Document Agent v7.80 windows_certificate tag flags#23774
Open
mrafi97 wants to merge 1 commit into
Open
Conversation
Expand the Tags section of the windows_certificate README to describe the six opt-in flags added in Agent v7.80 (datadog-agent#49740) and the tags each flag emits.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: ab2fd73e72
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
|
||
| | Flag | Tags emitted | | ||
| | --- | --- | | ||
| | `certificate_template_tag` | `certificate_template`, `certificate_template_oid`, `certificate_template_major_version`, `certificate_template_minor_version` | |
There was a problem hiding this comment.
When certificate_template_tag is enabled, the Agent v7.80 implementation emits certificate_template_name for the template display/name value, not certificate_template; certificate_template_oid is only the V2 OID tag. Users following this table would group/filter on a tag that never appears and miss the name tag that is actually emitted.
Useful? React with 👍 / 👎.
drichards-87
approved these changes
May 20, 2026
Contributor
drichards-87
left a comment
drichards-87
left a comment
There was a problem hiding this comment.
Left a suggestion from Docs and approved the PR.
|
|
||
| The integration automatically tags all metrics and service checks with the name of the store in the `certificate_store:<STORE>` tag. Certificate metrics and service checks are tagged with the certificate's subjects, thumbprints and serial numbers. CRL metrics and service checks are tagged with the CRL's issuer and thumbprint. | ||
|
|
||
| Beginning with Agent v7.80, six opt-in flags expose additional certificate metadata as tags on per-certificate metrics and service checks. Each flag defaults to `false`; set it to `true` in your instance configuration to emit the corresponding tags. |
Contributor
There was a problem hiding this comment.
Suggested change
| Beginning with Agent v7.80, six opt-in flags expose additional certificate metadata as tags on per-certificate metrics and service checks. Each flag defaults to `false`; set it to `true` in your instance configuration to emit the corresponding tags. | |
| Beginning with Agent v7.80, six opt-in flags expose additional certificate metadata as tags on per-certificate metrics and service checks. Each flag defaults to `false`. Set the value to `true` in your instance configuration to emit the corresponding tags. |
temporal-github-worker-1
Bot
added
docs/approved
and removed
docs/review-requested
labels
Contributor
Validation ReportAll 20 validations passed. Show details
|
lrbhatia
approved these changes
May 20, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Expands the Tags section of
windows_certificate/README.mdto describe the six opt-in flags added to the Windows Certificate Store integration in Agent v7.80 (datadog-agent#49740) and the per-certificate tags each flag emits:certificate_template_tagcertificate_template,certificate_template_oid,certificate_template_major_version,certificate_template_minor_versionenhanced_key_usage_tagenhanced_key_usagefriendly_name_tagfriendly_namesubject_alternative_names_tagsubject_alt_name_dns,subject_alt_name_ip,subject_alt_name_email,subject_alt_name_uriissuer_tagissuer_CN,issuer_O,issuer_OU, and other issuer DN components when presentsignature_algorithm_tagsignature_algorithmAll flags default to
false.Motivation
Customers want to slice expiration metrics by additional certificate metadata (template, issuer, EKU, SAN, etc.). The agent-side work landed in datadog-agent#49740 and ships in Agent v7.80; this PR updates the public-facing docs to match. Tracked in WINA-2619 / WINA-2719.
Review checklist (to be filled by reviewers)
qa/requiredif this PR needs QA validation, orqa/skip-qaif it does not. Exactly one of the two is required.backport/<branch-name>label to the PR and it will automatically open a backport PR once this one is merged