[PR #6202] feat: Add comprehensive Prometheus metrics support #7379

New Issue

GiteaMirror · 2026-03-07T21:16:32-06:00

GiteaMirror commented

2026-03-07 21:16:32 -06:00

📋 Pull Request Information

Original PR: https://github.com/dani-garcia/vaultwarden/pull/6202
Author: @rossigee
Created: 8/20/2025
Status: 🔄 Open

Base: main ← Head: feature/prometheus-metrics

📝 Commits (10+)

9ed01ae feat: add comprehensive Prometheus metrics support
0502936 Drop verbose metrics functionality description.
a4106ae Drop examples (should be in docs).
c9563d6 Remove introduced development dependency.
2b1e989 Whitespace fixes.
387c2e9 Merge branch 'main' into feature/prometheus-metrics
672a1e5 Add Prometheus metrics support
5226d2f fix email as 2fa with auth requests (#6736)
b5adeb5 Update crates, web-vault, js, workflows (#6749)
10e4476 refactor: improve tooltips in diagnostics page (#6765)

📊 Changes

44 files changed (+8107 additions, -8473 deletions)

View changed files

📝 .github/workflows/build.yml (+10 -3)
📝 .github/workflows/check-templates.yml (+8 -0)
📝 .github/workflows/hadolint.yml (+8 -4)
📝 .github/workflows/release.yml (+16 -16)
📝 .github/workflows/releasecache-cleanup.yml (+4 -0)
📝 .github/workflows/trivy.yml (+6 -2)
📝 .github/workflows/typos.yml (+6 -2)
📝 .github/workflows/zizmor.yml (+6 -3)
📝 .pre-commit-config.yaml (+1 -1)
📝 Cargo.lock (+545 -381)
📝 Cargo.toml (+31 -23)
📝 README.md (+36 -0)
📝 docker/DockerSettings.yaml (+3 -3)
📝 docker/Dockerfile.alpine (+11 -11)
📝 docker/Dockerfile.debian (+8 -8)
📝 docker/Dockerfile.j2 (+2 -2)
➕ examples/metrics-config.env (+100 -0)
📝 macros/Cargo.toml (+2 -2)
📝 rust-toolchain.toml (+1 -1)
📝 src/api/core/accounts.rs (+4 -5)

...and 24 more files

📄 Description

Summary

This PR adds comprehensive Prometheus metrics support to Vaultwarden, providing observability into application performance, database health, authentication patterns, and business metrics.

Key Features

Optional metrics endpoint at /metrics (disabled by default)
Token-based authentication with support for plain text and Argon2 hashed tokens
Comprehensive metric categories: HTTP, database, authentication, business, and system metrics
Secure by default: Feature must be explicitly enabled and compiled with --features enable_metrics
Production-ready: Path normalization prevents metric explosion, proper error handling

Metrics Categories

HTTP Metrics: Request rates, response times, status codes by endpoint
Database Metrics: Connection pool utilization, query performance
Authentication Metrics: Login attempts, session counts by method and status
Business Metrics: User counts, vault items by type, organization data
System Metrics: Uptime, build information, version details

Security Considerations

Disabled by default - requires explicit ENABLE_METRICS=true
Token authentication prevents unauthorized access
Path normalization prevents high cardinality issues
Network isolation recommended for production

Documentation

Complete configuration guide in METRICS.md
Comprehensive monitoring setup in MONITORING.md
Prometheus/Grafana examples and alerting rules
Security best practices and troubleshooting

Test Plan

Metrics compilation with feature flag
Authentication (no token, valid token, invalid token)
Metric format validation (Prometheus format)
All metric categories populated correctly
Path normalization working
Docker build with metrics feature
Security token hashing (Argon2)

Breaking Changes

None - this is an optional feature that's disabled by default.

Files Added/Modified

New: src/api/metrics.rs - Metrics endpoint implementation
New: METRICS.md - Configuration and usage guide
New: MONITORING.md - Complete monitoring setup guide
New: examples/metrics-config.env - Configuration examples
New: scripts/test-metrics.sh - Testing script
Modified: Cargo.toml - Added optional prometheus dependency
Modified: README.md - Added metrics feature documentation
Modified: docker/Dockerfile.debian - Support for extra features in build

