starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-12-10 17:23:04 +03:00
Code Issues 429 Packages Projects Releases 10 Wiki Activity

[PR #6202] feat: Add comprehensive Prometheus metrics support #2439

New Issue
Open
opened 2025-10-09 18:05:12 +03:00 by OVERLORD · 0 comments
OVERLORD commented 2025-10-09 18:05:12 +03:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/dani-garcia/vaultwarden/pull/6202
Author: @rossigee
Created: 8/20/2025
Status: 🔄 Open

Base: mainHead: feature/prometheus-metrics

📝 Commits (8)

  • 3cbe12a feat: Add comprehensive Prometheus metrics support
  • 8fac5f5 fix: Resolve compilation errors and improve Docker build for metrics
  • 4d7f166 remove: Drop test-metrics.sh script in favor of unit tests
  • 64998f5 Merge branch 'main' into feature/prometheus-metrics
  • 2b6a146 fix typo in description of helo_name (#6194)
  • c209280 Merge branch 'feature/prometheus-metrics' of ssh://github.com/rossigee/vaultwarden into feature/prometheus-metrics
  • 14ec085 fix: add missing DbConn import in metrics.rs
  • 0568f00 Merge branch 'main' into feature/prometheus-metrics

📊 Changes

18 files changed (+1782 additions, -6 deletions)

View changed files

📝 Cargo.lock (+15 -0)
📝 Cargo.toml (+5 -0)
METRICS.md (+125 -0)
MONITORING.md (+394 -0)
📝 README.md (+36 -0)
📝 docker/Dockerfile.debian (+11 -2)
examples/metrics-config.env (+100 -0)
src/api/metrics.rs (+127 -0)
src/api/middleware.rs (+104 -0)
📝 src/api/mod.rs (+4 -0)
📝 src/api/web.rs (+3 -1)
📝 src/config.rs (+30 -0)
src/db/metrics.rs (+80 -0)
📝 src/db/mod.rs (+2 -0)
📝 src/main.rs (+29 -3)
src/metrics.rs (+290 -0)
src/metrics_test.rs (+196 -0)
tests/metrics_integration_test.rs (+231 -0)

📄 Description

Summary

This PR adds comprehensive Prometheus metrics support to Vaultwarden, providing observability into application performance, database health, authentication patterns, and business metrics.

Key Features

  • Optional metrics endpoint at /metrics (disabled by default)
  • Token-based authentication with support for plain text and Argon2 hashed tokens
  • Comprehensive metric categories: HTTP, database, authentication, business, and system metrics
  • Secure by default: Feature must be explicitly enabled and compiled with --features enable_metrics
  • Production-ready: Path normalization prevents metric explosion, proper error handling

Metrics Categories

  • HTTP Metrics: Request rates, response times, status codes by endpoint
  • Database Metrics: Connection pool utilization, query performance
  • Authentication Metrics: Login attempts, session counts by method and status
  • Business Metrics: User counts, vault items by type, organization data
  • System Metrics: Uptime, build information, version details

Security Considerations

  • Disabled by default - requires explicit ENABLE_METRICS=true
  • Token authentication prevents unauthorized access
  • Path normalization prevents high cardinality issues
  • Network isolation recommended for production

Documentation

  • Complete configuration guide in METRICS.md
  • Comprehensive monitoring setup in MONITORING.md
  • Prometheus/Grafana examples and alerting rules
  • Security best practices and troubleshooting

Test Plan

  • Metrics compilation with feature flag
  • Authentication (no token, valid token, invalid token)
  • Metric format validation (Prometheus format)
  • All metric categories populated correctly
  • Path normalization working
  • Docker build with metrics feature
  • Security token hashing (Argon2)

Breaking Changes

None - this is an optional feature that's disabled by default.

Files Added/Modified

  • New: src/api/metrics.rs - Metrics endpoint implementation
  • New: METRICS.md - Configuration and usage guide
  • New: MONITORING.md - Complete monitoring setup guide
  • New: examples/metrics-config.env - Configuration examples
  • New: scripts/test-metrics.sh - Testing script
  • Modified: Cargo.toml - Added optional prometheus dependency
  • Modified: README.md - Added metrics feature documentation
  • Modified: docker/Dockerfile.debian - Support for extra features in build

