Skip to content

webdevops/azure-keyvault-exporter

BranchesTags

Repository files navigation

Azure Keyvault Exporter

license DockerHub Quay.io Artifact Hub

Prometheus exporter for Azure KeyVaults which exports general information and dates (created, updated, notBefore, expiry) for secrets, keys and certificates.

Configuration

Usage:
  azure-keyvault-exporter [OPTIONS]

Application Options:
      --log.debug             debug mode [$LOG_DEBUG]
      --log.devel             development mode [$LOG_DEVEL]
      --log.json              Switch log output to json format [$LOG_JSON]
      --azure.environment=    Azure environment name (default: AZUREPUBLICCLOUD) [$AZURE_ENVIRONMENT]
      --azure.subscription=   Azure subscription ID (space delimiter) [$AZURE_SUBSCRIPTION_ID]
      --azure.resource-tag=   Azure Resource tags (space delimiter) (default: owner) [$AZURE_RESOURCE_TAG]
      --keyvault.filter=      Filter KeyVaults via ResourceGraph kusto filter, query: 'resource | ${filter} | project id' [$KEYVAULT_FILTER]
      --keyvault.content.tag= KeyVault content (secret, key, certificates) tags (space delimiter) [$KEYVAULT_CONTENT_TAG]
      --cache.path=           Cache path (to folder, file://path... or azblob://storageaccount.blob.core.windows.net/containername)
                              [$CACHE_PATH]
      --scrape.time=          Default scrape time (time.duration) (default: 5m) [$SCRAPE_TIME]
      --scrape.concurrency=   Defines who many Keyvaults can be scraped at the same time (default: 10) [$SCRAPE_CONCURRENCY]
      --server.bind=          Server address (default: :8080) [$SERVER_BIND]
      --server.timeout.read=  Server read timeout (default: 5s) [$SERVER_TIMEOUT_READ]
      --server.timeout.write= Server write timeout (default: 10s) [$SERVER_TIMEOUT_WRITE]

Help Options:
  -h, --help                  Show this help message

for Azure API authentication (using ENV vars) see following documentations:

Metrics

Metric Description
azurerm_keyvault_info Azure KeyVault information
azurerm_keyvault_status Azure KeyVault status information (eg. if accessable from exporter)
azurerm_keyvault_entries Count of entries (seperated by type) inside Azure KeyVault
azurerm_keyvault_key_info General inforamtions about keys
azurerm_keyvault_key_status Status information (notBefore & expiry date)
azurerm_keyvault_secret_info General inforamtions about secrets
azurerm_keyvault_secret_status Status information (notBefore & expiry date)
azurerm_keyvault_certificate_info General inforamtions about certificate
azurerm_keyvault_certificate_status Status information (notBefore & expiry date)

ResourceTags handling

see armclient tagmanager documentation

AzureTracing metrics

see armclient tracing documentation

Caching

see prometheus collector cache documentation

About

Prometheus exporter for Azure Keyvault entries (expiry date)

Topics

golang azure prometheus-exporter keyvault azure-resource-manager azure-keyvault

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

18 stars

Watchers

6 watching

Forks

5 forks
Report repository

Releases 23

25.5.0 Latest
May 1, 2025
+ 22 releases

Packages

No packages published

Languages