vaultwarden/examples/metrics-config.env

# Vaultwarden Metrics Configuration Examples
# Copy these variables to your .env file or set as environment variables

# ============================================
# Basic Metrics Configuration
# ============================================

# Enable metrics endpoint (disabled by default)
ENABLE_METRICS=true

# ============================================
# Security Configuration
# ============================================

# Option 1: No authentication (DEVELOPMENT ONLY)
# Leave METRICS_TOKEN unset for public access
# WARNING: This exposes potentially sensitive information

# Option 2: Plain text token (basic security)
# METRICS_TOKEN=your-secret-metrics-token-here

# Option 3: Argon2 hashed token (recommended for production)
# Generate with: vaultwarden hash
# METRICS_TOKEN='$argon2id$v=19$m=65540,t=3,p=4$...'

# ============================================
# Prometheus Scrape Configuration
# ============================================

# In your prometheus.yml:
#
# scrape_configs:
#   - job_name: 'vaultwarden'
#     static_configs:
#       - targets: ['localhost:8080']
#     metrics_path: '/metrics'
#     # For token authentication:
#     bearer_token: 'your-secret-metrics-token-here'
#     # OR use query parameter:
#     # params:
#     #   token: ['your-secret-metrics-token-here']
#     scrape_interval: 30s
#     scrape_timeout: 10s

# ============================================
# Build Configuration
# ============================================

# To enable metrics support, compile with:
# cargo build --features enable_metrics --release

# ============================================
# Other Vaultwarden Configuration
# ============================================

# Domain must be set for proper operation
DOMAIN=https://vault.example.com

# Database configuration
DATABASE_URL=data/db.sqlite3

# Admin panel (optional, but recommended for management)
ADMIN_TOKEN=your-admin-token-here

# SMTP configuration (optional)
# SMTP_HOST=smtp.example.com
# SMTP_FROM=vaultwarden@example.com
# SMTP_USERNAME=vaultwarden@example.com
# SMTP_PASSWORD=your-smtp-password

# Web vault enabled
WEB_VAULT_ENABLED=true

# Log level
LOG_LEVEL=info

# ============================================
# Example Grafana Queries
# ============================================

# Request rate:
# rate(vaultwarden_http_requests_total[5m])

# Error rate:
# rate(vaultwarden_http_requests_total{status=~"4..|5.."}[5m])

# Response time 95th percentile:
# histogram_quantile(0.95, rate(vaultwarden_http_request_duration_seconds_bucket[5m]))

# Active users:
# vaultwarden_users_total{status="enabled"}

# Database connection utilization:
# vaultwarden_db_connections_active / (vaultwarden_db_connections_active + vaultwarden_db_connections_idle) * 100

# Vault items by type:
# sum by (type) (vaultwarden_vault_items_total)

# Authentication attempts by status:
# rate(vaultwarden_auth_attempts_total[5m])