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/dani-garcia/vaultwarden/pull/6202 **Author:** [@rossigee](https://github.com/rossigee) **Created:** 8/20/2025 **Status:** 🔄 Open **Base:** `main` ← **Head:** `feature/prometheus-metrics` --- ### 📝 Commits (8) - [`3cbe12a`](https://github.com/dani-garcia/vaultwarden/commit/3cbe12aea650dd23fa23ac3c02e30cdfaf0b8af2) feat: Add comprehensive Prometheus metrics support - [`8fac5f5`](https://github.com/dani-garcia/vaultwarden/commit/8fac5f5060bbdc9215adedc170c9afee9748d82a) fix: Resolve compilation errors and improve Docker build for metrics - [`4d7f166`](https://github.com/dani-garcia/vaultwarden/commit/4d7f1667628fed3f9cd5ccf0564490a4d2ee30b6) remove: Drop test-metrics.sh script in favor of unit tests - [`64998f5`](https://github.com/dani-garcia/vaultwarden/commit/64998f53c0bae424229632e3175844c2fdeb88a7) Merge branch 'main' into feature/prometheus-metrics - [`2b6a146`](https://github.com/dani-garcia/vaultwarden/commit/2b6a14688f043a9f7423f61272d3155c7080eb86) fix typo in description of helo_name (#6194) - [`c209280`](https://github.com/dani-garcia/vaultwarden/commit/c209280d0016cc31bc6016823c544f91c5b586e8) Merge branch 'feature/prometheus-metrics' of ssh://github.com/rossigee/vaultwarden into feature/prometheus-metrics - [`14ec085`](https://github.com/dani-garcia/vaultwarden/commit/14ec0853d99056dbcc340ed00e90518420230144) fix: add missing DbConn import in metrics.rs - [`0568f00`](https://github.com/dani-garcia/vaultwarden/commit/0568f00c21464841ba217da5df1aa26170470e61) Merge branch 'main' into feature/prometheus-metrics ### 📊 Changes **18 files changed** (+1782 additions, -6 deletions) <details> <summary>View changed files</summary> 📝 `Cargo.lock` (+15 -0) 📝 `Cargo.toml` (+5 -0) ➕ `METRICS.md` (+125 -0) ➕ `MONITORING.md` (+394 -0) 📝 `README.md` (+36 -0) 📝 `docker/Dockerfile.debian` (+11 -2) ➕ `examples/metrics-config.env` (+100 -0) ➕ `src/api/metrics.rs` (+127 -0) ➕ `src/api/middleware.rs` (+104 -0) 📝 `src/api/mod.rs` (+4 -0) 📝 `src/api/web.rs` (+3 -1) 📝 `src/config.rs` (+30 -0) ➕ `src/db/metrics.rs` (+80 -0) 📝 `src/db/mod.rs` (+2 -0) 📝 `src/main.rs` (+29 -3) ➕ `src/metrics.rs` (+290 -0) ➕ `src/metrics_test.rs` (+196 -0) ➕ `tests/metrics_integration_test.rs` (+231 -0) </details> ### 📄 Description ## Summary This PR adds comprehensive Prometheus metrics support to Vaultwarden, providing observability into application performance, database health, authentication patterns, and business metrics. ### Key Features - **Optional metrics endpoint** at `/metrics` (disabled by default) - **Token-based authentication** with support for plain text and Argon2 hashed tokens - **Comprehensive metric categories**: HTTP, database, authentication, business, and system metrics - **Secure by default**: Feature must be explicitly enabled and compiled with `--features enable_metrics` - **Production-ready**: Path normalization prevents metric explosion, proper error handling ### Metrics Categories - **HTTP Metrics**: Request rates, response times, status codes by endpoint - **Database Metrics**: Connection pool utilization, query performance - **Authentication Metrics**: Login attempts, session counts by method and status - **Business Metrics**: User counts, vault items by type, organization data - **System Metrics**: Uptime, build information, version details ### Security Considerations - Disabled by default - requires explicit `ENABLE_METRICS=true` - Token authentication prevents unauthorized access - Path normalization prevents high cardinality issues - Network isolation recommended for production ### Documentation - Complete configuration guide in `METRICS.md` - Comprehensive monitoring setup in `MONITORING.md` - Prometheus/Grafana examples and alerting rules - Security best practices and troubleshooting ### Test Plan - [x] Metrics compilation with feature flag - [x] Authentication (no token, valid token, invalid token) - [x] Metric format validation (Prometheus format) - [x] All metric categories populated correctly - [x] Path normalization working - [x] Docker build with metrics feature - [x] Security token hashing (Argon2) ### Breaking Changes None - this is an optional feature that's disabled by default. ### Files Added/Modified - New: `src/api/metrics.rs` - Metrics endpoint implementation - New: `METRICS.md` - Configuration and usage guide - New: `MONITORING.md` - Complete monitoring setup guide - New: `examples/metrics-config.env` - Configuration examples - New: `scripts/test-metrics.sh` - Testing script - Modified: `Cargo.toml` - Added optional prometheus dependency - Modified: `README.md` - Added metrics feature documentation - Modified: `docker/Dockerfile.debian` - Support for extra features in build --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
OVERLORD added the pull-request label 2025-10-09 18:05:12 +03:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
better for forum
bug
bug
bug
documentation
duplicate
enhancement
future Vault
good first issue
help wanted
low priority
notes
pull-request
Mirrored from GitHub Pull Request
 question
SSO
Third party
troubleshooting
troubleshooting
wontfix
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/vaultwarden#2439
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?