HashiConf
Join us this September for 3 days of talks, training, product news & more. Book Your Ticket Now

Getting Started

Web UI

Vault features a user interface (web interface) for interacting with Vault. Easily create, read, update, and delete secrets, authenticate, unseal, and more with the Vault UI.

Dev servers

When you start the Vault server in dev mode, Vault UI is automatically enabled and ready to use.

$ vault server -dev
...

Open a web browser and enter http://127.0.0.1:8200/ui to launch the UI.

Enter the initial root token to sign in.

Sign in

Non-Dev servers

The Vault UI is not activated by default. To activate the UI, set the ui configuration option in the Vault server configuration.

ui = true

listener "tcp" {
  # ...
}

storage "consul" {
  # ...
}

The UI runs on the same port as the Vault listener. As such, you must configure at least one listener stanza in order to access the UI.

Example:

ui = true

listener "tcp" {
  address = "10.0.1.35:8200"

  # If bound to localhost, the Vault UI is only
  # accessible from the local machine!
  # address = "127.0.0.1:8200"
}
...

In this case, the UI is accessible the following URL from any machine on the subnet (provided no network firewalls are in place): https://10.0.1.35:8200/ui

It is also accessible at any DNS entry that resolves to that IP address, such as the Consul service address (if using Consul): https://vault.service.consul:8200/ui

Web UI Wizard

Vault UI has a built-in guide to navigate you through the common steps to operate various Vault features.

Sign in