{"slug": "monitor-hcp-vault-dedicated-audit-logs-with-signoz", "title": "Monitor HCP Vault Dedicated Audit Logs with SigNoz", "summary": "HashiCorp's HCP Vault Dedicated now streams audit logs to SigNoz via a Generic HTTP Sink, enabling centralized observability for Vault audit events. The integration requires an Essentials or Standard tier cluster and supports configuration through the HCP portal or Terraform, with SigNoz Cloud not needing an agent. This allows teams to monitor Vault activity in real time using SigNoz's log analytics and alerting features.", "body_md": "HCP Vault Dedicated streams audit logs to SigNoz through its Generic HTTP Sink. For SigNoz Cloud, HCP posts to the Vector log intake. Configure the sink from the HCP portal or with Terraform. SigNoz Cloud does not require an agent or collector.\n\nAudit log streaming requires an **Essentials** or **Standard** tier cluster. Development tier clusters cannot stream audit logs. HCP Vault Dedicated streams to **one log destination at a time**, so enabling SigNoz replaces any existing audit log destination.\n\nPrerequisites\n\n- HCP Vault Dedicated cluster on the\n**Essentials** or**Standard** tier **Admin** role on your HCP organization- An instance of SigNoz (\n[Cloud](https://signoz.io/teams/)or[Self-Hosted](https://signoz.io/docs/install/self-host/))\n\nConfigure audit log streaming\n\n-\nLog in to the\n\n[HCP portal](https://portal.cloud.hashicorp.com/)and open your Vault cluster. -\nGo to\n\n**Audit Logs** and click**Enable log streaming**. -\nSelect\n\n**Generic HTTP Sink** as the provider and click**Next**. -\nEnter the provider details:\n\n**URI**:`https://ingest.<region>.signoz.cloud/logs/vector`\n\n**Method**:`POST`\n\n**Encoding codec**:`JSON`\n\n**Headers**: add`signoz-ingestion-key`\n\nwith`<your-ingestion-key>`\n\nas the value\n\nLeave compression, authentication strategy, and payload prefix/suffix at their defaults.\n\n- Click\n**Save**.\n\nAdd an `audit_log_config`\n\nblock to your `hcp_vault_cluster`\n\nresource:\n\n```\nresource \"hcp_vault_cluster\" \"example\" {\n  cluster_id = \"vault-cluster\"\n  hvn_id     = hcp_hvn.example.hvn_id\n  tier       = \"standard_small\"\n\n  audit_log_config {\n    http_uri    = \"https://ingest.<region>.signoz.cloud/logs/vector\"\n    http_codec  = \"JSON\"\n    http_method = \"POST\"\n    http_headers = {\n      \"signoz-ingestion-key\" = var.signoz_ingestion_key\n    }\n  }\n}\n```\n\nApply the change:\n\n```\nterraform apply\n```\n\nVerify these values:\n\n`<region>`\n\n: your SigNoz Cloud[region](https://signoz.io/docs/ingestion/signoz-cloud/overview/#endpoint)`<your-ingestion-key>`\n\n: your SigNoz[ingestion key](https://signoz.io/docs/ingestion/signoz-cloud/keys/)\n\nHCP can take a few minutes to start streaming after you save.\n\nValidate\n\n- Open\n**Logs** in SigNoz. - Generate Vault activity: log in, read a secret, or run\n`vault status`\n\nagainst the cluster. - Audit log entries appear within a few minutes. Each record carries Vault audit fields such as\n`auth`\n\n,`request.path`\n\n, and resource attributes like`cluster_id`\n\n,`cluster_tier`\n\n, and`hcp_product`\n\n.\n\nTroubleshooting\n\n[Troubleshooting](#troubleshooting)\n\nNo logs arrive in SigNoz\n\n- Confirm the cluster is on the\n**Essentials** or**Standard** tier. Development tier clusters cannot stream audit logs. - Recheck the URI region against your\n[SigNoz region](https://signoz.io/docs/ingestion/signoz-cloud/overview/#endpoint). A wrong region drops data with no error. - Confirm the path is\n`/logs/vector`\n\nand the codec is`JSON`\n\n. - Copy the\n`signoz-ingestion-key`\n\nvalue fresh from[SigNoz settings](https://signoz.io/docs/ingestion/signoz-cloud/keys/). - For self-hosted SigNoz, confirm HCP can reach your Vector endpoint, and that Vector can reach\n`http://<signoz-host>:4318/v1/logs`\n\n. - HCP can take a few minutes to begin streaming. Generate Vault activity, since an idle cluster produces few audit events.\n\nStreaming to a different destination stopped\n\nHCP Vault Dedicated streams to one log destination at a time. Enabling SigNoz replaces the previous destination. Re-add the previous endpoint if you need it back, but only one can be active.\n\nLimitations\n\n**Essentials or Standard tier required.** Development tier clusters cannot stream audit logs.**One destination at a time.** Enabling SigNoz replaces any existing audit log destination.**Audit logs only.** This path covers audit logs. Vault metrics use a separate streaming destination.\n\nNext Steps\n\n[Build dashboards](https://signoz.io/docs/userguide/manage-dashboards/)on Vault audit activity[Set up log-based alerts](https://signoz.io/docs/alerts-management/log-based-alerts/)to detect anomalous access patterns[Parse and transform logs](https://signoz.io/docs/logs-pipelines/introduction/)with Logs Pipelines\n\nGet Help\n\nIf you need help with the steps in this topic, please reach out to us on [SigNoz Community Slack](https://signoz.io/slack/). If you are a SigNoz Cloud user, please use in product chat support located at the bottom right corner of your SigNoz instance or contact us at [cloud-support@signoz.io](mailto:cloud-support@signoz.io).", "url": "https://wpnews.pro/news/monitor-hcp-vault-dedicated-audit-logs-with-signoz", "canonical_source": "https://signoz.io/docs/integrations/outposts/hcp-vault", "published_at": "2026-07-01 00:00:00+00:00", "updated_at": "2026-07-01 06:50:16.385427+00:00", "lang": "en", "topics": ["developer-tools", "ai-infrastructure", "ai-tools"], "entities": ["HashiCorp", "HCP Vault Dedicated", "SigNoz", "Terraform", "Vector"], "alternates": {"html": "https://wpnews.pro/news/monitor-hcp-vault-dedicated-audit-logs-with-signoz", "markdown": "https://wpnews.pro/news/monitor-hcp-vault-dedicated-audit-logs-with-signoz.md", "text": "https://wpnews.pro/news/monitor-hcp-vault-dedicated-audit-logs-with-signoz.txt", "jsonld": "https://wpnews.pro/news/monitor-hcp-vault-dedicated-audit-logs-with-signoz.jsonld"}}