HCP Vault Adds 3 New Observability Integrations
New integrations with Datadog, Grafana Cloud, and Splunk offer pre-built dashboards for usage and performance monitoring in HCP Vault.
For organizations across the globe, monitoring activity logs, usage, and performance metrics is critical to governance programs, development, and business operations.
HashiCorp Cloud Platform (HCP) Vault now lets customers seamlessly integrate HCP Vault audit logs and metrics from their production-grade clusters with industry-standard observability SaaS platforms such as Datadog, Grafana Cloud (hosted Grafana and Loki), and Splunk. Along with these core integrations, HashiCorp offers pre-built metrics dashboards to accelerate the ability to track critical usage and performance metrics. And we’re planning to add more integrations in the coming months.
HCP Vault has an observability provider integration menu for easy setup.
» Sample Use Cases and Metrics
These turnkey log and metrics integrations allow customers to enhance security operations, plan for sufficient infrastructure capacity, and identify opportunities to optimize usage patterns for cost savings. Examples include:
- Identification of suspicious usage patterns: By tracking steady-state usage patterns, anomalies like tokens with unexpectedly long TTLs, unexplained spikes in new admin tokens, or unusual policy creation behaviors can be quickly identified, investigated, and remediated. These same metrics and events provide insights into opportunities to harden internal security practices.
- Capacity planning: Latency metrics for key Vault operations, like token revoke and renew latencies, as well as the comparison of Vault usage trends to host performance metrics can inform whether the cluster needs to be resized to meet anticipated demand.
- Cost optimization: Client count can impact cost. Identifying the infrastructure and organizational sources of tokens can help drive client reduction efforts, for example through the use of entity aliases.
For a full list of monitoring telemetry and audit device logs for HCP Vault, check out Vault’s cloud monitoring documentation.
» Sources of Data
Today, there are two core data sources from HCP Vault that improve visibility into events, performance, and usage:
- HCP Vault audit logs now contain every request and response payload handled by Vault for a detailed history of how Vault has been used. Prior to audit log streaming support, customers could download only an hour of Vault audit logs at a time. See the documentation for details on how to configure Vault to stream audit logs to your existing Datadog, Grafana Cloud, or Splunk account.
- HCP Vault metrics are a combination of Vault usage and performance metrics from the Vault /v1/sys/metrics endpoint and host performance metrics. The metrics are scoped to best practice, user actionable information in a managed service context. See the HCP Vault Metrics Guide for a full list of exported metrics and how to use them. For instructions on configuration metrics streaming to your existing Datadog, Grafana Cloud, or Splunk account, see the documentation.
» Getting Started with HCP Vault and Observability
The following tutorials will help you get started on HCP Vault real-time observability:
- An overview of Vault metrics:
- Setting up an integration and destination for Vault metrics:
- Setting up an integration and destination for audit logs:
» Sample Dashboards
To jumpstart the HCP Vault monitoring experience, we’ve created sample metrics dashboards for each of the three observability vendors:
» Datadog
HCP Vault pre-built dashboard for Datadog.
» Grafana Cloud
HCP Vault pre-built dashboard for Grafana Cloud.
» Splunk
HCP Vault pre-built dashboard for Splunk.
» Try HCP Vault
As a fully managed service, HCP Vault is the easiest way to keep secrets and application data secure, including API keys, passwords, or certificates. For more information about HCP Vault and pricing, please visit our product page or sign up today through the HCP portal.
Sign up for the latest HashiCorp news
More blog posts like this one
HashiCorp at re:Invent 2024: Security Lifecycle Management with AWS
A recap of HashiCorp security news and developments on AWS from the past year, for your security management playbook.
HCP Vault Dedicated adds secrets sync, cross-region DR, EST PKI, and more
The newest HCP Vault Dedicated 1.18 upgrade includes a range of new features that include expanding DR region coverage, syncing secrets across providers, and adding PKI EST among other key features.
Fix the developers vs. security conflict by shifting further left
Resolve the friction between dev and security teams with platform-led workflows that make cloud security seamless and scalable.