backport of commit 508017d073 (#21075)

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com> Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2025-11-01 19:17:58 +00:00 · 2023-06-08 14:27:15 -04:00
parent 1c4696b98d
commit c1d41b54f5
1 changed files with 15 additions and 0 deletions
--- a/website/content/api-docs/secret/pki.mdx
+++ b/website/content/api-docs/secret/pki.mdx
@@ -4310,6 +4310,21 @@ The below parameters are in addition to the regular parameters accepted by the
  the next so the time of the operation itself does not need to be considered.
  Defaults to 12h

+- `maintain_stored_certificate_counts` `(bool: false)` - When enabled,
+  maintains expensive counts of certificates. During initialization of the
+  mount, a LIST of all certificates is performed to get a baseline figure and
+  throughout operations like issuance, revocation, and subsequent tidies, the
+  figure is updated.
+
+~> *Note*: It is strongly recommend to not enable this value if 50k or more
+   certificates are stored in the mount or if many PKI mounts are in use in
+   this cluster. Instead, use audit logs and aggregate this data externally
+   to Vault so as not to impact Vault performance.
+
+- `publish_stored_certificate_count_metrics` `(bool: false)` - When enabled,
+  publishes the value computed by `maintain_stored_certificate_counts` to
+  the mount's metrics. This requires the former to be enabled.
+
 #### Sample Payload

 ```json