Erica Thompson 0660ea6fac
Update README (#31244)
* Update README

Let contributors know that docs will now be located in UDR

* Add comments to each mdx doc

Comment has been added to all mdx docs that are not partials

* chore: added changelog

changelog check failure

* wip: removed changelog

* Fix content errors

* Doc spacing

* Update website/content/docs/deploy/kubernetes/vso/helm.mdx

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

---------

Co-authored-by: jonathanfrappier <92055993+jonathanfrappier@users.noreply.github.com>
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2025-07-22 08:12:22 -07:00

79 lines
2.6 KiB
Plaintext

---
layout: docs
page_title: GUI - Configuration
description: >-
Configure the web interface (GUI) for Vault.
---
> [!IMPORTANT]
> **Documentation Update:** Product documentation, which were located in this repository under `/website`, are now located in [`hashicorp/web-unified-docs`](https://github.com/hashicorp/web-unified-docs), colocated with all other product documentation. Contributions to this content should be done in the `web-unified-docs` repo, and not this one. Changes made to `/website` content in this repo will not be reflected on the developer.hashicorp.com website.
# Vault GUI configuration
Vault features a user interface (web interface) for interacting with Vault.
Easily create, read, update, and delete secrets, authenticate, unseal, and
more with the Vault GUI.
## Activating the Vault GUI
The Vault GUI is not activated by default. To activate the UI, set the `ui`
configuration option in the Vault server configuration. Vault clients do not
need to set this option, since they will not be serving the UI.
```hcl
ui = true
listener "tcp" {
# ...
}
```
For more information, please see the
[Vault configuration options](/vault/docs/configuration).
## Accessing the Vault GUI
The UI runs on the same port as the Vault listener. As such, you must configure
at least one `listener` stanza in order to access the UI.
```hcl
listener "tcp" {
address = "10.0.1.35:8200"
# If bound to localhost, the Vault GUI is only
# accessible from the local machine!
# address = "127.0.0.1:8200"
}
```
In this case, the UI is accessible at the following URL from any machine on the
subnet (provided no network firewalls are in place):
```text
https://10.0.1.35:8200/ui/
```
It is also accessible at any DNS entry that resolves to that IP address, such as
the Consul service address (if using Consul):
```text
https://vault.service.consul:8200/ui/
```
### Note on TLS
When using TLS (recommended), the certificate must be valid for all DNS entries
you will be accessing the Vault GUI on, and any IP addresses on the SAN. If you
are running Vault with a self-signed certificate, any browsers that access the
Vault GUI will need to have the root CA installed. Failure to do so may result in
the browser displaying a warning that the site is "untrusted". It is highly
recommended that client browsers accessing the Vault GUI install the proper CA
root for validation to reduce the chance of a MITM attack.
## CLI emulation in the Vault GUI
The Vault GUI includes an interactive Web REPL to interact with Vault's API much
like the Vault CLI. For more on that, see the
[Web REPL documentation](/vault/docs/commands/web).