open-vault/website/source/intro/getting-started/dev-server.html.md

119 lines
4 KiB
Markdown
Raw Normal View History

2015-04-07 02:01:15 +00:00
---
layout: "intro"
page_title: "Starting the Server - Getting Started"
2015-04-07 02:01:15 +00:00
sidebar_current: "gettingstarted-devserver"
description: |-
After installing Vault, the next step is to start the server.
---
# Starting the Vault Server
With Vault installed, the next step is to start a Vault server.
Vault operates as a client/server application. The Vault server is the only
piece of the Vault architecture that interacts with the data storage and
backends. All operations done via the Vault CLI interact with the server over a
TLS connection.
2015-04-07 02:01:15 +00:00
In this page, we'll start and interact with the Vault server to understand how
the server is started.
2015-04-07 02:01:15 +00:00
2015-04-29 17:53:24 +00:00
## Starting the Dev Server
2015-04-07 02:01:15 +00:00
First, we're going to start a Vault _dev server_. The dev server is a built-in,
pre-configured server that is not very secure but useful for playing with Vault
locally. Later in this guide we'll configure and start a real server.
2015-04-07 02:01:15 +00:00
To start the Vault dev server, run:
2015-04-07 02:01:15 +00:00
2017-09-21 17:39:26 +00:00
```text
2015-04-07 02:01:15 +00:00
$ vault server -dev
==> Vault server configuration:
2015-04-07 02:01:15 +00:00
2017-09-21 17:39:26 +00:00
Cgo: disabled
Cluster Address: https://127.0.0.1:8201
Listener 1: tcp (addr: "127.0.0.1:8200", cluster address: "127.0.0.1:8201", tls: "disabled")
Log Level: info
Mlock: supported: false, enabled: false
Redirect Address: http://127.0.0.1:8200
Storage: inmem
2017-09-21 17:39:26 +00:00
Version: Vault v1.2.3
Version Sha: ...
2015-04-07 02:01:15 +00:00
WARNING! dev mode is enabled! In this mode, Vault runs entirely in-memory
and starts unsealed with a single unseal key. The root token is already
authenticated to the CLI, so you can immediately begin using Vault.
2015-04-07 02:01:15 +00:00
You may need to set the following environment variable:
2015-04-07 02:01:15 +00:00
$ export VAULT_ADDR='http://127.0.0.1:8200'
2015-04-07 02:01:15 +00:00
The unseal key and initial root token are displayed below in case you want to
seal/unseal the Vault or re-authenticate.
2015-04-07 02:01:15 +00:00
2017-09-21 17:39:26 +00:00
Unseal Key: 1aKM7rNnyW+7Jx1XDAXFswgkRVe+78JB28k/bel90jY=
Root Token: root
Development mode should NOT be used in production installations!
2015-04-07 02:01:15 +00:00
==> Vault server started! Log data will stream in below:
2015-04-07 02:01:15 +00:00
# ...
2015-04-07 02:01:15 +00:00
```
You should see output similar to that above. Vault does not fork, so it will
continue to run in the foreground. Open another shell or terminal tab to run the
remaining commands.
The dev server stores all its data in-memory (but still encrypted), listens on
`localhost` without TLS, and automatically unseals and shows you the unseal key
and root access key. **Do not run a dev server in production!**
2015-04-07 02:01:15 +00:00
With the dev server running, do the following three things before anything else:
2015-04-07 02:01:15 +00:00
1. Launch a new terminal session.
2. Copy and run the `export VAULT_ADDR ...` command from the terminal
2015-04-07 02:01:15 +00:00
output. This will configure the Vault client to talk to our dev server.
3. Save the unseal key somewhere. Don't worry about _how_ to save this
2015-04-07 02:01:15 +00:00
securely. For now, just save it anywhere.
4. Do the same as step 3, but with the root token. We'll use this later.
2015-04-07 02:01:15 +00:00
## Verify the Server is Running
Verify the server is running by running the `vault status` command. This should
2015-04-07 02:01:15 +00:00
succeed and exit with exit code 0. If you see an error about opening
a connection, make sure you copied and executed the `export VAULT_ADDR...`
command from above properly.
If it ran successfully, the output should look like the below:
2015-04-07 02:01:15 +00:00
2017-09-21 17:39:26 +00:00
```text
2015-04-20 19:13:28 +00:00
$ vault status
2017-09-21 17:39:26 +00:00
Key Value
--- -----
Sealed false
Total Shares 1
Version (version unknown)
Cluster Name vault-cluster-81109a1a
Cluster ID f6e0aa8a-700e-38b8-5dc5-4265c880b2a1
HA Enabled false
2015-04-07 02:01:15 +00:00
```
2017-09-21 17:39:26 +00:00
If the output looks different, especially if the numbers are different or the
Vault is sealed, then restart the dev server and try again. The only reason
these would ever be different is if you're running a dev server from going
through this guide previously.
2015-04-07 02:01:15 +00:00
We'll cover what this output means later in the guide.
## Next
Congratulations! You've started your first Vault server. We haven't stored
any secrets yet, but we'll do that in the next section.
Next, we're going to
[read and write our first secrets](/intro/getting-started/first-secret.html).