index.md

Vault Benchmark

vault-benchmark has two subcommands, run and review. The run command is the main command used to execute a benchmark run using the provided benchmark test configuration. Configuration is provided as an HCL formatted file containing the desired global configuration options for vault-benchmark itself as well as the test definitions and their respective configuration options.

Example Config

# Global vault-benchmark config options

vault_addr = \"<http://127.0.0.1:8200>\"
vault_token = \"root\"
vault_namespace=\"root\"
duration = \"2s\"
report_mode = \"terse\"
random_mounts = true
cleanup = true

# Test definitions and configuration

test \"approle_auth\" \"approle_auth_test1\" {
    weight = 100
    config {
        role {
            role_name = \"benchmark-role\"
            token_ttl=\"2m\"
        }
    }
}

Subcommands

• Run
• Review

Benchmark Tests

Below is a list of all currently available benchmark tests

Auth Benchmark Tests

• Approle Authentication Benchmark (approle_auth)
• AWS Authentication Credential Benchmark (aws_auth)
• Azure Authentication Credential Benchmark (azure_auth)
• Certification Authentication Benchmark (cert_auth)
• Google Cloud Platform Auth Benchmark (gcp_auth)
• GitHub Auth Benchmark (github_auth)
• JWT Static Credential Benchmark (jwt_auth)
• Kubernetes Auth Benchmark
• LDAP Auth Benchmark (ldap_auth)
• Userpass Auth Benchmark (userpass_auth)

Secret Benchmark Tests

• AWS Secrets Engine Benchmark (aws_secret)
• Azure Secrets Engine Benchmark (azure_secret)
• Cassandra Secrets Engine Benchmark (cassandra_secret)
• Consul Secret Benchmark (consul_secret)
• Couchbase Secrets Engine Benchmark (couchbase_secret)
• Elasticsearch Secrets Engine Benchmark (elasticsearch_secret)
• GCP Secrets Engine Benchmark (gcp_secret)
• GCP Secrets Engine Benchmark (gcp_secret)
• KVV1 and KVV2 Secret Benchmark
• LDAP Dynamic Secret Benchmark ldap_dynamic_secret
• LDAP Static Secret Benchmark ldap_static_secret
• MongoDB Secrets Engine Benchmark
• MongoDB Atlas Secrets Engine Benchmark
• MSSQL Secret Benchmark (mssql_secret)
• MySQL Secret Benchmark mysql_secret
• Nomad Secrets Engine Benchmark
• PKI Secret Configuration Options
• PKI Sign Secret Configuration Options
• Postgresql Secrets Engine Benchmark postgresql_secret
• RabbitMQ Secret Configuration Options
• Redis Dynamic Credential Benchmark (redis_dynamic_secret)
• Redis Static Credential Benchmark (redis_static_secret)
• Signed SSH Secret Issue Configuration Options
• SSH Key Signing Configuration Options
• Transform Tokenization Configuration Options
• Transit Secret Configuration Options

System Tests

• System Status Configuration Options

Global Configuration Options

• Global Configuration Options