open-vault/website/content/docs/concepts/dev-server.mdx

57 lines
2.3 KiB
Plaintext
Raw Normal View History

2015-04-14 01:13:19 +00:00
---
layout: docs
page_title: Dev Server Mode
description: >-
The dev server in Vault can be used for development or to experiment with
Vault.
2015-04-14 01:13:19 +00:00
---
# "Dev" Server Mode
You can start Vault as a server in "dev" mode like so: `vault server -dev`.
This dev-mode server requires no further setup, and your local `vault` CLI will
be authenticated to talk to it. This makes it easy to experiment with Vault or
2016-01-14 18:42:47 +00:00
start a Vault instance for development. Every feature of Vault is available in
"dev" mode. The `-dev` flag just short-circuits a lot of setup to insecure
defaults.
2015-04-14 01:13:19 +00:00
~> **Warning:** Never, ever, ever run a "dev" mode server in production.
It is insecure and will lose data on every restart (since it stores data
in-memory). It is only made for development or experimentation.
## Properties
2018-10-15 16:56:24 +00:00
The properties of the dev server (some can be overridden with command line
flags or by specifying a configuration file):
2015-04-14 01:13:19 +00:00
- **Initialized and unsealed** - The server will be automatically initialized
and unsealed. You don't need to use `vault operator unseal`. It is ready
for use immediately.
2015-04-14 01:13:19 +00:00
- **In-memory storage** - All data is stored (encrypted) in-memory. Vault
server doesn't require any file permissions.
2015-04-14 01:13:19 +00:00
- **Bound to local address without TLS** - The server is listening on
`127.0.0.1:8200` (the default server address) _without_ TLS.
2015-04-14 01:13:19 +00:00
- **Automatically Authenticated** - The server stores your root access
token so `vault` CLI access is ready to go. If you are accessing Vault
via the API, you'll need to authenticate using the token printed out.
2015-04-14 01:13:19 +00:00
- **Single unseal key** - The server is initialized with a single unseal
key. The Vault is already unsealed, but if you want to experiment with
seal/unseal, then only the single outputted key is required.
- **Key Value store mounted** - A v2 KV secret engine is mounted at
`secret/`. Please be aware that there are differences with v1 KV.
If you want to use v1, use this flag `-dev-kv-v1`.
2015-04-14 01:13:19 +00:00
## Use Case
The dev server should be used for experimentation with Vault features, such
2017-09-21 21:14:40 +00:00
as different auth methods, secrets engines, audit devices, etc.
If you're new to Vault, you may want to pick up with [Your First Secret](https://learn.hashicorp.com/vault/getting-started/first-secret) in our getting started guide.
2015-04-14 01:13:19 +00:00
In addition to experimentation, the dev server is very easy to automate
for development environments.