vault/website/content/docs/concepts/dev-server.mdx
Erica Thompson 0660ea6fac
Update README (#31244)
* Update README

Let contributors know that docs will now be located in UDR

* Add comments to each mdx doc

Comment has been added to all mdx docs that are not partials

* chore: added changelog

changelog check failure

* wip: removed changelog

* Fix content errors

* Doc spacing

* Update website/content/docs/deploy/kubernetes/vso/helm.mdx

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

---------

Co-authored-by: jonathanfrappier <92055993+jonathanfrappier@users.noreply.github.com>
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2025-07-22 08:12:22 -07:00

60 lines
2.8 KiB
Plaintext

---
layout: docs
page_title: Dev Server Mode
description: >-
The dev server in Vault can be used for development or to experiment with
Vault.
---
> [!IMPORTANT]
> **Documentation Update:** Product documentation, which were located in this repository under `/website`, are now located in [`hashicorp/web-unified-docs`](https://github.com/hashicorp/web-unified-docs), colocated with all other product documentation. Contributions to this content should be done in the `web-unified-docs` repo, and not this one. Changes made to `/website` content in this repo will not be reflected on the developer.hashicorp.com website.
# "Dev" server mode
You can start Vault as a server in "dev" mode like so: `vault server -dev`.
This dev-mode server requires no further setup, and your local `vault` CLI will
be authenticated to talk to it. This makes it easy to experiment with Vault or
start a Vault instance for development. Every feature of Vault is available in
"dev" mode. The `-dev` flag just short-circuits a lot of setup to insecure
defaults.
~> **Warning:** Never, ever, ever run a "dev" mode server in production.
It is insecure and will lose data on every restart (since it stores data
in-memory). It is only made for development or experimentation.
## Properties
The properties of the dev server (some can be overridden with command line
flags or by specifying a configuration file):
- **Initialized and unsealed** - The server will be automatically initialized
and unsealed. You don't need to use `vault operator unseal`. It is ready
for use immediately.
- **In-memory storage** - All data is stored (encrypted) in-memory. Vault
server doesn't require any file permissions.
- **Bound to local address without TLS** - The server is listening on
`127.0.0.1:8200` (the default server address) _without_ TLS.
- **Automatically Authenticated** - The server stores your root access
token so `vault` CLI access is ready to go. If you are accessing Vault
via the API, you'll need to authenticate using the token printed out.
- **Single unseal key** - The server is initialized with a single unseal
key. The Vault is already unsealed, but if you want to experiment with
seal/unseal, then only the single outputted key is required.
- **Key Value store mounted** - A v2 KV secret engine is mounted at
`secret/`. Please be aware that there are differences with v1 KV.
If you want to use v1, use this flag `-dev-kv-v1`.
## Use case
The dev server should be used for experimentation with Vault features, such
as different auth methods, secrets engines, audit devices, etc.
If you're new to Vault, you may want to pick up with [Your First Secret](/vault/tutorials/getting-started/getting-started-first-secret) in our getting started guide.
In addition to experimentation, the dev server is very easy to automate
for development environments.