mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-22 15:11:07 +02:00
* Update README Let contributors know that docs will now be located in UDR * Add comments to each mdx doc Comment has been added to all mdx docs that are not partials * chore: added changelog changelog check failure * wip: removed changelog * Fix content errors * Doc spacing * Update website/content/docs/deploy/kubernetes/vso/helm.mdx Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> --------- Co-authored-by: jonathanfrappier <92055993+jonathanfrappier@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
79 lines
2.6 KiB
Plaintext
79 lines
2.6 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: GUI - Configuration
|
|
description: >-
|
|
Configure the web interface (GUI) for Vault.
|
|
---
|
|
|
|
> [!IMPORTANT]
|
|
> **Documentation Update:** Product documentation, which were located in this repository under `/website`, are now located in [`hashicorp/web-unified-docs`](https://github.com/hashicorp/web-unified-docs), colocated with all other product documentation. Contributions to this content should be done in the `web-unified-docs` repo, and not this one. Changes made to `/website` content in this repo will not be reflected on the developer.hashicorp.com website.
|
|
|
|
# Vault GUI configuration
|
|
|
|
Vault features a user interface (web interface) for interacting with Vault.
|
|
Easily create, read, update, and delete secrets, authenticate, unseal, and
|
|
more with the Vault GUI.
|
|
|
|
## Activating the Vault GUI
|
|
|
|
The Vault GUI is not activated by default. To activate the UI, set the `ui`
|
|
configuration option in the Vault server configuration. Vault clients do not
|
|
need to set this option, since they will not be serving the UI.
|
|
|
|
```hcl
|
|
ui = true
|
|
|
|
listener "tcp" {
|
|
# ...
|
|
}
|
|
```
|
|
|
|
For more information, please see the
|
|
[Vault configuration options](/vault/docs/configuration).
|
|
|
|
## Accessing the Vault GUI
|
|
|
|
The UI runs on the same port as the Vault listener. As such, you must configure
|
|
at least one `listener` stanza in order to access the UI.
|
|
|
|
```hcl
|
|
listener "tcp" {
|
|
address = "10.0.1.35:8200"
|
|
|
|
# If bound to localhost, the Vault GUI is only
|
|
# accessible from the local machine!
|
|
# address = "127.0.0.1:8200"
|
|
}
|
|
```
|
|
|
|
In this case, the UI is accessible at the following URL from any machine on the
|
|
subnet (provided no network firewalls are in place):
|
|
|
|
```text
|
|
https://10.0.1.35:8200/ui/
|
|
```
|
|
|
|
It is also accessible at any DNS entry that resolves to that IP address, such as
|
|
the Consul service address (if using Consul):
|
|
|
|
```text
|
|
https://vault.service.consul:8200/ui/
|
|
```
|
|
|
|
### Note on TLS
|
|
|
|
When using TLS (recommended), the certificate must be valid for all DNS entries
|
|
you will be accessing the Vault GUI on, and any IP addresses on the SAN. If you
|
|
are running Vault with a self-signed certificate, any browsers that access the
|
|
Vault GUI will need to have the root CA installed. Failure to do so may result in
|
|
the browser displaying a warning that the site is "untrusted". It is highly
|
|
recommended that client browsers accessing the Vault GUI install the proper CA
|
|
root for validation to reduce the chance of a MITM attack.
|
|
|
|
|
|
## CLI emulation in the Vault GUI
|
|
|
|
The Vault GUI includes an interactive Web REPL to interact with Vault's API much
|
|
like the Vault CLI. For more on that, see the
|
|
[Web REPL documentation](/vault/docs/commands/web).
|