This is a popular topic lately. 
I haven’t worked with Prometheus yet, but, as I suggested in a previous post, Telegraf provides some straightforward options; I can’t imagine Prometheus wouldn’t be able to do something similar. And then you could write alerting in Grafana, as you say.
Someone specifically suggested that Vault ought to expose this sort of information through its API; you might want to weigh in there as well.