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/dani-garcia/vaultwarden/pull/6202 **Author:** [@rossigee](https://github.com/rossigee) **Created:** 8/20/2025 **Status:** 🔄 Open **Base:** `main` ← **Head:** `feature/prometheus-metrics` --- ### 📝 Commits (10+) - [`9ed01ae`](https://github.com/dani-garcia/vaultwarden/commit/9ed01ae9eb38469ad3be79596b43316079d88530) feat: add comprehensive Prometheus metrics support - [`0502936`](https://github.com/dani-garcia/vaultwarden/commit/05029365ee08669ab69a8ed7c2aedf927149132e) Drop verbose metrics functionality description. - [`a4106ae`](https://github.com/dani-garcia/vaultwarden/commit/a4106aeb4c35d7cacaf7f8e68727e8d454f3be11) Drop examples (should be in docs). - [`c9563d6`](https://github.com/dani-garcia/vaultwarden/commit/c9563d6c241110044b47e196799ffb0451e8a402) Remove introduced development dependency. - [`2b1e989`](https://github.com/dani-garcia/vaultwarden/commit/2b1e9890dc7e1578852e5a18bb8810eddc91407c) Whitespace fixes. - [`387c2e9`](https://github.com/dani-garcia/vaultwarden/commit/387c2e90829ba15713d05db9cf7b91a88fa77163) Merge branch 'main' into feature/prometheus-metrics - [`672a1e5`](https://github.com/dani-garcia/vaultwarden/commit/672a1e5c7207a10fd04365ce66cc953695be5f7d) Add Prometheus metrics support - [`5226d2f`](https://github.com/dani-garcia/vaultwarden/commit/5226d2f580d846a51829d61a760b1cd1e863d9fa) fix email as 2fa with auth requests (#6736) - [`b5adeb5`](https://github.com/dani-garcia/vaultwarden/commit/b5adeb5569af98dd31cde1d09cda7f4ce1bb02a8) Update crates, web-vault, js, workflows (#6749) - [`10e4476`](https://github.com/dani-garcia/vaultwarden/commit/10e4476743c246266a4e6af79f317662002b587f) refactor: improve tooltips in diagnostics page (#6765) ### 📊 Changes **44 files changed** (+8107 additions, -8473 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/build.yml` (+10 -3) 📝 `.github/workflows/check-templates.yml` (+8 -0) 📝 `.github/workflows/hadolint.yml` (+8 -4) 📝 `.github/workflows/release.yml` (+16 -16) 📝 `.github/workflows/releasecache-cleanup.yml` (+4 -0) 📝 `.github/workflows/trivy.yml` (+6 -2) 📝 `.github/workflows/typos.yml` (+6 -2) 📝 `.github/workflows/zizmor.yml` (+6 -3) 📝 `.pre-commit-config.yaml` (+1 -1) 📝 `Cargo.lock` (+545 -381) 📝 `Cargo.toml` (+31 -23) 📝 `README.md` (+36 -0) 📝 `docker/DockerSettings.yaml` (+3 -3) 📝 `docker/Dockerfile.alpine` (+11 -11) 📝 `docker/Dockerfile.debian` (+8 -8) 📝 `docker/Dockerfile.j2` (+2 -2) ➕ `examples/metrics-config.env` (+100 -0) 📝 `macros/Cargo.toml` (+2 -2) 📝 `rust-toolchain.toml` (+1 -1) 📝 `src/api/core/accounts.rs` (+4 -5) _...and 24 more files_ </details> ### 📄 Description ## Summary This PR adds comprehensive Prometheus metrics support to Vaultwarden, providing observability into application performance, database health, authentication patterns, and business metrics. ### Key Features - **Optional metrics endpoint** at `/metrics` (disabled by default) - **Token-based authentication** with support for plain text and Argon2 hashed tokens - **Comprehensive metric categories**: HTTP, database, authentication, business, and system metrics - **Secure by default**: Feature must be explicitly enabled and compiled with `--features enable_metrics` - **Production-ready**: Path normalization prevents metric explosion, proper error handling ### Metrics Categories - **HTTP Metrics**: Request rates, response times, status codes by endpoint - **Database Metrics**: Connection pool utilization, query performance - **Authentication Metrics**: Login attempts, session counts by method and status - **Business Metrics**: User counts, vault items by type, organization data - **System Metrics**: Uptime, build information, version details ### Security Considerations - Disabled by default - requires explicit `ENABLE_METRICS=true` - Token authentication prevents unauthorized access - Path normalization prevents high cardinality issues - Network isolation recommended for production ### Documentation - Complete configuration guide in `METRICS.md` - Comprehensive monitoring setup in `MONITORING.md` - Prometheus/Grafana examples and alerting rules - Security best practices and troubleshooting ### Test Plan - [x] Metrics compilation with feature flag - [x] Authentication (no token, valid token, invalid token) - [x] Metric format validation (Prometheus format) - [x] All metric categories populated correctly - [x] Path normalization working - [x] Docker build with metrics feature - [x] Security token hashing (Argon2) ### Breaking Changes None - this is an optional feature that's disabled by default. ### Files Added/Modified - New: `src/api/metrics.rs` - Metrics endpoint implementation - New: `METRICS.md` - Configuration and usage guide - New: `MONITORING.md` - Complete monitoring setup guide - New: `examples/metrics-config.env` - Configuration examples - New: `scripts/test-metrics.sh` - Testing script - Modified: `Cargo.toml` - Added optional prometheus dependency - Modified: `README.md` - Added metrics feature documentation - Modified: `docker/Dockerfile.debian` - Support for extra features in build --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

GiteaMirror added the pull-request label 2026-03-07 21:16:32 -06:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/vaultwarden#7379