Vault PKI CA/SubCA cert expiration monitoring

Hello Folks,

Is there a way, we can monitor the PKI CA/SubCA cert expiration and create an alert in prometheus/grafana chart based on set custom threshold on the same.

I see vault does not provide any metric to monitor a CA cert.

Please do let know.

This is a popular topic lately. :wink: I haven’t worked with Prometheus yet, but, as I suggested in a previous post, Telegraf provides some straightforward options; I can’t imagine Prometheus wouldn’t be able to do something similar. And then you could write alerting in Grafana, as you say.

Someone specifically suggested that Vault ought to expose this sort of information through its API; you might want to weigh in there as well.

1 Like