Find sizes of mounted vault secrets engine paths


There is a vault cluster running with a consul cluster as the storage backend. The vault cluster have a few secrets engine types(pki, kv-2, etc) mounted at different paths.

Gradually, there are more and more secrets accumulated on the vault cluster, and takes longer time to backup daily,

Is there any way to find out where the big ticket secrets are stored on which paths? Say, run a few commands to find the size of one particular mounted secrets engine path(s), and at different hierarchy inside a mounted path,

For mounted vault PKI secret engine path, does the engine save a copy private/public keypairs in the vault cluster, or it only creates and then forgets.

If the generated public/private keypairs are still stored on vault cluster, then there might have to purge expired ones periodically, Thanks,