From 508017d073021bc2410ec91cbb26aa95bb9569af Mon Sep 17 00:00:00 2001 From: Alexander Scheel Date: Thu, 8 Jun 2023 09:09:10 -0400 Subject: [PATCH] Add missing documentation on cert metrics (#21073) Signed-off-by: Alexander Scheel --- website/content/api-docs/secret/pki.mdx | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/website/content/api-docs/secret/pki.mdx b/website/content/api-docs/secret/pki.mdx index ee7b78492fb8..17a7a0dabba8 100644 --- a/website/content/api-docs/secret/pki.mdx +++ b/website/content/api-docs/secret/pki.mdx @@ -4310,6 +4310,21 @@ The below parameters are in addition to the regular parameters accepted by the the next so the time of the operation itself does not need to be considered. Defaults to 12h +- `maintain_stored_certificate_counts` `(bool: false)` - When enabled, + maintains expensive counts of certificates. During initialization of the + mount, a LIST of all certificates is performed to get a baseline figure and + throughout operations like issuance, revocation, and subsequent tidies, the + figure is updated. + +~> *Note*: It is strongly recommend to not enable this value if 50k or more + certificates are stored in the mount or if many PKI mounts are in use in + this cluster. Instead, use audit logs and aggregate this data externally + to Vault so as not to impact Vault performance. + +- `publish_stored_certificate_count_metrics` `(bool: false)` - When enabled, + publishes the value computed by `maintain_stored_certificate_counts` to + the mount's metrics. This requires the former to be enabled. + #### Sample Payload ```json