Vault
Anonymous product usage reporting
Enterprise
Appropriate Vault Enterprise license required
To help guide product development efforts, IBM collects usage data about how you use Vault clusters and features. Except for the metadata listed in the Usage metadata list, Vault only reports numeric data for product usage metrics. Refer to the Usage metrics list for a description of each product usage metric reported by Vault.
Vault collects product usage data as part of the license utilization reporting process and manages it in a compliant manner.
Opt out
You have two options to opt out of product usage reporting:
- HCL configuration (recommended)
- Environment variable (requires restart)
Be sure to apply the same configuration or environment variable to all nodes on a Vault cluster. When leadership changes, settings on the new leader node replace the settings from the previous leader.
If your HCL configuration file and environment variable differ, the environment variable setting takes precedence.
If you opt out of product usage reporting, the license utilization reporting payloads continue to include the names and default values of product usage metrics. For example, even if your cluster has 100 namespaces, the vault.namespaces.count metric reports 0.
Opting out of product usage reporting does not affect snapshots taken before the opt-out settings took effect.
HCL configuration
Add the following to your Vault HCL configuration file to opt out of usage reporting. You can trigger a configuration reload on a running instance of Vault by sending a SIGHUP signal to the Vault process.
reporting {
disable_product_usage_reporting = true
}
Vault logs the following message in its server logs:
[DEBUG] activity: there is no reporting agent configured, skipping counts reporting
Environment variable
Set the following environment variable for the Vault process. You must restart the Vault process for the environment variable to take effect.
$ export OPTOUT_PRODUCT_USAGE_REPORTING=true
Vault logs the following messages in its server logs:
[INFO] core: product usage reporting disabled via environment variable: env=OPTOUT_PRODUCT_USAGE_REPORTING
[DEBUG] product usage reporting is disabled; usage metrics data will not be collected
Usage metrics list
IBM collects the following product usage metrics as numerical data. Vault does not collect sensitive values or additional metadata.
| Metric Name | Description |
|---|---|
adaptive_overload_protection_enabled | Whether Adaptive Overload Protection is enabled on Enterprise clusters. |
audit.device.file.count | The total number of audit devices of type file configured for this cluster. |
audit.device.socket.tcp.count | The total number of audit devices of type TCP socket configured for this cluster. |
audit.device.socket.udp.count | The total number of audit devices of type UDP socket configured for this cluster. |
audit.device.socket.unix.count | The total number of audit devices of type UNIX socket configured for this cluster. |
audit.device.syslog.count | The total number of audit devices of type syslog configured for this cluster. |
audit.exclusion.stanza.count | The total number of audit exclusion stanzas in the HCL configuration for this cluster. |
auth.method.alicloud.count | Number of auth mounts of type Alicloud across all namespaces. |
auth.method.appid.count | Number of auth mounts of type AppId across all namespaces. Note that this auth method is deprecated. |
auth.method.approle.count | Number of auth mounts of type Approle across all namespaces. |
auth.method.aws.count | Number of auth mounts of type AWS across all namespaces. |
auth.method.azure.count | Number of auth mounts of type Azure across all namespaces. |
auth.method.cert.count | Number of auth mounts of type Cert across all namespaces. |
auth.method.cloudfoundry.count | Number of auth mounts of type CloudFoundry across all namespaces. |
auth.method.gcp.count | Number of auth mounts of type GCP across all namespaces. |
auth.method.github.count | Number of auth mounts of type GitHub across all namespaces. |
auth.method.jwt.count | Number of auth mounts of type JWT across all namespaces. |
auth.method.kerberos.count | Number of auth mounts of type Kerberos across all namespaces. |
auth.method.kubernetes.count | Number of auth mounts of type Kubernetes across all namespaces. |
auth.method.ldap.count | Number of auth mounts of type LDAP across all namespaces. |
auth.method.oci.count | Number of auth mounts of type OCI across all namespaces. |
