Skip to content

Latest commit

 

History

History
66 lines (50 loc) · 4.25 KB

README.md

File metadata and controls

66 lines (50 loc) · 4.25 KB
Raw

Azure Keyvault Exporter

license DockerHub Quay.io Artifact Hub

Prometheus exporter for Azure KeyVaults which exports general information and dates (created, updated, notBefore, expiry) for secrets, keys and certificates.

Configuration

Usage:
  azure-keyvault-exporter [OPTIONS]

Application Options:
      --log.debug             debug mode [$LOG_DEBUG]
      --log.devel             development mode [$LOG_DEVEL]
      --log.json              Switch log output to json format [$LOG_JSON]
      --azure.environment=    Azure environment name (default: AZUREPUBLICCLOUD) [$AZURE_ENVIRONMENT]
      --azure.subscription=   Azure subscription ID (space delimiter) [$AZURE_SUBSCRIPTION_ID]
      --azure.resource-tag=   Azure Resource tags (space delimiter) (default: owner) [$AZURE_RESOURCE_TAG]
      --keyvault.filter=      Filter KeyVaults via ResourceGraph kusto filter, query: 'resource | ${filter} | project id' [$KEYVAULT_FILTER]
      --keyvault.content.tag= KeyVault content (secret, key, certificates) tags (space delimiter) [$KEYVAULT_CONTENT_TAG]
      --cache.path=           Cache path (to folder, file://path... or azblob://storageaccount.blob.core.windows.net/containername)
                              [$CACHE_PATH]
      --scrape.time=          Default scrape time (time.duration) (default: 5m) [$SCRAPE_TIME]
      --scrape.concurrency=   Defines who many Keyvaults can be scraped at the same time (default: 10) [$SCRAPE_CONCURRENCY]
      --server.bind=          Server address (default: :8080) [$SERVER_BIND]
      --server.timeout.read=  Server read timeout (default: 5s) [$SERVER_TIMEOUT_READ]
      --server.timeout.write= Server write timeout (default: 10s) [$SERVER_TIMEOUT_WRITE]

Help Options:
  -h, --help                  Show this help message

for Azure API authentication (using ENV vars) see following documentations:

Metrics

Metric Description
azurerm_keyvault_info Azure KeyVault information
azurerm_keyvault_status Azure KeyVault status information (eg. if accessable from exporter)
azurerm_keyvault_entries Count of entries (seperated by type) inside Azure KeyVault
azurerm_keyvault_key_info General inforamtions about keys
azurerm_keyvault_key_status Status information (notBefore & expiry date)
azurerm_keyvault_secret_info General inforamtions about secrets
azurerm_keyvault_secret_status Status information (notBefore & expiry date)
azurerm_keyvault_certificate_info General inforamtions about certificate
azurerm_keyvault_certificate_status Status information (notBefore & expiry date)

ResourceTags handling

see armclient tagmanager documentation

AzureTracing metrics

see armclient tracing documentation

Caching

see prometheus collector cache documentation