---
layout: docs
page_title: Generate a development configuration file
description: >-
Use the Vault CLI to create a basic development configuration file to run
Vault Agent in process supervisor mode.
---
> [!IMPORTANT]
> **Documentation Update:** Product documentation, which were located in this repository under `/website`, are now located in [`hashicorp/web-unified-docs`](https://github.com/hashicorp/web-unified-docs), colocated with all other product documentation. Contributions to this content should be done in the `web-unified-docs` repo, and not this one. Changes made to `/website` content in this repo will not be reflected on the developer.hashicorp.com website.
# Generate a Vault Agent development configuration file
Use the Vault CLI to create a basic development configuration file to run Vault
Agent in process supervisor mode.
Development configuration files include an `auto_auth` section that reference a
token file based on the Vault token used to authenticate the CLI command. Token
files are convenient for local testing but **are not** appropriate for in
production. **Always use a robust
[auto-authentication method](/vault/docs/agent-and-proxy/autoauth/methods) in
production**.
- You have [set up a `kv` v2 plugin](/vault/docs/secrets/kv/kv-v2/setup).
- Your authentication token has `read` permissions for the `kv` v2 plugin.
Use [`vault agent generate-config`](/vault/docs/commands/agent/generate-config)
to create a development configuration file with environment variable templates:
```shell-session
$ vault agent generate-config
-type "env-template" \
-exec " " \
-namespace "" \
-path "" \
-path "" \
...
-path "" \
```
For example:
```shell-session
$ vault agent generate-config \
-type="env-template" \
-exec="./payment-app 'wf-test'" \
-namespace="testing" \
-path="shared/dev/*" \
-path="private/ci/integration" \
agent-config.hcl
Successfully generated "agent-config.hcl" configuration file!
Warning: the generated file uses 'token_file' authentication method, which is not suitable for production environments.
```
The configuration file includes `env_template` entries for each key stored at
the explicit paths and any key encountered while recursing through paths ending
with `/*`. Template keys have the form `_`.
For example:
```hcl
auto_auth {
method {
type = "token_file"
config {
token_file_path = "/home//.vault-token"
}
}
}
template_config {
static_secret_render_interval = "5m"
exit_on_retry_failure = true
max_connections_per_host = 10
}
vault {
address = "http://192.168.0.1:8200"
}
env_template "SQUARE_API_PROD" {
contents = "{{ with secret \"shared/data/dev/square-api\" }}{{ .Data.data.prod }}{{ end }}"
error_on_missing_key = true
}
env_template "SQUARE_API_SANDBOX" {
contents = "{{ with secret \"shared/data/dev/square-api\" }}{{ .Data.data.sandbox }}{{ end }}"
error_on_missing_key = true
}
env_template "SQUARE_API_SMOKE" {
contents = "{{ with secret \"shared/data/dev/square-api\" }}{{ .Data.data.smoke }}{{ end }}"
error_on_missing_key = true
}
env_template "SEEDS_SEED1" {
contents = "{{ with secret \"shared/data/dev/seeds\" }}{{ .Data.data.seed1 }}{{ end }}"
error_on_missing_key = true
}
env_template "SEEDS_SEED2" {
contents = "{{ with secret \"shared/data/dev/seeds\" }}{{ .Data.data.seed2 }}{{ end }}"
error_on_missing_key = true
}
env_template "DEV_POSTMAN" {
contents = "{{ with secret \"private/data/ci/integration\" }}{{ .Data.data.postman }}{{ end }}"
error_on_missing_key = true
}
exec {
command = ["./payment-app", "'wf-test'"]
restart_on_secret_changes = "always"
restart_stop_signal = "SIGTERM"
}
```