auth.method.oidc.count | Number of auth mounts of type OIDC across all namespaces. |
auth.method.okta.count | Number of auth mounts of type Okta across all namespaces. |
auth.method.pcf.count | Number of auth mounts of type PCF across all namespaces. Note that this auth method is deprecated. |
auth.method.plugin.count | Number of auth mounts with unrecognized types (custom plugins) across all namespaces. |
auth.method.radius.count | Number of auth mounts of type Radius across all namespaces. |
auth.method.saml.count | Number of auth mounts of type SAML across all namespaces. |
auth.method.spiffe.count | Number of auth mounts of type Spiffe across all namespaces. |
auth.method.token.count | Number of auth mounts of type Token across all namespaces. |
auth.method.userpass.count | Number of auth mounts of type Userpass across all namespaces. |
autopilot_upgrade_enabled | Whether the autopilot upgrade is enabled on this Vault cluster. |
autosnapshots.aws-s3.count | The count of automatic snapshots created using AWS S3 as the target. |
autosnapshots.azure-blob.count | The count of automatic snapshots created using Azure Blob Storage as the target. |
autosnapshots.google-gcs.count | The count of automatic snapshots created using Google GCS as the target. |
autosnapshots.local.count | The count of automatic snapshots created using local storage as the target. |
db.cassandra.plugin.count | Number of database plugins of type Cassandra across all namespaces. |
db.couchbase.plugin.count | Number of database plugins of type Couchbase across all namespaces. |
db.elasticsearch.plugin.count | Number of database plugins of type Elasticsearch across all namespaces. |
db.hana.plugin.count | Number of database plugins of type Hana across all namespaces. |
db.influxdb.plugin.count | Number of database plugins of type InfluxDB across all namespaces. |
db.mongodb.plugin.count | Number of database plugins of type MongoDB across all namespaces. |
db.mongodbatlas.plugin.count | Number of database plugins of type MongoDB Atlas across all namespaces. |
db.mssql.plugin.count | Number of database plugins of type MSSQL across all namespaces. |
db.mysql.plugin.count | Number of database plugins of type MySQL across all namespaces. |
db.postgres.plugin.count | Number of database plugins of type Postgres across all namespaces. |
db.redis.plugin.count | Number of database plugins of type Redis across all namespaces. |
db.rediselasticache.plugin.count | Number of database plugins of type Redis Elasticache across all namespaces. |
db.redshift.plugin.count | Number of database plugins of type Redshift across all namespaces. |
db.snowflake.plugin.count | Number of database plugins of type Snowflake across all namespaces. |
db.unknown.plugin.count | Number of unrecognized db plugins across all namespaces. |
identity.case_sensitive_mode | Whether or not the cluster is using case-sensitive identity name matching caused by historical duplicates. |
identity.force_deduplication_activated | Whether or not the cluster has had the force_identity_deduplication activation flag activated. |
kv.version1.secrets.count | Total number of version 1 KV secrets. |
kv.version1.secrets.namespace.max | Maximum number of version 1 KV secrets in a single namespace. |
kv.version1.secrets.namespace.mean | Mean number of version 1 KV secrets across namespaces. |
kv.version1.secrets.namespace.min | Minimum number of version 1 KV secrets in a single namespace. |
kv.version2.secrets.count | Total number of version 2 KV secrets. |
kv.version2.secrets.namespace.max | Maximum number of version 2 KV secrets in a single namespace. |
kv.version2.secrets.namespace.mean | Mean number of version 2 KV secrets across namespaces. |
kv.version2.secrets.namespace.min | Minimum number of version 2 KV secrets in a single namespace. |
leases.count | Total number of leases. |
loadedsnapshots.cloud.aws-s3.count | The count of loaded snapshots created using AWS S3 as the source. |
loadedsnapshots.cloud.azure-blob.count | The count of loaded snapshots created using Azure Blob as the source. |
loadedsnapshots.cloud.google-gcs.count | The count of loaded snapshots created using Google GCS as the source. |
loadedsnapshots.manual.count | The count of loaded snapshots created using a local snapshot as the source. |
mfa.login.duo.count | The count of MFA configurations using the Duo method enforced during login. |
mfa.login.okta.count | The count of MFA configurations using the Okta method enforced during login. |
