Getting Started

Web UI

Vault features a user interface (web interface) for interacting with Vault. Easily create, read, update, and delete secrets, authenticate, unseal, and more with the Vault UI.

» Dev servers

When you start the Vault server in dev mode, Vault UI is automatically enabled and ready to use.

$ vault server -dev
...

Open a web browser and enter http://127.0.0.1:8200/ui to launch the UI.

Enter the initial root token to sign in.

Sign in

» Non-Dev servers

The Vault UI is not activated by default. To activate the UI, set the ui configuration option in the Vault server configuration.

ui = true

listener "tcp" {
  # ...
}

storage "consul" {
  # ...
}

The UI runs on the same port as the Vault listener. As such, you must configure at least one listener stanza in order to access the UI.

Example:

ui = true

listener "tcp" {
  address = "10.0.1.35:8200"

  # If bound to localhost, the Vault UI is only
  # accessible from the local machine!
  # address = "127.0.0.1:8200"
}
...

In this case, the UI is accessible the following URL from any machine on the subnet (provided no network firewalls are in place): https://10.0.1.35:8200/ui

It is also accessible at any DNS entry that resolves to that IP address, such as the Consul service address (if using Consul): https://vault.service.consul:8200/ui

» Web UI Wizard

Vault UI has a built-in guide to navigate you through the common steps to operate various Vault features.

Sign in