Monitoring intermediate cert expiry using prometheus

Hi Team,

We are using Prometheus to monitor the vault and found that there is no metrics exported by vault to monitor cert expiry.

we managed to monitoring leaf level cert using blackbox-exporter, but facing issue with monitoring of intermediate CA.

What’s the best way to monitor intermediate CA certs using Prometheus.

Bankat Vikhe

That is not really a Vault related question is it?


yeah, I believe it is, why do I want to have some external tool to monitor vault related stuff.

Intermediate CA is configured in vault and certs and all related chain details are in the vault. So I think vault metrics should have at list expiry details of this path.

Anyway I contacted our Hashicorp Support team and so far nothing is available there from vault side to monitor this.

Hope Hashicorp will have this in pipeline and will see this metrix being exposed in near future.