kitestacks-homelab/apps/vault/config/vault.hcl

storage "file" {
  path = "/vault/data"
}

listener "tcp" {
  address     = "0.0.0.0:8200"
  tls_disable = true
}

# Only accept connections from localhost and internal Docker network.
# Vault is NOT exposed on a public port — access via SSH tunnel or from monk only.
api_addr     = "http://127.0.0.1:8200"
cluster_addr = "http://127.0.0.1:8201"

ui = true