mfa.login.pingid.count | The count of MFA configurations using the PingID method enforced during login. |
mfa.login.totp.count | The count of MFA configurations using the TOTP method enforced during login. |
mfa.stepup.duo.count | The count of MFA configurations using the Duo method enforced as step-up authentication. |
mfa.stepup.okta.count | The count of MFA configurations using the Okta method enforced as step-up authentication. |
mfa.stepup.pingid.count | The count of MFA configurations using the PingID method enforced as step-up authentication. |
mfa.stepup.totp.count | The count of MFA configurations using the TOTP method enforced as step-up authentication. |
namespaces.count | Total number of namespaces. |
operator.import.kv.version2.secrets.count | Total number of secrets imported from using operator import command. |
operator.import.kv.version2.secrets.source.aws.count | Total number of secrets imported from AWS using operator import command. |
operator.import.kv.version2.secrets.source.azure.count | Total number of secrets imported from Azure using operator import command. |
operator.import.kv.version2.secrets.source.count | Total number of secrets imported from Vault using operator import command. |
operator.import.kv.version2.secrets.source.gcp.count | Total number of secrets imported from GCP using operator import command. |
pki-external-ca.acme_accounts.count | Total number of PKI External CA ACME accounts across all namespaces and mounts. |
pki.cert.stored.count.current_month | The count of certificates stored in built-in PKI backends for the current month. |
pki.cert.stored.count.previous_month | The count of certificates stored in built-in PKI backends for the previous month. |
pki.issuers.count | Total number of PKI issuers across all namespaces and mounts. |
pki.roles.count | Total number of PKI roles across all namespaces and mounts. |
policies.acl.control_group.count | The total number of control groups in this cluster. |
policies.acl.count | Number of ACL policies across all namespaces. |
policies.acl.recover.count | The total number ACL policies with the 'recover' capability across all namespaces. |
policies.egp.count | Number of EGP policies across all namespaces. |
policies.rgp.count | Number of RGP policies across all namespaces. |
quotas.leasecount.count | Total number of lease count quotas. |
quotas.ratelimit.count | Total number of rate limit quotas, considering any group_by modes. |
quotas.ratelimit.entity_then_ip_with_secondary_rate.count | Total number of rate limit quotas using both "entity_then_ip" group_by mode and "secondary_rate". |
quotas.ratelimit.entity_then_ip.count | Total number of rate limit quotas using "entity_then_ip" group_by mode. |
quotas.ratelimit.entity_then_none_with_secondary_rate.count | Total number of rate limit quotas using both "entity_then_none" group_by mode and "secondary_rate". |
quotas.ratelimit.entity_then_none.count | Total number of rate limit quotas using "entity_then_none" group_by mode. |
quotas.ratelimit.ip.count | Total number of rate limit quotas using "ip" group_by mode. |
quotas.ratelimit.none.count | Total number of rate limit quotas using "none" group_by mode. |
replication.auth.local_mounts | The number of local auth mounts across for this cluster. |
replication.auth.non_local_mounts | The number of replicated auth mounts across all clusters. |
replication.num_nodes | The number of nodes in a HA cluster. |
replication.secret.local_mounts | The number of local secret mounts across for this cluster. |
replication.secret.non_local_mounts | The number of replicated secret mounts across all clusters. |
scim.config.clients.count | Total number of distinct SCIM clients configured. |
scim.config.clients.with_mount_accessor.count | Total number of SCIM clients with a mount accessor configured. |
scim.resources.entities_managed.count | Total count of identity entities under SCIM management. |
scim.resources.groups_managed.count | Total count of identity groups under SCIM management. |
secret.engine.activedirectory.count | Number of secret engine mounts of type Active Directory across all namespaces. Note that this secret engine is deprecated. |
secret.engine.alicloud.count | Number of secret engine mounts of type Alicloud across all namespaces. |
secret.engine.aws.count | Number of secret engine mounts of type AWS across all namespaces. |
secret.engine.aws.dynamic.role.count | Number of AWS secret engine dynamic roles across all namespaces. |
secret.engine.aws.static.role.count | Number of AWS secret engine static roles across all namespaces. |
