open-vault/website/source/docs/commands/environment.html.md

1.8 KiB

layout page_title sidebar_current description
docs Environment docs-commands-environment Vault's behavior can be modified by certain environment variables.

Environment variables

The Vault CLI will read the following environment variables to set behavioral defaults. These can be overridden in all cases using command-line arguments; see the command-line help for details.

The following table describes them:

Variable name Value
VAULT_TOKEN The Vault authentication token. If not specified, the token located in $HOME/.vault-token will be used if it exists.
VAULT_ADDR The address of the Vault server.
VAULT_ADVERTISE_ADDR The advertised address of the server to use for client request forwarding when running in High Availability mode.
VAULT_CACERT Path to a PEM-encoded CA cert file to use to verify the Vault server SSL certificate.
VAULT_CAPATH Path to a directory of PEM-encoded CA cert files to verify the Vault server SSL certificate. If VAULT_CACERT is specified, its value will take precedence.
VAULT_CLIENT_CERT Path to a PEM-encoded client certificate for TLS authentication to the Vault server.
VAULT_CLIENT_KEY Path to an unencrypted PEM-encoded private key matching the client certificate.
VAULT_SKIP_VERIFY If set, do not verify Vault's presented certificate before communicating with it. Setting this variable is not recommended except during testing.