Auto-Tidy Disabled

Take the necessary steps to ensure that vHSM’s auto-tidy functionality is enabled, allowing for efficient and regular cleanup of revoked certificates, expired certificate data, and related resources.

This health check ensures that vHSM’s auto-tidy functionality is enabled with appropriate settings to clean up revoked certificates, expired cert data, and related resources regularly and efficiently.

Health Check Name: `enable_auto_tidy`

Accessed APIs

Method

Endpoint

Description

READ

/config/auto-tidy

Retrieves the auto-tidy configuration.

Configuration Parameters

Parameter

Default Value

Description

interval_duration_critical

7d

Maximum interval duration allowed before marking status as Critical.

interval_duration_warning

2d

Maximum interval duration allowed before marking status as Warning.

pause_duration_critical

1s

Maximum pause duration allowed before marking status as Critical.

pause_duration_warning

200ms

Maximum pause duration allowed before marking status as Warning.

Health Check Description

This health check verifies:

Whether auto-tidy is enabled.
Whether interval_duration and pause_duration are set within best-practice thresholds.

Health Check results

Status Outcome

Description

Informational

Auto-tidy is disabled. This is a best practice recommendation but not mandatory.

Warning / Critical

interval_duration or pause_duration values exceed the defined thresholds, potentially impacting performance or certificate lifecycle management.

Recommended Actions

To remediate warnings or critical statuses and enable optimal certificate lifecycle management:

Note: Replace <mount> with your actual secrets engine mount path.

Enable Auto-Tidy with Recommended Defaults

vhsm write <mount>/config/auto-tidy \
  enabled=true \
  tidy_cert_store=true \
  tidy_revoked_certs=true \
  tidy_acme=true \
  tidy_revocation_queue=true \
  tidy_cross_cluster_revoked_certs=true \
  tidy_revoked_cert_issuer_associations=true

PreviousAllow If-Modified-Since Requests NextTidy Hasn't Run

Last updated 1 month ago

Was this helpful?

vhsm write <mount>/config/auto-tidy \ enabled=true \ tidy_cert_store=true \ tidy_revoked_certs=true \ tidy_acme=true \ tidy_revocation_queue=true \ tidy_cross_cluster_revoked_certs=true \ tidy_revoked_cert_issuer_associations=true

Health Check Name: enable_auto_tidy

Accessed APIs

Configuration Parameters

Health Check Description

Recommended Actions

Health Check Name: enable_auto_tidy

Accessed APIs

Configuration Parameters

Health Check Description

Recommended Actions

Health Check Name: `enable_auto_tidy`

Health Check Name: `enable_auto_tidy`