hello, I’m trying to understand what are vault_token_create_count
and vault_token_store_count, and I can’t find an explanation.
we are monitoring Vault with Prometheus and found this rule:
- alert: VaultTooManyPendingTokens
expr: avg(vault_token_create_count - vault_token_store_count) > 0
and we are getting this alert: VaultTooManyPendingTokens
should it even be monitored?
thanks
No, this is not a sensible thing to monitor.
First, vault_token_store_count monitors many kinds of token store operations, not just the ones resulting from initial token creation.
Second, averaging this expression over all label sets doesn’t make sense.
I’ve just come across this with the following situation:
vault_token_create_count{container="vault", ...} 2
vault_token_store_count{container="vault", ...} 1
How to interpret those values? I created two periodic service tokens just recently - does this indicate any sort of (internal) issues with persisting those tokens?