stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
a4039791777056b9c3a1898ba215612465d97a88
git.stella-ops.org/ops/devops/attestation/ALERTS.md
StellaOps Bot e6119cbe91
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
up
2025-11-24 09:07:40 +02:00

1.1 KiB
Raw Blame History

Attestation Alerts & Dashboards (DEVOPS-ATTEST-75-001)

Prometheus alert rules

File: ops/devops/attestation/attestation-alerts.yaml

  • AttestorSignLatencyP95High: p95 signing latency > 2s for 5m.
  • AttestorVerifyLatencyP95High: p95 verification latency > 2s for 5m.
  • AttestorVerifyFailureRate: verification failures / requests > 2% over 5m.
  • AttestorKeyRotationStale: key not rotated in 30d.

Metrics expected:

  • attestor_sign_duration_seconds_bucket
  • attestor_verify_duration_seconds_bucket
  • attestor_verify_failures_total
  • attestor_verify_requests_total
  • attestor_key_last_rotated_seconds (gauge of Unix epoch seconds of last rotation)

Grafana

File: ops/devops/attestation/grafana/attestation-latency.json

  • Panels: signing p50/p95, verification p50/p95, failure rate, key-age gauge, last 24h error counts.

Runbook

  • Verify exporters scrape attestor-* metrics from Attestor service.
  • Ensure alertmanager routes team=devops to on-call.
  • Key rotation alert: rotate via standard KMS workflow; acknowledge alert after new metric value observed.