secret.engine.azure.count | Number of secret engine mounts of type Azure across all namespaces. |
secret.engine.azure.dynamic.role.count | Number of Azure secret engine dynamic roles across all namespaces. |
secret.engine.cassandra.count | Number of secret engine mounts of type Cassandra across all namespaces. Note that this secret engine is deprecated. |
secret.engine.consul.count | Number of secret engine mounts of type Consul across all namespaces. |
secret.engine.database.count | Number of secret engine mounts of type Database across all namespaces. Includes all databases of all types. |
secret.engine.database.dynamic.role.count | Number of database secret engine dynamic roles across all namespaces. |
secret.engine.database.static.role.count | Number of database secret engine static roles across all namespaces. |
secret.engine.gcp.count | Number of secret engine mounts of type GCP across all namespaces. |
secret.engine.gcp.impersonated.account.count | Number of GCP secret engine impersonated accounts across all namespaces. |
secret.engine.gcp.roleset.count | Number of GCP secret engine role sets across all namespaces. |
secret.engine.gcp.static.role.count | Number of GCP secret engine static roles across all namespaces. |
secret.engine.gcpkms.count | Number of secret engine mounts of type GCPKMS across all namespaces. |
secret.engine.keymgmt.awskms.provider.kms.count | Number of AWS KMS providers across all namespaces in secret engine mounts of type Keymgmt. |
secret.engine.keymgmt.awskms.provider.kms.key.count | Number of KMS keys across all namespaces in secret engine mounts of type Keymgmt mapped to the AWS KMS provider. |
secret.engine.keymgmt.azurekeyprovider.kms.count | Number of Azure KMS providers across all namespaces in secret engine mounts of type Keymgmt. |
secret.engine.keymgmt.azurekeyprovider.kms.key.count | Number of KMS keys across all namespaces in secret engine mounts of type Keymgmt mapped to the Azure Key Vault provider. |
secret.engine.keymgmt.count | Number of secret engine mounts of type Keymgmt across all namespaces. |
secret.engine.keymgmt.gcpckms.provider.kms.count | Number of GCP KMS providers across all namespaces in secret engine mounts of type Keymgmt. |
secret.engine.keymgmt.gcpckms.provider.kms.key.count | Number of KMS keys across all namespaces in secret engine mounts of type Keymgmt mapped to the GCP Cloud KMS provider. |
secret.engine.keymgmt.kms.key.count | Number of KMS keys across all namespaces in secret engine mounts of type Keymgmt. |
secret.engine.keymgmt.kms.multi.region.key.count | Number of multi region key across all namespaces in secret engine mounts of type Keymgmt. |
secret.engine.keymgmt.kms.multi.region.key.secondary.region.count | Number of secondary region of multi region key across all namespaces in secret engine mounts of type Keymgmt. |
secret.engine.kmip.count | Number of secret engine mounts of type KMIP across all namespaces. |
secret.engine.kubernetes.count | Number of secret engine mounts of type Kubernetes across all namespaces. |
secret.engine.kv.count | Number of secret engine mounts of type KV across all namespaces. |
secret.engine.ldap.count | Number of secret engine mounts of type LDAP across all namespaces. |
secret.engine.ldap.dynamic.role.count | Number of LDAP secret engine dynamic roles across all namespaces. |
secret.engine.ldap.static.role.count | Number of LDAP secret engine static roles, across all namespaces. |
secret.engine.mongodb.count | Number of secret engine mounts of type MongoDB across all namespaces. Note that this secret engine is deprecated. |
secret.engine.mongodbatlas.count | Number of secret engine mounts of type MongoDBAtlas across all namespaces. |
secret.engine.mssql.count | Number of secret engine mounts of type MSSql across all namespaces. Note that this secret engine is deprecated. |
secret.engine.mysql.count | Number of secret engine mounts of type MySQL across all namespaces. Note that this secret engine is deprecated. |
secret.engine.nomad.count | Number of secret engine mounts of type Nomad across all namespaces. |
secret.engine.openldap.count | Number of secret engine mounts of type OpenLDAP across all namespaces. |
secret.engine.openldap.dynamic.role.count | Number of OpenLDAP secret engine dynamic roles across all namespaces. |
secret.engine.openldap.static.role.count | Number of OpenLDAP secret engine static roles across all namespaces. |
secret.engine.pki-external-ca.count | Number of secret engine mounts of type PKI External CA across all namespaces. |
