Skip to content

vdbulcke/vault-token-monitor

Repository files navigation

Vault Token Monitoring Server

vault-token-monitor is a monitoring server that can expose your Vault accessor tokens TTL as prometheus metrics where you can build dashboards and alert policies.

Moreover vault-token-monitor can also auto-renew token when the TTL is bellowed configurable thresholds.

Features

  • Lookup and expose Vault token TTL as prometheus metrics
  • Auto Renew tokens when TTL is below threshold
  • Sample Grafana Dashboards

Changelog

Install

Follow install doc to install binaries.

Docker images can be found on ghcr.io/vdbulcke/vault-token-monitor

Validate Signature With Cosign

Make sure you have cosign installed locally (see Cosign Install).

Then you can use the ./verify_signature.sh in this repo:

./verify_signature.sh PATH_TO_DOWNLOADED_ARCHIVE TAG_VERSION

for example

$ ./verify_signature.sh  ~/Downloads/vault-token-monitor_0.2.0_Linux_x86_64.tar.gz v0.2.0

Checking Signature for version: v0.2.0
Verified OK

Run

vault-token-monitor server --config example/lab.yaml

Documentation

Full documentation can be found here

See CLI documentation here.