secrets-manager icon indicating copy to clipboard operation
secrets-manager copied to clipboard
verified publisher icon vmware-tanzu

Create a /stats endpoint for VSecM Safe

Open v0lkan opened this issue 2 years ago • 2 comments

VSecM Safe shall have a /stats endpoint.

The endpoint will show overall system stats; how many workloads are there; TTL of secrets, whether any of the secrets are about to expire etc.

Some details:

  • stats endpoint will provide stats like total number of secrets, names of the secrets that are about to expire (those that passed their half-life), the current load of the internal queues (what is the capacity, and len of the queue), last time someone or something has established a successful connection to VSecM Safe, whether it can still talk to the SPIRE workload API.
  • stats can also check and report the current state of SPIRE server’s and SPIRE agent’s health endpoints. (though, we might later move that feature to a /health endpoint too.
  • We would be able to call this from VSecM Sentinel.
  • Stats endpoint will cache its findings regularly (i.e. constantly calling /stats will not result in querying the system all the time; stats will just return the last snappshotted statistics – that is a tradeoff between accuracy and performance; the cache interval shall be configurable)

v0lkan avatar Jan 06 '24 05:01 v0lkan

Can I take this issue?

muratmirgun avatar Jan 21 '24 18:01 muratmirgun

It’s all yours — I’ll add some more details to the description.

v0lkan avatar Jan 22 '24 02:01 v0lkan