groups:

- name: EmbeddedExporter

  
  rules:

    - alert: VaultSealed
      expr: 'vault_core_unsealed == 0'
      for: 1m
      labels:
        severity: critical
      annotations:
        summary: Vault sealed (instance {{ $labels.instance }})
        description: "Vault instance is sealed on {{ $labels.instance }}\n  VALUE = {{ $value }}\n  LABELS = {{ $labels }}"

    - alert: VaultTooManyPendingTokens
      expr: 'avg(vault_token_create_count - vault_token_store_count) > 0'
      for: 5m
      labels:
        severity: warning
      annotations:
        summary: Vault too many pending tokens (instance {{ $labels.instance }})
        description: "Too many pending tokens on {{ $labels.instance }}: {{ $value }} tokens created but not yet stored.\n  VALUE = {{ $value }}\n  LABELS = {{ $labels }}"

    - alert: VaultTooManyInfinityTokens
      expr: 'vault_token_count_by_ttl{creation_ttl="+Inf"} > 3'
      for: 5m
      labels:
        severity: warning
      annotations:
        summary: Vault too many infinity tokens (instance {{ $labels.instance }})
        description: "Too many non-expiring tokens on {{ $labels.instance }}: {{ $value }} tokens with infinite TTL.\n  VALUE = {{ $value }}\n  LABELS = {{ $labels }}"

    - alert: VaultClusterHealth
      expr: 'sum(vault_core_active) / count(vault_core_active) <= 0.5 and count(vault_core_active) > 0'
      for: 0m
      labels:
        severity: critical
      annotations:
        summary: Vault cluster health (instance {{ $labels.instance }})
        description: "Vault cluster is not healthy: only {{ $value | humanizePercentage }} of nodes are active.\n  VALUE = {{ $value }}\n  LABELS = {{ $labels }}"