Monitoring operational metrics
As a security officer, auditor, or manager, you can use the IBM Cloud Monitoring service to measure how users and applications interact with IBM Cloud® Secrets Manager.
IBM Cloud Monitoring records data on the operations that occur inside of IBM Cloud. This service allows you to gain operational visibility into the performance and health of your applications, services, and platforms. You can use its advanced features to monitor and troubleshoot, define alerts based on API response codes, and design custom dashboards.
For more information regarding the Monitoring service, check out Getting started.
Enabling Secrets Manager service metrics adds new metrics to your Monitoring instance. For information on Monitoring pricing, check out Pricing.
What metrics are available?
You can use Monitoring to track the type of API requests being made in your service instance as well as the latency of the requests. The dashboard includes:
- Total requests being made in your Secrets Manager instance, categorized by API type.
- Failed API requests categorized by error type.
- API request latency over time, including the average latency, highest latency, and lowest latency.
- Total amount of secrets and secret groups in the instance.
Before you begin
Configure a Monitoring instance for metrics
Other IBM Cloud users with administrator or editor permissions can manage the Monitoring service in the IBM Cloud. These users must also have platform permissions to create resources within the context of the resource
group where they plan to provision the instance.
To enable platform metrics in a region, complete the following steps:
-
Provision an instance of Monitoring in the region of the Secrets Manager instance.
-
Go to the Monitoring dashboard.
-
Click on Configure platform metrics.
-
Select the region where the Secrets Manager instance was created.
-
Select the Monitoring instance in which you would like to receive metrics.
-
Click Configure.
You can also reach this location by clicking on the Actions dropdown in your Secrets Manager instance, followed by clicking on Add monitoring.
Secrets Manager metrics details
You can use the metrics in your monitoring instance dashboard to measure the types of requests being made in your service instance as well as the latency of the requests.
Resource count
The total amount of secrets and secret groups in the instance
| Metric Name | Description | Metric Type | Value Type |
|---|---|---|---|
| ibm_sm_secrets_count | Total amount of secrets | Gauge | None |
| ibm_sm_secret_groups_count | Total amount of secret groups | Gauge | None |
Total requests
The type and amount of API requests being made to your Secrets Manager instance. For example, you can track how many API requests have been made for read, write, or delete actions.
| Metric Name | Description | Metric Type | Value Type |
|---|---|---|---|
| ibm_sm_delete_private_requests_count | Total amount of delete requests in private network | Gauge | None |
| ibm_sm_delete_public_requests_count | Total amount of delete requests in public network | Gauge | None |
| ibm_sm_read_private_requests_count | Total amount of read requests in private network | Gauge | None |
| ibm_sm_read_public_requests_count | Total amount of read requests in public network | Gauge | None |
| ibm_sm_write_private_requests_count | Total amount of write requests in private network | Gauge | None |
| ibm_sm_write_public_requests_count | Total amount of write requests in public network | Gauge | None |
Error count
This metric gathers the number of 4xx and 5xx errors encountered from all APIs.
| Metric Name | Description | Metric Type | Value Type |
|---|---|---|---|
| ibm_sm_4xx_errors_count | Total amount of 4xx errors | Gauge | None |
| ibm_sm_5xx_errors_count | Total amount of 5xx errors | Gauge | None |
Latency
This metric tracks amount of time it takes Secrets Manager to receive an API request and respond to it.
The latency is calculated by getting the average of all requests of the same type that occur within 60 seconds.
| Metric Name | Description | Metric Type | Value Type |
|---|---|---|---|
| ibm_sm_latency_delete_avg_ms | Delete operation average response time | Gauge | Milliseconds |
| ibm_sm_latency_delete_max_ms | Delete operation maximum response time | Gauge | Milliseconds |
| ibm_sm_latency_delete_min_ms | Delete operation minimum response time | Gauge | Milliseconds |
| ibm_sm_latency_read_avg_ms | Read operation average response time | Gauge | Milliseconds |
| ibm_sm_latency_read_max_ms | Read operation maximum response time | Gauge | Milliseconds |
| ibm_sm_latency_read_min_ms | Read operation minimum response time | Gauge | Milliseconds |
| ibm_sm_latency_write_avg_ms | Write operation average response time | Gauge | Milliseconds |
| ibm_sm_latency_write_max_ms | Write operation maximum response time | Gauge | Milliseconds |
| ibm_sm_latency_write_min_ms | Write operation minimum response time | Gauge | Milliseconds |
Attributes for segmentation
You can filter your metrics by using segmentation attributes.
| Attribute Name | Description |
|---|---|
| ibm_ctype | public, dedicated, or local. |
| ibm_location | Location of the Secrets Manager service instance. |
| ibm_scope | The account, organization, or space GUID associated with the metric. |
| ibm_service_instance | Secrets Manager service instance ID. |
| ibm_service_name | secrets-manager. |
Metrics filter attributes
You can scope down your metrics by using scope filters, which are more granular than the segmentation filters.
| Attribute Name | Description |
|---|---|
| ibm_scope | The account, organization, or space GUID associated with the metric. |
| ibm_location | The location of the instance. |
| ibm_service_instance | The service instance id associated with the metric. |
Default dashboards
How to find the Monitoring dashboard for Secrets Manager using the Observability page
After configuring your Monitoring instance to receive platform metrics, follow these steps:
- Go to the Monitoring dashboard and find your monitoring instance that is configured to receive platform metrics.
- Click on the View Monitoring button in the View Dashboard column of the monitoring instance.
- Once you are in the Monitoring platform, click Dashboards to open up the side menu.
- Select Secrets Manager under the IBM section to view the dashboard.
To see metrics for one or more instances, select from the ibm_service_instance dropdown in the Secrets Manager dashboard.
Opening the Monitoring dashboard from Secrets Manager
After configuring your Monitoring instance to receive platform metrics, you can open the dashboard directly from your Secrets Manager instance.
- Click on the Actions menu
- Click on the Monitoring option to open the dashboard
Setting alerts
You can set alerts on your Monitoring dashboard to notify you of certain metrics. To setup a metric:
- Click Alerts on the side menu.
- Click Add Alert at the top of the page.
- Select Metric as the alert type.
- Select the aggregation and the appropriate metric.
- Select the scope filter, if applicable.
- Set the metric and time requirements for the alert to trigger.
- Configure the notification channel and notification interval.
- Click Create.