OCI Vault monitoring
OCI Vault is a managed service in Oracle Cloud Infrastructure (OCI) that helps you store and manage sensitive data such as encryption keys and secrets. It supports centralized key management, secure secret storage, and tight access control using OCI policies and IAM.
Overview
As more applications rely on encrypted data and managed secrets, issues like expired keys, disabled vaults, or failed secret access can directly impact application availability and security. Native visibility is limited to the OCI console, which makes it hard to track health issues alongside the rest of your cloud stack.
Site24x7’s OCI Vault integration collects all these resources in a single place for seamless monitoring. It helps you track the status and usage of vaults, keys, and secrets, and spot risks early before they affect workloads.
This integration includes three dedicated monitors.
- OCI Vault: The OCI Vault monitor tracks the overall health and configuration of OCI vaults. It helps you ensure vaults are active, accessible, and correctly set up. You can monitor vault life cycle state and detect changes that could impact key and secret availability.
- OCI Keys: The Keys monitor focuses on cryptographic keys stored within a vault. It provides visibility into key states and management actions. This helps you identify disabled or deleted keys and reduce the risk of encryption or decryption failures in dependent services.
- OCI Secrets: The Secrets monitor tracks secrets stored in OCI vaults, such as passwords, tokens, or API keys. It helps you verify that secrets are available and properly managed, and supports monitoring of secret life cycle states to avoid application authentication issues.
Use cases
- In a production OCI environment, a team runs several customer-facing applications that rely on secrets stored in OCI Vault for database credentials and API tokens. When a secret is accidentally disabled during a routine update, the application starts failing authentication requests. With Site24x7’s OCI Vault integration, the team can quickly see the secret’s status change, correlate it with the spike in application errors, and restore access before users are impacted for long.
- In another scenario, a security team manages encryption keys used by multiple OCI services such as databases and object storage. A key that is scheduled for rotation gets disabled due to a policy change. Site24x7 helps the team track key states across compartments, reducing the risk of unexpected encryption or decryption failures and ensuring services continue to function as expected.
- For organizations operating at scale, vaults are often spread across regions and compartments. An operations team uses Site24x7 to monitor vault availability and configuration changes from a single dashboard. This makes it easier to detect inactive vaults, respond to access issues, and maintain consistent security posture without relying solely on manual checks in the OCI console.
Benefits of Site24x7’s OCI Vault integration
Site24x7's integration with OCI Vault provides you with:
- Central visibility of vaults, keys, and secrets in one place.
- Early detection of misconfigurations or inactive resources.
- Reduced risk of application failures due to unavailable keys or secrets.
- Better alignment between security operations and cloud monitoring.
- Faster troubleshooting by correlating vault issues with other OCI services.
Setup and configuration
- Site24x7 uses cross-tenancy access to monitor your resources using Site24x7's tenancy user. Log in to your Site24x7 account and create a specific policy to allow Site24x7 to view your resources without affecting your security.
- On the Integrate OCI Monitor page, select OCI Vault from the Services to be discovered list.
Permissions
Ensure that Site24x7 receives the following permissions to monitor the OCI Vault:
- read vaults
- read keys
- read secret-bundles
- read secret-family
Polling frequency
Site24x7 queries OCI service-level APIs according to the set polling frequency (from once a minute to once a day) to collect metrics from an OCI Vault monitor.
Supported metrics
The supported metrics for an OCI Vault monitor are provided below.
OCI Vault
| Metric name | Description | Statistics | Unit |
|---|---|---|---|
| Create Secret | Total number of secret creation operations initiated in the vault. Tracks overall secret provisioning activity. | Sum | Count |
| Create Secret Status Success | Number of successful secret creation operations. Indicates successful secret provisioning with an HTTP 200 response code. | Sum | Count |
| Get Secret Bundle | Number of requests to retrieve a complete secret bundle, including metadata and secret content from the vault. Essential for tracking secret access patterns. | Sum | Count |
| Get Secret Bundle By Name | Number of requests to retrieve a secret bundle using the secret name rather than OCID. Useful for tracking name-based secret access. | Sum | Count |
| List Secret Bundle Versions | Number of requests to list all versions of a secret bundle. Important for version management and audit tracking. | Sum | Count |
| Update Secret | Total number of secret update operations across the vault. Tracks secret modification activity. | Sum | Count |
| Update Secret Status Success | Number of successful secret update operations with an HTTP 200 response code. Key indicator of a successful secret modification. | Sum | Count |
| Replicate Secret | Number of secret replication operations to target regions. Critical for tracking cross-region secret distribution. | Sum | Count |
| Replicate Secret Status Success | Number of successful secret replication operations with an HTTP 200 response code. Indicates successful cross-region replication. | Sum | Count |
| Update Replication Status | Number of successful replication status update operations. Tracks changes to replication configuration with an HTTP 200 response code. | Sum | Count |
| Scheduled Time of Deletion | Time remaining until scheduled deletion of vault resources. Important for deletion life cycle tracking and preventing accidental data loss. | Average | Minutes
Note: Unit conversion is supported for this metric, i.e., you can change the metric value unit while configuring thresholds. |
OCI Keys
| Metric name | Description | Statistics | Unit |
|---|---|---|---|
| Scheduled Time of Deletion | Time remaining until scheduled deletion of the encryption key. | Average | Minutes
Note: Unit conversion is supported for this metric, i.e., you can change the metric value unit while configuring thresholds. |
OCI Secrets
| Metric name | Description | Statistics | Unit |
|---|---|---|---|
| Get Secret Bundle | Number of requests to retrieve the complete secret bundle for the specific secret. Essential for tracking individual secret access. | Sum | Count |
| Get Secret Bundle By Name | Number of requests to retrieve the specific secret bundle using its name. Tracks name-based access to individual secrets. | Sum | Count |
| List Secret Bundle Versions | Number of requests to list all versions for the specific secret. Important for version tracking and audit purposes. | Sum | Count |
| Update Secret | Total number of update operations for the specific secret. Tracks modification frequency for individual secrets. | Sum | Count |
| Update Secret Status Success | Number of successful update operations for the specific secret with an HTTP 200 response code. Key health indicator for secret modifications. | Sum | Count |
| Scheduled Time of Deletion | Time remaining until scheduled deletion of the specific secret. Critical for life cycle management and preventing unintended deletions. | Average | Minutes
Note: Unit conversion is supported for this metric, i.e., you can change the metric value unit while configuring thresholds. |
Threshold configuration
To configure thresholds for an OCI Vault monitor:
- Log in to your Site24x7 account and navigate to Admin > Configuration Profiles > Threshold and Availability.
