# Auto-Tidy Disabled

This health check ensures that vHSM’s auto-tidy functionality is enabled with appropriate settings to clean up revoked certificates, expired cert data, and related resources regularly and efficiently.

#### **Health Check Name:** `enable_auto_tidy`

#### **Accessed APIs**

| Method | Endpoint            | Description                            |
| ------ | ------------------- | -------------------------------------- |
| READ   | `/config/auto-tidy` | Retrieves the auto-tidy configuration. |

#### **Configuration Parameters**

| Parameter                    | Default Value | Description                                                              |
| ---------------------------- | ------------- | ------------------------------------------------------------------------ |
| `interval_duration_critical` | `7d`          | Maximum interval duration allowed before marking status as **Critical**. |
| `interval_duration_warning`  | `2d`          | Maximum interval duration allowed before marking status as **Warning**.  |
| `pause_duration_critical`    | `1s`          | Maximum pause duration allowed before marking status as **Critical**.    |
| `pause_duration_warning`     | `200ms`       | Maximum pause duration allowed before marking status as **Warning**.     |

#### **Health Check Description**

This health check verifies:

* Whether auto-tidy is enabled.
* Whether `interval_duration` and `pause_duration` are set within best-practice thresholds.

**Health Check results**

| Status Outcome         | Description                                                                                                                                          |
| ---------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Informational**      | Auto-tidy is disabled. This is a best practice recommendation but not mandatory.                                                                     |
| **Warning / Critical** | `interval_duration` or `pause_duration` values exceed the defined thresholds, potentially impacting performance or certificate lifecycle management. |

#### **Recommended Actions**

To remediate warnings or critical statuses and enable optimal certificate lifecycle management:

{% hint style="info" %}
**Note:** Replace `<mount>` with your actual secrets engine mount path.
{% endhint %}

**Enable Auto-Tidy with Recommended Defaults**

```bash
vhsm write <mount>/config/auto-tidy \
  enabled=true \
  tidy_cert_store=true \
  tidy_revoked_certs=true \
  tidy_acme=true \
  tidy_revocation_queue=true \
  tidy_cross_cluster_revoked_certs=true \
  tidy_revoked_cert_issuer_associations=true
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.enclaive.cloud/virtual-hsm/troubleshooting/auto-tidy-disabled.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.