Hashicorp Vault and MySQL Integration

Powerful performance with an easy integration, powered by Telegraf, the open source data connector built by InfluxData.

info

This is not the recommended configuration for real-time query at scale. For query and compression optimization, high-speed ingest, and high availability, you may want to consider Hashicorp Vault and InfluxDB.

5B+

Telegraf downloads

#1

Time series database
Source: DB Engines

1B+

Downloads of InfluxDB

2,800+

Contributors

Table of Contents

Powerful Performance, Limitless Scale

Collect, organize, and act on massive volumes of high-velocity data. Any data is more valuable when you think of it as time series data. with InfluxDB, the #1 time series platform built to scale with Telegraf.

See Ways to Get Started

Input and output integration overview

The Hashicorp Vault plugin for Telegraf allows for the collection of metrics from Hashicorp Vault services, facilitating monitoring and operational insights.

The Telegraf SQL plugin allows you to store metrics from Telegraf directly into a MySQL database, making it easier to analyze and visualize the collected metrics.

Integration details

Hashicorp Vault

The Hashicorp Vault plugin is designed to collect metrics from Vault agents running within a cluster. It enables Telegraf, an agent for collecting and reporting metrics, to interface with the Vault services, typically listening on a local address such as http://127.0.0.1:8200. This plugin requires a valid token for authorization, ensuring secure access to the Vault API. Users must configure either a token directly or provide a path to a token file, enhancing flexibility in authentication methods. Proper configuration of the timeout and optional TLS settings further relates to the security and responsiveness of the metrics collection process. As Vault is a critical tool in managing secrets and protecting sensitive data, monitoring its performance and health through this plugin is essential for maintaining operational security and efficiency.

MySQL

Telegraf’s SQL output plugin is designed to seamlessly write metric data to a SQL database by dynamically creating tables and columns based on the incoming metrics. When configured for MySQL, the plugin leverages the go-sql-driver/mysql, which requires enabling the ANSI_QUOTES SQL mode to ensure proper handling of quoted identifiers. This dynamic schema creation approach ensures that each metric is stored in its own table with a structure derived from its fields and tags, providing a detailed, timestamped record of system performance. The flexibility of the plugin allows it to handle high-throughput environments, making it ideal for scenarios that demand robust, granular metric logging and historical data analysis.

Configuration

Hashicorp Vault

[[inputs.vault]]
  ## URL for the Vault agent
  # url = "http://127.0.0.1:8200"

  ## Use Vault token for authorization.
  ## Vault token configuration is mandatory.
  ## If both are empty or both are set, an error is thrown.
  # token_file = "/path/to/auth/token"
  ## OR
  token = "s.CDDrgg5zPv5ssI0Z2P4qxJj2"

  ## Set response_timeout (default 5 seconds)
  # response_timeout = "5s"

  ## Optional TLS Config
  # tls_ca = /path/to/cafile
  # tls_cert = /path/to/certfile
  # tls_key = /path/to/keyfile

MySQL

[[outputs.sql]]
  ## Database driver
  ## Valid options: mssql (Microsoft SQL Server), mysql (MySQL), pgx (Postgres),
  ##  sqlite (SQLite3), snowflake (snowflake.com) clickhouse (ClickHouse)
  driver = "mysql"

  ## Data source name
  ## The format of the data source name is different for each database driver.
  ## See the plugin readme for details.
  data_source_name = "username:password@tcp(host:port)/dbname"

  ## Timestamp column name
  timestamp_column = "timestamp"

  ## Table creation template
  ## Available template variables:
  ##  {TABLE} - table name as a quoted identifier
  ##  {TABLELITERAL} - table name as a quoted string literal
  ##  {COLUMNS} - column definitions (list of quoted identifiers and types)
  table_template = "CREATE TABLE {TABLE}({COLUMNS})"

  ## Table existence check template
  ## Available template variables:
  ##  {TABLE} - tablename as a quoted identifier
  table_exists_template = "SELECT 1 FROM {TABLE} LIMIT 1"

  ## Initialization SQL
  init_sql = "SET sql_mode='ANSI_QUOTES';"

  ## Maximum amount of time a connection may be idle. "0s" means connections are
  ## never closed due to idle time.
  connection_max_idle_time = "0s"

  ## Maximum amount of time a connection may be reused. "0s" means connections
  ## are never closed due to age.
  connection_max_lifetime = "0s"

