Prometheus Certificate Metrics Exporter

Key Features

Metrics Exporter

Grafana Dashboards

Alert Manager

Service Discovery

PromQL Queries

Federation Support

Push Gateway

Benefits

Native Prometheus metrics for certificates

Integration with existing Prometheus stack

PromQL-powered certificate analytics

AlertManager notification integration

Kubernetes service discovery support

Common Use Cases

Monitoring certificate expiration in Kubernetes

Creating SLOs for certificate management

Alerting on certificate health metrics

Building Grafana dashboards for certificates

Prometheus Integration with TigerTrust

TigerTrust provides a native Prometheus exporter for cloud-native certificate monitoring.

Exporter Deployment

Deploy the TigerTrust exporter:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: tigertrust-exporter
spec:
  replicas: 1
  template:
    spec:
      containers:
      - name: exporter
        image: tigertrust/prometheus-exporter:latest
        ports:
        - containerPort: 9090
        env:
        - name: TIGERTRUST_API_KEY
          valueFrom:
            secretKeyRef:
              name: tigertrust-credentials
              key: api-key

Available Metrics

TigerTrust exports comprehensive certificate metrics:

# Certificate count by status
tigertrust_certificates_total{status="valid|expiring|expired"}

# Days until expiration
tigertrust_certificate_expiry_days{common_name, issuer, environment}

# Certificate operations
tigertrust_certificate_renewals_total{status="success|failure"}
tigertrust_certificate_discoveries_total{source}

# Policy violations
tigertrust_policy_violations_total{policy, severity}

Prometheus Configuration

Add TigerTrust to your prometheus.yml:

scrape_configs:
  - job_name: 'tigertrust'
    static_configs:
      - targets: ['tigertrust-exporter:9090']
    relabel_configs:
      - source_labels: [__address__]
        target_label: instance
        replacement: tigertrust

PromQL Queries

Query certificate metrics with PromQL:

# Certificates expiring within 30 days
count(tigertrust_certificate_expiry_days < 30)

# Average days to expiration by environment
avg by (environment) (tigertrust_certificate_expiry_days)

# Renewal success rate
rate(tigertrust_certificate_renewals_total{status="success"}[1h]) /
rate(tigertrust_certificate_renewals_total[1h])

AlertManager Rules

Configure certificate alerts:

groups:
- name: certificates
  rules:
  - alert: CertificateExpiringSoon
    expr: tigertrust_certificate_expiry_days < 14
    for: 1h
    labels:
      severity: warning
    annotations:
      summary: "Certificate {{ $labels.common_name }} expires in {{ $value }} days"

  - alert: CertificateExpired
    expr: tigertrust_certificate_expiry_days <= 0
    labels:
      severity: critical
    annotations:
      summary: "Certificate {{ $labels.common_name }} has expired!"

Kubernetes Service Discovery

Auto-discover certificates in Kubernetes:

scrape_configs:
  - job_name: 'tigertrust-kubernetes'
    kubernetes_sd_configs:
      - role: service
    relabel_configs:
      - source_labels: [__meta_kubernetes_service_annotation_tigertrust_scrape]
        action: keep
        regex: true

Achieve cloud-native certificate monitoring with Prometheus and TigerTrust.

Getting Started

1

Deploy TigerTrust Prometheus exporter

2

Configure Prometheus scrape targets

3

Import Grafana dashboards

4

Set up AlertManager rules

5

Enable service discovery for Kubernetes

Related Integrations

Datadog

Send certificate metrics, expiration alerts, and audit events to Datadog for comprehensive monitoring.

Splunk

Forward certificate lifecycle events and audit logs to Splunk for security analytics and compliance reporting.

New Relic

Monitor certificate health and performance metrics in New Relic with real-time alerting.

Ready to Integrate Prometheus?

Get started with TigerTrust and automate your certificate lifecycle management today.