open-vault/website/content/docs/commands/server.mdx
Jason O'Donnell 140406143e
command/server: add dev-tls flag (#16421)
* command/server: add dev-tls flag

* Add website documentation

* changelog

* Lower file permissions

* Update cert gen per review

* Add dev-tls-cert-dir flag and cert clean up

* fmt

* Update cert generation per review

* Remove unused function

* Add better error messages

* Log errors in cleanup, fix directory not existing bug

* Remove hidden flag from -dev-tls-cert-dir

* Add usage

* Update 16421.txt

* Update variable names for files

* Remove directory on cleanup
2022-07-22 14:04:03 -04:00

90 lines
3.4 KiB
Plaintext

---
layout: docs
page_title: server - Command
description: |-
The "server" command starts a Vault server that responds to API requests. By
default, Vault will start in a "sealed" state. The Vault cluster must be
initialized before use.
---
# server
The `server` command starts a Vault server that responds to API requests. By
default, Vault will start in a "sealed" state. The Vault cluster must be
initialized before use, usually by the `vault operator init` command. Each Vault
server must also be unsealed using the `vault operator unseal` command or the
API before the server can respond to requests.
For more information, please see:
- [`operator init` command](/docs/commands/operator/init) for information
on initializing a Vault server.
- [`operator unseal` command](/docs/commands/operator/unseal) for
information on providing unseal keys.
- [Vault configuration](/docs/configuration) for the syntax and
various configuration options for a Vault server.
## Examples
Start a server with a configuration file:
```shell-session
$ vault server -config=/etc/vault/config.hcl
```
Run in "dev" mode with a custom initial root token:
```shell-session
$ vault server -dev -dev-root-token-id="root"
```
## Usage
The following flags are available in addition to the [standard set of
flags](/docs/commands) included on all commands.
### Command Options
- `-config` `(string: "")` - Path to a configuration file or directory of
configuration files. This flag can be specified multiple times to load
multiple configurations. If the path is a directory, all files which end in
.hcl or .json are loaded.
- `-log-level` `(string: "info")` - Log verbosity level. Supported values (in
order of detail) are "trace", "debug", "info", "warn", and "err". This can
also be specified via the VAULT_LOG_LEVEL environment variable.
- `-log-format` `(string: "standard")` - Log format. Supported values
are "standard" and "json". This can also be specified via the
VAULT_LOG_FORMAT environment variable.
### Dev Options
- `-dev` `(bool: false)` - Enable development mode. In this mode, Vault runs
in-memory and starts unsealed. As the name implies, do not run "dev" mode in
production.
- `-dev-tls` `(bool: false)` - Enable TLS development mode. In this mode, Vault runs
in-memory and starts unsealed with a generated TLS CA, certificate and key.
As the name implies, do not run "dev" mode in production.
- `-dev-tls-cert-dir` `(string: "")` - Directory where generated TLS files are created if `-dev-tls` is specified. If left unset, files are generated in a temporary directory.
- `-dev-listen-address` `(string: "127.0.0.1:8200")` - Address to bind to in
"dev" mode. This can also be specified via the `VAULT_DEV_LISTEN_ADDRESS`
environment variable.
- `-dev-root-token-id` `(string: "")` - Initial root token. This only applies
when running in "dev" mode. This can also be specified via the
`VAULT_DEV_ROOT_TOKEN_ID` environment variable.
_Note:_ The token ID should not start with the `s.` prefix.
- `-dev-no-store-token` `(string: "")` - Do not persist the dev root token to
the token helper (usually the local filesystem) for use in future requests.
The token will only be displayed in the command output.
- `-dev-plugin-dir` `(string: "")` - Directory from which plugins are allowed to be loaded. Only applies in "dev" mode, it will automatically register all the plugins in the provided directory.