Skip to main content
In this tutorial, we’ll demonstrate how to launch HashiCorp Vault in development mode on your local machine. Dev mode is perfect for demos, testing integrations, or learning Vault—it runs entirely in-memory, starts unsealed, and provides a single unseal key and root token.
Dev mode is not secure. Do not use it in production environments.

Prerequisites

Before you begin:
  • Vault CLI installed and in your PATH.
  • Windows PowerShell or Command Prompt (for Windows users).
Verify your installation: 
PS C:\> vault version
Vault v1.7.0 (4e222b85c040a810b74400ee3c544494494797e32bb9f)

1. Starting Vault in Dev Mode

In a new shell (PowerShell or cmd), start Vault: 
vault server -dev
You should see output similar to: 
WARNING! Dev mode is enabled! In this mode, Vault runs entirely in-memory
and starts unsealed with a single unseal key. The root token is already
authenticated to the CLI, so you can immediately begin using Vault.

You may need to set the following environment variable:

PowerShell:
  $env:VAULT_ADDR="http://127.0.0.1:8200"
cmd.exe:
  set VAULT_ADDR=http://127.0.0.1:8200

Unseal Key: ZEgZgHSEEmmlnRboqtY0A00TUpleaoxo8SqqtFP2Q=
Root Token: s.d6931rVSdkpBINnnRvMHBRXR

Development mode should NOT be used in production installations!
This command runs Vault in the foreground. Open a second terminal window to interact with Vault without stopping the server.

2. Configuring Your Environment

By default, Vault listens on https://127.0.0.1:8200, but dev mode uses HTTP. Configure the VAULT_ADDR variable accordingly: PowerShell: 
PS C:\> $env:VAULT_ADDR = "http://127.0.0.1:8200"
Command Prompt: 
C:\> set VAULT_ADDR=http://127.0.0.1:8200

3. Checking Vault Status

Confirm Vault is unsealed and running in-memory: 
vault status
Example output: 
Key             Value
---             -----
Seal Type       shamir
Initialized     true
Sealed          false
Total Shares    1
Threshold       1
Version         1.7.0
Storage Type    inmem
Cluster Name    vault-cluster-48151c3a
HA Enabled      false
Notice Storage Type: inmem—all data resides in memory.

4. Listing Enabled Secrets Engines

Dev mode automatically enables several secrets engines. View them with: 
vault secrets list
PathTypeDescription
cubbyhole/cubbyholePer-token private secret storage
identity/identityIdentity store
secret/kvVersioned key/value secret storage (KV v2)
sys/systemSystem endpoints for control and debugging

5. Writing and Reading KV Secrets

The KV (Key/Value) engine is mounted at secret/.
  1. Write a secret: 
    vault kv put secret/vaultcourse/bryan bryan=bryan
    Sample response: 
    Key            Value
---            -----
created_time   2021-05-12T12:27:09.504562727Z
deletion_time  n/a
destroyed      false
version        1
  2. Read the secret back: 
    vault kv get secret/vaultcourse/bryan
    Example output: 
    === Metadata ===
Key            Value
---            -----
created_time   2021-05-12T12:27:09.504562727Z
deletion_time  n/a
destroyed      false
version        1

=== Data ===
Key    Value
---    -----
bryan  bryan

6. Cleaning Up

When you stop the dev server (e.g., Ctrl+C), all in-memory data is lost—ideal for ephemeral testing.
Every restart returns Vault to a clean slate.

Next Steps

Watch Video

Practice Lab