Vault features a user interface (web interface) for interacting with Vault. Easily create, read, update, and delete secrets, authenticate, unseal, and more with the Vault UI.
Dev servers
When you start the Vault server in dev mode, Vault UI is automatically enabled and ready to use.
$ vault server -dev
...
Open a web browser and enter http://127.0.0.1:8200/ui to launch the UI.
Enter the initial root token to sign in.
Non-Dev servers
The Vault UI is not activated by default. To activate the UI, set the ui
configuration option in the Vault server configuration.
ui = true
listener "tcp" {
# ...
}
storage "consul" {
# ...
}
The UI runs on the same port as the Vault listener. As such, you must configure
at least one listener
stanza in order to access the UI.
Example:
ui = true
listener "tcp" {
address = "10.0.1.35:8200"
# If bound to localhost, the Vault UI is only
# accessible from the local machine!
# address = "127.0.0.1:8200"
}
...
In this case, the UI is accessible the following URL from any machine on the
subnet (provided no network firewalls are in place): https://10.0.1.35:8200/ui
It is also accessible at any DNS entry that resolves to that IP address, such as
the Consul service address (if using Consul):
https://vault.service.consul:8200/ui
Web UI Wizard
Vault UI has a built-in guide to navigate you through the common steps to operate various Vault features.