From 3612c9cc3ebb13af17c2fe972a176e5026a92f2b Mon Sep 17 00:00:00 2001
From: Igor Churmeev <ingvarch@gmail.com>
Date: Thu, 19 Aug 2021 22:19:43 +0300
Subject: [PATCH] Add alerts for Hashicorp Vault (#238)

Co-authored-by: Samuel Berthe <dev@samuel-berthe.fr>
---
 README.md       |  3 ++-
 _data/rules.yml | 22 +++++++++++++++++++++-
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 0f1562e..a3a11bf 100644
--- a/README.md
+++ b/README.md
@@ -58,7 +58,7 @@ Collection available here: **[https://awesome-prometheus-alerts.grep.to](https:/
 - [Linkerd](https://awesome-prometheus-alerts.grep.to/rules#linkerd)
 - [Istio](https://awesome-prometheus-alerts.grep.to/rules#istio)
 
-#### Network and storage
+#### Network, security and storage
 
 - [Ceph](https://awesome-prometheus-alerts.grep.to/rules#ceph)
 - [ZFS](https://awesome-prometheus-alerts.grep.to/rules#zfs)
@@ -68,6 +68,7 @@ Collection available here: **[https://awesome-prometheus-alerts.grep.to](https:/
 - [Juniper](https://awesome-prometheus-alerts.grep.to/rules#juniper)
 - [CoreDNS](https://awesome-prometheus-alerts.grep.to/rules#coredns)
 - [FreeSwitch](https://awesome-prometheus-alerts.grep.to/rules#freeswitch)
+- [Hashicorp Vault](https://awesome-prometheus-alerts.grep.to/rules#Hashicorp-Vault)
 
 #### Other
 
diff --git a/_data/rules.yml b/_data/rules.yml
index 3123901..88315ce 100644
--- a/_data/rules.yml
+++ b/_data/rules.yml
@@ -1803,7 +1803,7 @@ groups:
                 for: 1m
 
 
-  - name: Network and storage
+  - name: Network, security and storage
     services:
       - name: Ceph
         exporters:
@@ -1984,6 +1984,26 @@ groups:
                 severity: critical
                 for: 5m
 
+      - name: Hashicorp Vault
+        exporters:
+          - name: Embedded exporter
+            doc_url: https://github.com/hashicorp/vault/blob/master/website/content/docs/configuration/telemetry.mdx#prometheus
+            rules:
+              - name: Vault sealed
+                description: 'Vault instance is sealed on {{ $labels.instance }}'
+                query: 'vault_core_unsealed == 0'
+                severity: critical
+              - name: Vault too many pending tokens
+                description: 'Too many pending tokens {{ $labels.instance }}: {{ $value | printf "%.2f"}}%'
+                query: 'avg(vault_token_create_count - vault_token_store_count) > 0'
+                severity: warning
+                for: 5m
+              - name: Vault too many infinity tokens
+                description: 'Too many infinity tokens {{ $labels.instance }}: {{ $value | printf "%.2f"}}%'
+                query: 'vault_token_count_by_ttl{creation_ttl="+Inf"} > 3'
+                severity: warning
+                for: 5m
+
   - name: Other
     services:
       - name: Thanos