1--- 2layout: "docs" 3page_title: "UI - Configuration" 4sidebar_title: "<code>ui</code>" 5sidebar_current: "docs-configuration-ui" 6description: |- 7 Vault features a user interface (web interface) for interacting with Vault. 8 Easily create, read, update, and delete secrets, authenticate, unseal, and 9 more with the Vault UI. 10--- 11 12# Vault UI 13 14Vault features a user interface (web interface) for interacting with Vault. 15Easily create, read, update, and delete secrets, authenticate, unseal, and 16more with the Vault UI. 17 18-> The UI requires **Vault 0.10 or higher** or Vault Enterprise. 19 20## Activating the Vault UI 21 22The Vault UI is not activated by default. To activate the UI, set the `ui` 23configuration option in the Vault server configuration. Vault clients do not 24need to set this option, since they will not be serving the UI. 25 26```hcl 27ui = true 28 29listener "tcp" { 30 # ... 31} 32``` 33 34For more information, please see the 35[Vault configuration options](/docs/configuration/index.html). 36 37## Accessing the Vault UI 38 39The UI runs on the same port as the Vault listener. As such, you must configure 40at least one `listener` stanza in order to access the UI. 41 42```hcl 43listener "tcp" { 44 address = "10.0.1.35:8200" 45 46 # If bound to localhost, the Vault UI is only 47 # accessible from the local machine! 48 # address = "127.0.0.1:8200" 49} 50``` 51 52In this case, the UI is accessible the following URL from any machine on the 53subnet (provided no network firewalls are in place): 54 55```text 56https://10.0.1.35:8200/ui/ 57``` 58 59It is also accessible at any DNS entry that resolves to that IP address, such as 60the Consul service address (if using Consul): 61 62```text 63https://vault.service.consul:8200/ui/ 64``` 65 66### Note on TLS 67 68When using TLS (recommended), the certificate must be valid for all DNS entries 69you will be accessing the Vault UI on, and any IP addresses on the SAN. If you 70are running Vault with a self-signed certificate, any browsers that access the 71Vault UI will need to have the root CA installed. Failure to do so may result in 72the browser displaying a warning that the site is "untrusted". It is highly 73recommended that client browsers accessing the Vault UI install the proper CA 74root for validation to reduce the chance of a MITM attack. 75