index.md

Vault Benchmark

vault-benchmark has two subcommands, run and review. The run command is the main command used to execute a benchmark run using the provided benchmark test configuration. Configuration is provided as an HCL formatted file containing the desired global configuration options for vault-benchmark itself as well as the test definitions and their respective configuration options.

Example Config

# Global vault-benchmark config options

vault_addr = "http://127.0.0.1:8200"
vault_token = "root"
vault_namespace="root"
duration = "2s"
report_mode = "terse"
random_mounts = true
cleanup = true

# Test definitions and configuration

test "approle_auth" "approle_auth_test1" {
    weight = 100
    config {
        role {
            role_name = "benchmark-role"
            token_ttl="2m"
        }
    }
}

Example Usage

$ vault-benchmark run -config=config.hcl

Subcommands

• Run
• Review

Benchmark Tests

Below is a list of all currently available benchmark tests

Auth Benchmark Tests

• Approle Authentication Benchmark (approle_auth)
• AWS Authentication Credential Benchmark (aws_auth)
• Azure Authentication Credential Benchmark (azure_auth)
• Certification Authentication Benchmark (cert_auth)
• Google Cloud Platform Auth Benchmark (gcp_auth)
• GitHub Auth Benchmark (github_auth)
• JWT Static Credential Benchmark (jwt_auth)
• Kubernetes Auth Benchmark
• LDAP Auth Benchmark (ldap_auth)
• Userpass Auth Benchmark (userpass_auth)

Secret Benchmark Tests

• AWS Secrets Engine Benchmark (aws_secret)
• Azure Secrets Engine Benchmark (azure_secret)
• Cassandra Secrets Engine Benchmark (cassandra_secret)
• Consul Secret Benchmark (consul_secret)
• Couchbase Secrets Engine Benchmark (couchbase_secret)
• Elasticsearch Secrets Engine Benchmark (elasticsearch_secret)
• GCP Secrets Engine Benchmark (gcp_secret)
• GCP Secrets Engine Benchmark (gcp_secret)
• KVV1 and KVV2 Secret Benchmark
• LDAP Dynamic Secret Benchmark ldap_dynamic_secret
• LDAP Static Secret Benchmark ldap_static_secret
• MongoDB Secrets Engine Benchmark
• MongoDB Atlas Secrets Engine Benchmark
• MSSQL Secret Benchmark (mssql_secret)
• MySQL Secret Benchmark mysql_secret
• Nomad Secrets Engine Benchmark
• PKI Secret Configuration Options
• PKI Sign Secret Configuration Options
• Postgresql Secrets Engine Benchmark postgresql_secret
• RabbitMQ Secret Configuration Options
• Redis Dynamic Credential Benchmark (redis_dynamic_secret)
• Redis Static Credential Benchmark (redis_static_secret)
• Signed SSH Secret Issue Configuration Options
• SSH Key Signing Configuration Options
• Secrets Sync Benchmark
• Transform Tokenization Configuration Options
• Transit Secret Configuration Options

System Tests

• System Status Configuration Options
• System ACL Policy Configuration Options
• System Mount Configuration Options

Global Configuration Options

• Global Configuration Options