platforms: - type: GCE launch_stage: GA install_documentation_url: https://cloud.google.com/stackdriver/docs/solutions/agents/ops-agent/third-party/vault agent_requirement: logs_minimum_supported_version: major: 2 minor: 18 patch: 1 metrics_minimum_supported_version: major: 2 minor: 18 patch: 2 detections: - characteristic_log: log_name_regex: vault - characteristic_metric: metric_type: workload.googleapis.com/vault.memory.usage default_logs: - name: vault_audit fields: - name: jsonPayload.auth type: struct description: '' - name: jsonPayload.request type: struct description: '' - name: jsonPayload.response type: struct description: '' - name: jsonPayload.auth.token_type type: string description: '' - name: jsonPayload.request.namespace.id type: string description: '' - name: jsonPayload.request.path type: string description: The requested Vault path for operation. - name: jsonPayload.request.operation type: string description: 'This is the type of operation which corresponds to path capabilities and is expected to be one of: `create`, `read`, `update`, `delete`, or `list`.' - name: jsonPayload.type type: string description: The type of audit log. - name: jsonPayload.error type: string description: If an error occurred with the request, the error message is included in this field's value. - name: jsonPayload.auth.client_token type: string description: This is an HMAC of the client's token ID. - name: jsonPayload.auth.accessor type: string description: This is an HMAC of the client token accessor. - name: jsonPayload.auth.display_name type: string description: This is the display name set by the auth method role or explicitly at secret creation time. - name: jsonPayload.auth.policies type: object description: This will contain a list of policies associated with the client_token. - name: jsonPayload.auth.metadata type: object description: This will contain a list of metadata key/value pairs associated with the client_token. - name: jsonPayload.auth.entity_id type: string description: This is a token entity identifier. - name: jsonPayload.request.id type: string description: This is the unique request identifier. - name: jsonPayload.request.client_token type: string description: This is an HMAC of the client's token ID. - name: jsonPayload.request.client_token_accessor type: string description: This is an HMAC of the client token accessor. - name: jsonPayload.request.data type: object description: The data object will contain secret data in key/value pairs. - name: jsonPayload.request.policy_override type: boolean description: This is `true` when a soft-mandatory policy override was requested. - name: jsonPayload.request.remote_address type: string description: The IP address of the client making the request. - name: jsonPayload.request.wrap_ttl type: string description: If the token is wrapped, this displays configured wrapped TTL value as numeric string. - name: jsonPayload.request.headers type: object description: Additional HTTP headers specified by the client as part of the request. - name: jsonPayload.response.data.creation_time type: string description: RFC 3339 format timestamp of the token's creation. - name: jsonPayload.response.data.creation_ttl type: string description: Token creation TTL in seconds. - name: jsonPayload.response.data.expire_time type: string description: RFC 3339 format timestamp representing the moment this token will expire. - name: jsonPayload.response.data.explicit_max_ttl type: string description: Explicit token maximum TTL value as seconds ("0" when not set). - name: jsonPayload.response.data.issue_time type: string description: RFC 3339 format timestamp. - name: jsonPayload.response.data.num_uses type: number description: If the token is limited to a number of uses, that value will be represented here. - name: jsonPayload.response.data.orphan type: boolean description: Boolean value representing whether the token is an orphan. - name: jsonPayload.response.data.renewable type: boolean description: Boolean value representing whether the token is an orphan. - name: jsonPayload.response.data.id type: string description: This is the unique response identifier. - name: jsonPayload.response.data.path type: string description: The requested Vault path for operation. - name: jsonPayload.response.data.policies type: object description: This will contain a list of policies associated with the client_token. - name: jsonPayload.response.data.accessor type: string description: This is an HMAC of the client token accessor. - name: jsonPayload.response.data.display_name type: string description: This is the display name set by the auth method role or explicitly at secret creation time. - name: jsonPayload.response.data.entity_id type: string description: This is a token entity identifier. - name: severity type: string description: '' default_metrics: - name: workload.googleapis.com/vault.core.request.count value_type: INT64 kind: GAUGE labels: - cluster - name: workload.googleapis.com/vault.core.leader.duration value_type: DOUBLE kind: GAUGE labels: [] - name: workload.googleapis.com/vault.token.lease.count value_type: INT64 kind: GAUGE labels: [] - name: workload.googleapis.com/vault.token.count value_type: INT64 kind: GAUGE labels: - cluster - namespace - name: workload.googleapis.com/vault.token.revoke.time value_type: INT64 kind: GAUGE labels: [] - name: workload.googleapis.com/vault.token.renew.time value_type: INT64 kind: GAUGE labels: [] - name: workload.googleapis.com/vault.audit.request.failed value_type: INT64 kind: CUMULATIVE labels: [] - name: workload.googleapis.com/vault.audit.response.failed value_type: INT64 kind: CUMULATIVE labels: [] - name: workload.googleapis.com/vault.memory.usage value_type: DOUBLE kind: GAUGE labels: [] - name: workload.googleapis.com/vault.storage.operation.put.time value_type: DOUBLE kind: CUMULATIVE labels: - storage - name: workload.googleapis.com/vault.storage.operation.delete.time value_type: DOUBLE kind: CUMULATIVE labels: - storage - name: workload.googleapis.com/vault.storage.operation.list.time value_type: DOUBLE kind: CUMULATIVE labels: - storage - name: workload.googleapis.com/vault.storage.operation.get.time value_type: DOUBLE kind: CUMULATIVE labels: - storage - name: workload.googleapis.com/vault.storage.operation.put.count value_type: INT64 kind: CUMULATIVE labels: - storage - name: workload.googleapis.com/vault.storage.operation.delete.count value_type: INT64 kind: CUMULATIVE labels: - storage - name: workload.googleapis.com/vault.storage.operation.list.count value_type: INT64 kind: CUMULATIVE labels: - storage - name: workload.googleapis.com/vault.storage.operation.get.count value_type: INT64 kind: CUMULATIVE labels: - storage