  ## Maximum number of connections in the idle connection pool. 0 means unlimited.
  connection_max_idle = 2

  ## Maximum number of open connections to the database. 0 means unlimited.
  connection_max_open = 0

  ## NOTE: Due to the way TOML is parsed, tables must be at the END of the
  ## plugin definition, otherwise additional config options are read as part of the
  ## table

  ## Metric type to SQL type conversion
  ## The values on the left are the data types Telegraf has and the values on
  ## the right are the data types Telegraf will use when sending to a database.
  ##
  ## The database values used must be data types the destination database
  ## understands. It is up to the user to ensure that the selected data type is
  ## available in the database they are using. Refer to your database
  ## documentation for what data types are available and supported.
  #[outputs.sql.convert]
  #  integer              = "INT"
  #  real                 = "DOUBLE"
  #  text                 = "TEXT"
  #  timestamp            = "TIMESTAMP"
  #  defaultvalue         = "TEXT"
  #  unsigned             = "UNSIGNED"
  #  bool                 = "BOOL"
  #  ## This setting controls the behavior of the unsigned value. By default the
  #  ## setting will take the integer value and append the unsigned value to it. The other
  #  ## option is "literal", which will use the actual value the user provides to
  #  ## the unsigned option. This is useful for a database like ClickHouse where
  #  ## the unsigned value should use a value like "uint64".
  #  # conversion_style = "unsigned_suffix"

Input and output integration examples

Hashicorp Vault

  1. Centralized Secret Management Monitoring: Utilize the Vault plugin to monitor multiple Vault instances across a distributed system, allowing for a unified view of secret access patterns and system health. This setup can help DevOps teams quickly identify any anomalies in secret access, providing essential insights into security postures across different environments.

  2. Audit Logging Integration: Configure this plugin to feed monitoring metrics into an audit logging system, enabling organizations to have a comprehensive view of their Vault interactions. By correlating audit logs with metrics, teams can investigate issues, optimize performance, and ensure compliance with security policies more effectively.

  3. Performance Benchmarking During Deployments: During application deployments that interact with Vault, use the plugin to monitor the effects of those deployments on Vault performance. This allows engineering teams to understand how changes impact secret management workflows and to proactively address performance bottlenecks, ensuring smooth deployment processes.

  4. Alerting for Threshold Exceedance: Integrate this plugin with alerting mechanisms to notify administrators when metrics exceed predefined thresholds. This proactive monitoring can help teams respond swiftly to potential issues, maintaining system reliability and uptime by allowing them to take action before any serious incidents arise.

MySQL

  1. Real-Time Web Analytics Storage: Leverage the plugin to capture website performance metrics and store them in MySQL. This setup enables teams to monitor user interactions, analyze traffic patterns, and dynamically adjust site features based on real-time data insights.

  2. IoT Device Monitoring: Utilize the plugin to collect metrics from a network of IoT sensors and log them into a MySQL database. This use case supports continuous monitoring of device health and performance, allowing for predictive maintenance and immediate response to anomalies.

  3. Financial Transaction Logging: Record high-frequency financial transaction data with precise timestamps. This approach supports robust audit trails, real-time fraud detection, and comprehensive historical analysis for compliance and reporting purposes.

  4. Application Performance Benchmarking: Integrate the plugin with application performance monitoring systems to log metrics into MySQL. This facilitates detailed benchmarking and trend analysis over time, enabling organizations to identify performance bottlenecks and optimize resource allocation effectively.

Feedback

Thank you for being part of our community! If you have any general feedback or found any bugs on these pages, we welcome and encourage your input. Please submit your feedback in the InfluxDB community Slack.

Powerful Performance, Limitless Scale

Collect, organize, and act on massive volumes of high-velocity data. Any data is more valuable when you think of it as time series data. with InfluxDB, the #1 time series platform built to scale with Telegraf.

See Ways to Get Started

Related Integrations

HTTP and InfluxDB Integration

The HTTP plugin collects metrics from one or more HTTP(S) endpoints. It supports various authentication methods and configuration options for data formats.

View Integration

Kafka and InfluxDB Integration

This plugin reads messages from Kafka and allows the creation of metrics based on those messages. It supports various configurations including different Kafka settings and message processing options.

View Integration

Kinesis and InfluxDB Integration

The Kinesis plugin allows for reading metrics from AWS Kinesis streams. It supports multiple input data formats and offers checkpointing features with DynamoDB for reliable message processing.

View Integration