--- layout: docs page_title: Run Vault as a service description: >- Configure and deploy Vault as a service for Linux or Windows. --- # Run Vault as a service Instead of starting your Vault server manually from the command line, you can configure a service to start Vault automatically. ## Before you start - **You must install Vault**. You can [use a package manager](/vault/install) or [install a binary manually](/vault/docs/install/install-binary). ## Step 1: Create a new service The following service definition is a simpler version of the `vault.service` example in the Vault GitHub repo: [vault/.release/linux/package/usr/lib/systemd/system/vault.service](https://github.com/hashicorp/vault/blob/main/.release/linux/package/usr/lib/systemd/system/vault.service) 1. Set the `VAULT_CONFIG` environment variable to your Vault configuration directory. The default configuration directory is `/etc/vault.d`: ```shell-session $ VAULT_CONFIG=/etc/vault.d ``` 1. Confirm the path to your Vault binary: ``` $ VAULT_BINARY=$(which vault) ``` 1. Create a `systemd` service called `vault.service` that uses the Vault binary: ```shell-session $ sudo tee /lib/systemd/system/vault.service < The Windows binary for Vault does not support the Windows Service Application API. To run Vault as a service, you must use a Windows service wrapper. You can use whatever wrapper is appropriate for your environment, but the easiest we have found is `nssm`. 1. Download and install [`nssm`](https://nssm.cc/) manually or install the package with [Chocolatey](https://chocolatey.org/): ```powershell choco install nssm ``` 1. Set a `VAULT_HOME` environment variable to your preferred Vault home directory. For example, `c:\Program Files\Vault`: ```powershell $env:VAULT_HOME = "${env:ProgramFiles}\Vault" ``` 1. Use `nssm` to create a new Windows service: ```powershell nssm install MS_VAULT "${env:VAULT_HOME}\vault.exe" ``` 1. Set the working directory for your Vault installation: ```powershell nssm set MS_VAULT AppDirectory "${env:VAULT_HOME}" ; ` nssm set MS_VAULT AppParameters "server -config Config\vault.hcl" ``` 1. Define the runtime parameters for Vault, including the `-config` flag with the relative path to your Vault configuration file, for example `Config\vault.hcl`: ```powershell nssm set MS_VAULT AppDirectory "${env:VAULT_HOME}" ; ` nssm set MS_VAULT AppParameters "server -config Config\vault.hcl" ``` 1. Set the display name and description for the "Services" management console: ```powershell nssm set MS_VAULT DisplayName "Vault Service" ; ` nssm set MS_VAULT Description "Vault server running as a service" ``` 1. Set the startup type for your service. We recommend setting startup to "Manual" until you confirm the service is working as expected: ```powershell nssm set MS_VAULT Start SERVICE_DEMAND_START ``` 1. Configure the service to pipe information from `stdout` and `stderr` to files under your logging directory, for example `${env:VAULT_HOME}\Logs`: ```powershell nssm set MS_VAULT AppStdout "${env:VAULT_HOME}\Logs\vault-stdout.log" ; ` nssm set MS_VAULT AppStderr "${env:VAULT_HOME}\Logs\vault-error.log" ``` 1. Optionally, you can use the `AppEnvironmentExtra` parameter to set relevant variables for the service environment. For example, to set the `VAULT_ADDR` environment variable: ```powershell nssm set MS_VAULT AppEnvironmentExtra `$env:VAULT_ADDR=https://localhost:8200 ``` 1. Confirm your Vault service settings with `nssm`: ```powershell nssm dump MS_VAULT | Foreach {$_ -replace '.+nssm\.exe ',''} ``` ## Step 2: Start the new service 1. Reload the `systemd` configuration: ```shell-session $ sudo systemctl daemon-reload ``` 1. Start the Vault service: ```shell-session $ sudo systemctl start vault.service ``` 1. Verify the service status: ```shell-session $ systemctl status vault.service vault.service - "HashiCorp Vault" Loaded: loaded (/lib/systemd/system/vault.service; disabled; vendor preset: enabled) Active: active (running) since Thu 2024-09-05 13:58:45 UTC; 4s ago Docs: https://developer.hashicorp.com/vault/docs Main PID: 3145 (vault) Tasks: 8 (limit: 2241) Memory: 23.6M CPU: 200ms CGroup: /system.slice/vault.service └─3145 /usr/bin/vault server -config=/etc/vault.d/vault.hcl ``` Once you create the service, you can control it using standard `*-Service` cmdlets **or** the relevant commands for the associated wrapper. For example, to control the service with `nssm` use `nssm start MS_VAULT`. 1. Start the Vault service:: ```powershell Start-Service -Name MS_VAULT ``` 1. Confirm service status: ```powershell Get-Service -Name MS_VAULT Status Name DisplayName ------ ---- ----------- Running MS_VAULT Vault Service ``` ## Step 3: Verify the service is running To confirm the service is running and your Vault service is available, open the Vault GUI in a browser at the default address: [http://localhost:8200](http://localhost:8200) ## Related tutorials The following tutorials provide additional guidance for installing Vault and production cluster deployment: - [Day One Preparation](/vault/tutorials/day-one-raft) - [Recommended Patterns](/vault/tutorials/recommended-patterns)