Vault features a user interface (web interface) for interacting with Vault. Easily create, read, update, and delete secrets, authenticate, unseal, and more with the Vault UI.
» Dev servers
When you start the Vault server in dev mode, Vault UI is automatically enabled and ready to use.
$ vault server -dev
...
Open a web browser and enter http://127.0.0.1:8200/ui to launch the UI.
Enter the initial root token to sign in.
» Non-Dev servers
The Vault UI is not activated by default. To activate the UI, set the ui
configuration option in the Vault server configuration.
ui = true
listener "tcp" {
# ...
}
storage "consul" {
# ...
}
The UI runs on the same port as the Vault listener. As such, you must configure
at least one listener stanza in order to access the UI.
Example:
ui = true
listener "tcp" {
address = "10.0.1.35:8200"
# If bound to localhost, the Vault UI is only
# accessible from the local machine!
# address = "127.0.0.1:8200"
}
...
In this case, the UI is accessible the following URL from any machine on the
subnet (provided no network firewalls are in place): https://10.0.1.35:8200/ui
It is also accessible at any DNS entry that resolves to that IP address, such as
the Consul service address (if using Consul):
https://vault.service.consul:8200/ui
» Web UI Wizard
Vault UI has a built-in guide to navigate you through the common steps to operate various Vault features.