secret.engine.pki.count | Number of secret engine mounts of type PKI across all namespaces. |
secret.engine.plugin.count | Number of secret engines with unrecognized types (custom plugins) across all namespaces. |
secret.engine.postgresql.count | Number of secret engine mounts of type Postgresql across all namespaces. Note that this secret engine is deprecated. |
secret.engine.rabbitmq.count | Number of secret engine mounts of type RabbitMQ across all namespaces. |
secret.engine.spiffe.count | Number of secret engine mounts of type Spiffe across all namespaces. |
secret.engine.ssh.count | Number of secret engine mounts of type SSH across all namespaces. |
secret.engine.terraform.count | Number of secret engine mounts of type Terraform across all namespaces. |
secret.engine.totp.count | Number of secret engine mounts of type TOTP across all namespaces. |
secret.engine.transform.count | Number of secret engine mounts of type Transform across all namespaces. |
secret.engine.transit.count | Number of secret engine mounts of type Transit across all namespaces. |
secretsync.destinations.aws-sm.count | Total number of secret sync destinations to AWS-SM configured. |
secretsync.destinations.aws-sm.static.count | Total number of secret sync destinations configured using static credentials for AWS. |
secretsync.destinations.aws-sm.wif.count | Total number of secret sync destinations configured using WIF for AWS. |
secretsync.destinations.azure-kv.count | Total number of secret sync destinations to Azure KV configured. |
secretsync.destinations.azure-kv.static.count | Total number of secret sync destinations configured using static credentials for Azure. |
secretsync.destinations.azure-kv.wif.count | Total number of secret sync destinations configured using WIF for Azure. |
secretsync.destinations.count | Total number of secret sync destinations configured. |
secretsync.destinations.count | Total number of secret sync destinations to Vault configured. |
secretsync.destinations.gcp-sm.count | Total number of secret sync destinations to GCP-SM configured. |
secretsync.destinations.gcp-sm.static.count | Total number of secret sync destinations configured using static credentials for GCP. |
secretsync.destinations.gcp-sm.wif.count | Total number of secret sync destinations configured using WIF for GCP. |
secretsync.destinations.gh.count | Total number of secret sync destinations to GitHub configured. |
secretsync.destinations.gitlab.count | Total number of secret sync destinations to GitLab configured. |
secretsync.destinations.inmem.count | Total number of secret sync destinations to InMem configured. |
secretsync.destinations.inmem.static.count | Total number of secret sync destinations configured using static credentials for InMem. |
secretsync.destinations.inmem.wif.count | Total number of secret sync destinations configured using WIF for InMem. |
secretsync.destinations.static.count | Total number of secret sync destinations configured using static credentials. |
secretsync.destinations.terraform.count | Total number of secret sync destinations to Terraform configured. |
secretsync.destinations.vercel-project.count | Total number of secret sync destinations to Vercel Project configured. |
secretsync.destinations.wif.count | Total number of secret sync destinations configured using WIF. |
secretsync.sources.count | Total number of secret sync sources configured. |
storage.max_entry_size | User configured maximum size of entries on Enterprise Raft clusters. |
storage.max_mount_and_namespace_table_entry_size | User configured maximum mount and namespace entries on Enterprise Raft clusters. |
telemetry.filters.count | The count of metric prefix filters specified in the telemetry stanza in config file. |
telemetry.stanzas.count | The count of telemetry stanzas configured in this cluster. |
ui.custom_banners.authenticated | The number of authenticated custom banners across all namespaces. |
ui.custom_banners.unauthenticated | The number of unauthenticated custom banners across all namespaces. |
ui.enabled | Whether the UI is enabled on this Vault cluster. |
Usage metadata list
IBM collects the following product data in the metadata section of each snapshot:
| Metadata Name | Description |
|---|---|
replication_status | Replication status of this cluster, e.g. perf-disabled,dr-disabled |
storage_type | Storage backend type, e.g. raft or consul |
operating_system | Operating system this cluster is running on. |