Grafana Dashboards
Compliance edition
This feature ships with Tayra.Compliance and requires a Compliance edition license. See Licensing for the edition comparison.
Tayra ships a pre-built Grafana dashboard template and Prometheus alerting rules in the dashboards/ directory. Zero code required - just import into Grafana and connect to your Prometheus data source.
The Essentials edition emits every Tayra metric via OpenTelemetry / Prometheus, so you can build your own visualization against those metrics. The curated dashboard at dashboards/grafana/tayra-compliance-dashboard.json plus the regulator-facing panels (Article 15/20 access reports, Article 33/34 breach assessments) only ship with Compliance.
Dashboard Panels
Overview
High-level counters and gauges for at-a-glance health monitoring:
| Panel | Type | Metric(s) |
|---|---|---|
| Total Encryptions | Stat | tayra_encrypt_count_total |
| Total Decryptions | Stat | tayra_decrypt_count_total |
| Cache Hit Ratio | Gauge | tayra_cache_hits_total / (tayra_cache_hits_total + tayra_cache_misses_total) |
| Keys Created | Stat | tayra_keys_created_total |
| Keys Deleted | Stat | tayra_keys_deleted_total |
| Keys Expired | Stat | tayra_keys_expired_total |
Throughput
Time series panels for encryption and decryption performance:
| Panel | Type | Metric(s) |
|---|---|---|
| Encrypt/Decrypt Rate | Time series | rate(tayra_encrypt_count_total[5m]), rate(tayra_decrypt_count_total[5m]) |
| Encrypt Latency Percentiles | Time series | tayra_encrypt_duration p50, p95, p99 |
| Decrypt Latency Percentiles | Time series | tayra_decrypt_duration p50, p95, p99 |
Key Store
Key store operation latency and cache effectiveness:
| Panel | Type | Metric(s) |
|---|---|---|
| Key Store Latency Percentiles | Time series | tayra_keystore_duration p50, p95, p99 |
| Cache Hits vs Misses | Time series | rate(tayra_cache_hits_total[5m]), rate(tayra_cache_misses_total[5m]) |
Key Lifecycle
Key management events over time:
| Panel | Type | Metric(s) |
|---|---|---|
| Key Creation Events | Time series | rate(tayra_keys_created_total[5m]) |
| Key Deletion Events | Time series | rate(tayra_keys_deleted_total[5m]) |
| Key Expiry Events | Time series | rate(tayra_keys_expired_total[5m]) |
| Cache Hit Ratio Trend | Time series | tayra_cache_hits_total / (tayra_cache_hits_total + tayra_cache_misses_total) |
Migrations
Panels tracking encryption-migration tooling activity:
| Panel | Type | Metric(s) |
|---|---|---|
| Migration Rows Encrypted | Stat / Time series | tayra_migration_rows_encrypted_total |
| Blind Indexes Recomputed | Stat / Time series | tayra_blind_index_recomputed_total |
GDPR Compliance
Panels tracking regulator-facing GDPR artifacts:
| Panel | Type | Metric(s) |
|---|---|---|
| Access Reports Generated | Stat | tayra_access_reports_total |
| Breach Assessments | Stat | tayra_breach_assessments_total |
| GDPR Events Over Time | Time series | rate(tayra_access_reports_total[5m]), rate(tayra_breach_assessments_total[5m]) |
Installation
1. Export Tayra Metrics to Prometheus
Configure the OpenTelemetry SDK to export Tayra metrics to Prometheus:
using OpenTelemetry.Metrics;
builder.Services.AddOpenTelemetry()
.WithMetrics(metrics => metrics
.AddMeter("Tayra")
.AddPrometheusExporter());
// Expose the /metrics endpoint for Prometheus scraping
app.MapPrometheusScrapingEndpoint();Alternatively, use the OTLP exporter to push metrics to a Prometheus-compatible backend (e.g., Grafana Mimir, Thanos):
builder.Services.AddOpenTelemetry()
.WithMetrics(metrics => metrics
.AddMeter("Tayra")
.AddOtlpExporter());2. Import the Dashboard
Compliance edition required
This dashboard ships with Tayra.Compliance. With the Essentials edition, you have all of the underlying metrics via OpenTelemetry but not the curated dashboard - build your own panels against the metric names listed above, or upgrade.
- Open your Grafana instance
- Navigate to Dashboards > Import
- Click Upload JSON file and select
dashboards/grafana/tayra-compliance-dashboard.json - Select your Prometheus data source from the dropdown
- Click Import
The dashboard appears with all rows of panels pre-configured: Overview, Throughput, Key Store, Key Lifecycle, Migrations, and GDPR Compliance Events.
3. Verify Data
After importing, confirm that metrics are flowing by checking the Overview row. The stat panels should show non-zero values once your application has processed some encryption or decryption operations.
Prometheus Alerting Rules
Tayra includes a set of production-ready alerting rules at dashboards/prometheus/tayra-alerting-rules.yml. Copy or include this file in your Prometheus configuration.
Alert Definitions
| Alert | Severity | Condition | Description |
|---|---|---|---|
TayraHighEncryptionErrorRate | critical | Error rate > 5% for 5 minutes | A significant percentage of encryption operations are failing. Investigate key store connectivity and key availability. |
TayraKeyStoreLatencyWarning | warning | p95 latency > 200ms | Key store operations are slower than expected. Check database connection pooling and network latency. |
TayraKeyStoreLatencyCritical | critical | p99 latency > 1000ms | Key store operations are critically slow. Immediate investigation required. |
TayraLowCacheHitRatioWarning | warning | Cache hit ratio < 80% | Cache effectiveness is degraded. Consider increasing KeyCacheDuration in TayraOptions. |
TayraLowCacheHitRatioCritical | critical | Cache hit ratio < 50% | Cache is severely underperforming. Check for high key churn or misconfigured cache settings. |
TayraHighKeyExpiryRate | warning | Key expiry rate unusually high | An unexpected number of keys are expiring. Review retention policies and TTL settings. |
TayraKeyDeletionSpike | warning | Key deletion rate spike detected | A sudden increase in key deletions may indicate a bulk crypto-shredding operation or an incident. |
TayraBreachAssessmentTriggered | critical | tayra_breach_assessments_total increases | A breach impact assessment has been triggered. Follow your incident response procedure. |
Installing Alerting Rules
Add the alerting rules file to your Prometheus configuration:
# prometheus.yml
rule_files:
- "dashboards/prometheus/tayra-alerting-rules.yml"Then reload Prometheus:
# Send SIGHUP to Prometheus
kill -HUP $(pidof prometheus)
# Or use the reload endpoint (if --web.enable-lifecycle is set)
curl -X POST http://localhost:9090/-/reloadFull OpenTelemetry Setup Example
For a complete setup exporting both traces and metrics:
using OpenTelemetry.Metrics;
using OpenTelemetry.Trace;
builder.Services.AddOpenTelemetry()
.WithTracing(tracing => tracing
.AddSource("Tayra")
.AddOtlpExporter())
.WithMetrics(metrics => metrics
.AddMeter("Tayra")
.AddPrometheusExporter());
// Expose the Prometheus scrape endpoint
app.MapPrometheusScrapingEndpoint();This configuration:
- Exports distributed traces via OTLP (for Jaeger, Grafana Tempo, etc.)
- Exposes a
/metricsendpoint for Prometheus to scrape - Feeds all the data needed by the Tayra Grafana dashboard and alerting rules
See Also
- Observability - Metrics and tracing reference
- Health Checks - Key store connectivity monitoring
- Configuration - Cache duration and key size options