From 3ad2646b04ae8d9341076d409c4c60c8269ed1fe Mon Sep 17 00:00:00 2001
From: Igor Churmeev <ichurmeev@makezbs.com>
Date: Thu, 12 Aug 2021 12:03:41 +0300
Subject: [PATCH] Add alerts for Hashicorp Vault

Signed-off-by: Igor Churmeev <ichurmeev@makezbs.com>
---
 _data/rules.yml | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/_data/rules.yml b/_data/rules.yml
index 99f566d..1a88748 100644
--- a/_data/rules.yml
+++ b/_data/rules.yml
@@ -1984,6 +1984,30 @@ groups:
                 severity: critical
                 for: 5m
 
+      - name: Hashicorp Vault
+        exporters:
+          - name: Embedded exporter
+            doc_url: https://github.com/hashicorp/vault/blob/master/website/content/docs/configuration/telemetry.mdx#prometheus
+            rules:
+              - name: Vault down
+                description: Vault instance is down on {{ $labels.instance }}
+                query: 'up{job="vault"} == 0'
+                severity: critical
+              - name: Vault sealed
+                description: 'Vault instance is sealed on {{ $labels.instance }}'
+                query: 'vault_core_unsealed == 0'
+                severity: critical
+              - name: Vault too many pending tokens
+                description: 'Too many pending tokens {{ $labels.instance }}: {{ $value | printf "%.2f"}}%'
+                query: 'avg(vault_token_create_count - vault_token_store_count) > 0'
+                severity: warning
+                for: 5m
+              - name: Vault too many infinity tokens
+                description: 'Too many infinity tokens {{ $labels.instance }}: {{ $value | printf "%.2f"}}%'
+                query: 'vault_token_count_by_ttl{creation_ttl="+Inf"} > 3'
+                severity: warning
+                for: 5m
+
   - name: Other
     services:
       - name: Thanos