP Vault is the easiest way to keep secrets and application data secure, including API keys, passwords, or certificates. For more information about HCP Vault and pricing, please visit our product page or sign up today through the HCP portal.

HCP