cd /news/developer-tools/monitor-hcp-vault-dedicated-audit-lo… · home topics developer-tools article
[ARTICLE · art-46106] src=signoz.io ↗ pub= topic=developer-tools verified=true sentiment=↑ positive

Monitor HCP Vault Dedicated Audit Logs with SigNoz

HashiCorp's HCP Vault Dedicated now streams audit logs to SigNoz via a Generic HTTP Sink, enabling centralized observability for Vault audit events. The integration requires an Essentials or Standard tier cluster and supports configuration through the HCP portal or Terraform, with SigNoz Cloud not needing an agent. This allows teams to monitor Vault activity in real time using SigNoz's log analytics and alerting features.

read3 min views1 publishedJul 1, 2026

HCP Vault Dedicated streams audit logs to SigNoz through its Generic HTTP Sink. For SigNoz Cloud, HCP posts to the Vector log intake. Configure the sink from the HCP portal or with Terraform. SigNoz Cloud does not require an agent or collector.

Audit log streaming requires an Essentials or Standard tier cluster. Development tier clusters cannot stream audit logs. HCP Vault Dedicated streams to one log destination at a time, so enabling SigNoz replaces any existing audit log destination.

Prerequisites

  • HCP Vault Dedicated cluster on the Essentials orStandard tier Admin role on your HCP organization- An instance of SigNoz ( CloudorSelf-Hosted)

Configure audit log streaming

Log in to the

HCP portaland open your Vault cluster. - Go to

Audit Logs and clickEnable log streaming. - Select

Generic HTTP Sink as the provider and clickNext. - Enter the provider details:

URI:https://ingest.<region>.signoz.cloud/logs/vector

Method:POST

Encoding codec:JSON

Headers: addsignoz-ingestion-key

with<your-ingestion-key>

as the value

Leave compression, authentication strategy, and payload prefix/suffix at their defaults.

  • Click Save.

Add an audit_log_config

block to your hcp_vault_cluster

resource:

resource "hcp_vault_cluster" "example" {
  cluster_id = "vault-cluster"
  hvn_id     = hcp_hvn.example.hvn_id
  tier       = "standard_small"

  audit_log_config {
    http_uri    = "https://ingest.<region>.signoz.cloud/logs/vector"
    http_codec  = "JSON"
    http_method = "POST"
    http_headers = {
      "signoz-ingestion-key" = var.signoz_ingestion_key
    }
  }
}

Apply the change:

terraform apply

Verify these values:

<region>

: your SigNoz Cloudregion<your-ingestion-key>

: your SigNozingestion key

HCP can take a few minutes to start streaming after you save.

Validate

  • Open Logs in SigNoz. - Generate Vault activity: log in, read a secret, or run vault status

against the cluster. - Audit log entries appear within a few minutes. Each record carries Vault audit fields such as auth

,request.path

, and resource attributes likecluster_id

,cluster_tier

, andhcp_product

.

Troubleshooting

Troubleshooting

No logs arrive in SigNoz

  • Confirm the cluster is on the Essentials orStandard tier. Development tier clusters cannot stream audit logs. - Recheck the URI region against your SigNoz region. A wrong region drops data with no error. - Confirm the path is /logs/vector

and the codec isJSON

. - Copy the signoz-ingestion-key

value fresh fromSigNoz settings. - For self-hosted SigNoz, confirm HCP can reach your Vector endpoint, and that Vector can reach http://<signoz-host>:4318/v1/logs

. - HCP can take a few minutes to begin streaming. Generate Vault activity, since an idle cluster produces few audit events.

Streaming to a different destination stopped

HCP Vault Dedicated streams to one log destination at a time. Enabling SigNoz replaces the previous destination. Re-add the previous endpoint if you need it back, but only one can be active.

Limitations

Essentials or Standard tier required. Development tier clusters cannot stream audit logs.One destination at a time. Enabling SigNoz replaces any existing audit log destination.Audit logs only. This path covers audit logs. Vault metrics use a separate streaming destination.

Next Steps

Build dashboardson Vault audit activitySet up log-based alertsto detect anomalous access patternsParse and transform logswith Logs Pipelines

Get Help

If you need help with the steps in this topic, please reach out to us on SigNoz Community Slack. If you are a SigNoz Cloud user, please use in product chat support located at the bottom right corner of your SigNoz instance or contact us at cloud-support@signoz.io.

── more in #developer-tools 4 stories · sorted by recency
── more on @hashicorp 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/monitor-hcp-vault-de…] indexed:0 read:3min 2026-07-01 ·