HashiCorp Developer AI Private beta now available Sign up today
Vault
Vault Home

You are viewing documentation for version v1.16.x. View latest version.

unix listener

The Unix listener configures Vault to listen on the specified Unix domain socket.

listener "unix" {
  address = "/run/vault.sock"
}

The listener stanza may be specified more than once to make Vault listen on multiple sockets.

unix listener parameters

  • address (string: "/run/vault.sock", <required>) – Specifies the address to bind the Unix socket.

  • socket_mode (string: "", <optional>) – Changes the access permissions and the special mode flags of the Unix socket.

  • socket_user (string: "", <optional>) – Changes the user owner of the Unix socket.

  • socket_group (string: "", <optional>) – Changes the group owner of the Unix socket.

unix listener examples

Listening on multiple sockets

This example shows Vault listening on a specified socket, as well as the default.

listener "unix" {}

listener "unix" {
  address = "/var/run/vault.sock"
}

Listening on multiple interfaces

This example shows Vault listening on TCP localhost, as well as Unix socket.

listener "unix" {
  address = "/var/run/vault.sock"
}

listener "tcp" {
  address = "127.0.0.1:8200"
}

Configuring permissions

This example shows changing access permissions and ownership of the Unix socket.

listener "unix" {
  address = "/var/run/vault.sock"
  socket_mode = "644"
  socket_user = "1000"
  socket_group = "1000"
}