- Click Add Threshold Profile.
- Select OCI Vault, OCI Keys, or OCI Secrets from the Monitor Type drop-down menu and provide an appropriate name in the Display Name field.
- The supported metrics are displayed in the Threshold Configuration section. You can set threshold values for all the metrics mentioned above.
- Click Save.
Licensing
- Each OCI Vault monitor utilizes one basic monitor license.
- OCI Keys monitors are free.
- For the OCI Secrets monitor, five monitors utilize one basic monitor license.
Viewing OCI Vault data
To monitor your Object Storage environment, log in to your Site24x7 account and navigate to Cloud > OCI > OCI Vault.
Monitor data
OCI Vault
The monitor data for the OCI Vault monitor is given below.
Summary
The Summary tab provides a comprehensive overview of the events timeline and metrics, presenting insightful charts that shed light on the performance of the OCI Vault monitor.
Keys
The Keys tab provides a list of all OCI Keys monitors associated with Vault monitors. Click the desired monitor name to view the OCI Keys monitor data.
Secrets
The Secrets tab provides a list of all OCI Secrets monitors associated with Vault monitors. Click the desired monitor name to view the OCI Secrets monitor data.
Configuration
The Configuration tab summarizes essential details of the monitor, including its Name, State, Vault OCID, Created Time, and other configuration details.
Zia Forecast
The Zia Forecast tab displays the forecast chart with future points of a performance metric (measurement of resource usage) based on historical time series data. Historical data of the past 30 days is used to predict what your metric usage will be in the next seven days.
Outages
The Outages tab provides details on an outage's Start Time, End Time, Duration, and Comments, if any.
Notes
Obtain details like Type, Region, Monitor Licensing Category, and much more from the Notes tab. The Threshold and Availability Profile and the Notification Profile can be set according to the user and viewed in this tab.
Log Report
The Log Report tab provides a consolidated report of the OCI Vault monitor's log status, which can be downloaded as a CSV file.
Alert Logs
The Alert Logs tab displays a chronological list of all triggered alerts related to the OCI Vault monitor. This tab helps you trace alert history and severity to assess issues and validate threshold settings.
OCI Keys
The monitor data for the OCI Keys monitor is given below.
Summary
The Summary tab provides a comprehensive overview of the events timeline and metrics, presenting insightful charts that shed light on the performance of the OCI Keys monitor.
Version Details
The Version Details tab lists all versions of the Keys monitor along with their life cycle state. It includes details such as version ID, origin, creation time, deletion time, and rotation status.
Configuration
The Configuration tab summarizes essential details of the monitor, including its Name, State, Vault OCID, Created Time, and other configuration details.
Zia Forecast
The Zia Forecast tab displays the forecast chart with future points of a performance metric (measurement of resource usage) based on historical time series data. Historical data of the past 30 days is used to predict what your metric usage will be in the next seven days.
Outages
The Outages tab provides details on an outage's Start Time, End Time, Duration, and Comments, if any.
Notes
Obtain details like Type, Region, Monitor Licensing Category, and much more from the Notes tab. The Threshold and Availability Profile and the Notification Profile can be set according to the user and viewed in this tab.
Log Report
The Log Report tab provides a consolidated report of the OCI Keys monitor's log status, which can be downloaded as a CSV file.
Alert Logs
The Alert Logs tab displays a chronological list of all triggered alerts related to the OCI Keys monitor. This tab helps you trace alert history and severity to assess issues and validate threshold settings.
OCI Secrets
The monitor data for the OCI Secrets monitor is given below.
Summary
The Summary tab provides a comprehensive overview of the events timeline and metrics, presenting insightful charts that shed light on the performance of the OCI Secrets monitor.
Version Details
The Version Details tab lists all versions of the Secrets monitor along with their life cycle state. IT includes details such as version ID, origin, creation time, deletion time, and rotation status.
Configuration
The Configuration tab summarizes essential details of the monitor, including its Name, State, Vault OCID, Created Time, and other configuration details.
Configuration
The Configuration tab summarizes essential details of the monitor, including its Name, State, Vault OCID, Created Time, and other configuration details.
Zia Forecast
The Zia Forecast tab displays the forecast chart with future points of a performance metric (measurement of resource usage) based on historical time series data. Historical data, of up to 30 days, is used to predict what your metric usage will be in the next seven days.
Outages
The Outages tab provides details on an outage's Start Time, End Time, Duration, and Comments, if any.
Notes
Obtain details like Type, Region, Monitor Licensing Category, and much more from the Notes tab. The Threshold and Availability Profile and the Notification Profile can be set according to the user and viewed in this tab.
Log Report
The Log Report tab provides a consolidated report of the OCI Secrets monitor's log status, which can be downloaded as a CSV file.
Alert Logs
The Alert Logs tab displays a chronological list of all triggered alerts related to the OCI Secrets monitor. This tab helps you trace alert history and severity to assess issues and validate threshold settings.
Related topics