HashiConf 2025 Don't miss the live stream of HashiConf Day 2 happening now View live stream

You are viewing documentation for version v1.18.x. View latest version.

Unix listener configuration

The Unix listener configures Vault to listen on the specified Unix domain socket.

listener "unix" {
  address = "/run/vault.sock"
}

The listener stanza may be specified more than once to make Vault listen on multiple sockets.

`unix` listener parameters

address (string: "/run/vault.sock", <required>) – Specifies the address to bind the Unix socket.
socket_mode (string: "", <optional>) – Changes the access permissions and the special mode flags of the Unix socket.
socket_user (string: "", <optional>) – Changes the user owner of the Unix socket.
socket_group (string: "", <optional>) – Changes the group owner of the Unix socket.

`unix` listener examples

Listening on multiple sockets

This example shows Vault listening on a specified socket, as well as the default.

listener "unix" {}

listener "unix" {
  address = "/var/run/vault.sock"
}

Listening on multiple interfaces

This example shows Vault listening on TCP localhost, as well as Unix socket.

listener "unix" {
  address = "/var/run/vault.sock"
}

listener "tcp" {
  address = "127.0.0.1:8200"
}

Configuring permissions

This example shows changing access permissions and ownership of the Unix socket.

listener "unix" {
  address = "/var/run/vault.sock"
  socket_mode = "644"
  socket_user = "1000"
  socket_group = "1000"
}