vault/website/source/docs/commands/environment.html.md

layout, page_title, sidebar_current, description

layout	page_title	sidebar_current	description
docs	Environment	docs-commands-environment	Vault's behavior can be modified by certain environment variables.

Environment variables

The Vault CLI will read the following environment variables to set behavioral defaults. These can be overridden in all cases using command-line arguments; see the command-line help for details.

The following table describes them:

Variable name	Value
VAULT_TOKEN	The Vault authentication token. If not specified, the token located in $HOME/.vault-token will be used if it exists.
VAULT_ADDR	The address of the Vault server.
VAULT_ADVERTISE_ADDR	The advertised address of the server to use for client request forwarding when running in High Availability mode.
VAULT_CACERT	Path to a PEM-encoded CA cert file to use to verify the Vault server SSL certificate.
VAULT_CAPATH	Path to a directory of PEM-encoded CA cert files to verify the Vault server SSL certificate. If VAULT_CACERT is specified, its value will take precedence.
VAULT_CLIENT_CERT	Path to a PEM-encoded client certificate for TLS authentication to the Vault server.
VAULT_CLIENT_KEY	Path to an unencrypted PEM-encoded private key matching the client certificate.
VAULT_SKIP_VERIFY	If set, do not verify Vault's presented certificate before communicating with it. Setting this variable is not recommended except during testing.
VAULT_TLS_SERVER_NAME	If set, use the given name as the SNI host when connecting via TLS.