HashiConf 2024 Now streaming live from Boston! Attend for free
Vault
Vault Home

unix listener

The Unix listener configures Vault to listen on the specified Unix domain socket.

listener "unix" {
  address = "/run/vault.sock"
}

The listener stanza may be specified more than once to make Vault listen on multiple sockets.

unix listener parameters

  • address (string: "/run/vault.sock", <required>) – Specifies the address to bind the Unix socket.

  • socket_mode (string: "", <optional>) – Changes the access permissions and the special mode flags of the Unix socket.

  • socket_user (string: "", <optional>) – Changes the user owner of the Unix socket.

  • socket_group (string: "", <optional>) – Changes the group owner of the Unix socket.

unix listener examples

Listening on multiple sockets

This example shows Vault listening on a specified socket, as well as the default.

listener "unix" {}

listener "unix" {
  address = "/var/run/vault.sock"
}

Listening on multiple interfaces

This example shows Vault listening on TCP localhost, as well as Unix socket.

listener "unix" {
  address = "/var/run/vault.sock"
}

listener "tcp" {
  address = "127.0.0.1:8200"
}

Configuring permissions

This example shows changing access permissions and ownership of the Unix socket.

listener "unix" {
  address = "/var/run/vault.sock"
  socket_mode = "644"
  socket_user = "1000"
  socket_group = "1000"
}
Edit this page on GitHub