Vault Interactive Sandboxes

Experiment with HashiCorp products in a safe, pre-configured environment.

HashiCorp Sandboxes provide interactive environments where you can experiment with HashiCorp products without any installation or setup. They're perfect for:

Learning how products work in a real environment
Testing configurations and commands without affecting your systems
Exploring product features in a safe sandbox
Following along with tutorials and documentation

Each sandbox comes pre-configured with everything you need to start using the product immediately. Just click on a sandbox below to launch it in your browser.

Available Vault sandboxes

When you launch a sandbox, you'll be presented with a terminal interface where you can interact with the pre-configured environment. The sandbox runs in your browser and doesn't require any downloads or installations.

Each sandbox session lasts for up to 1 hour, giving you plenty of time to experiment. Your work isn't saved between sessions, so be sure to copy any important configurations before your session ends.

Vault Sandbox
Experiment with Vault. This sandbox contains five Vault Docker containers and a reverse proxy container.
Launch Sandbox

Sandbox documentation

Warning

This environment is not production-ready, as it does not follow recommendations for production cluster deployments. Refer to these resources for more information:

This is a 5-node Vault Community edition cluster with a reverse proxy running in a Docker environment. This environment initializes Vault with a Shamir seal, and one unseal key for convenience and simplicity.

You can find container data, configuration, logs, and the plugins directory in the /home/learner/sandbox-vault/containers directory. Here are the contents of the vault_sandbox_1 container directory as an example:

.
├── certs
│   ├── server_cert.pem
│   ├── server_key.pem
│   └── vault_sandbox_ca.pem
├── config
│   └── server.hcl
├── logs
│   └── vault_audit.log
└── plugins

You can browse these files from the Code Editor tab as well.

If you need to directly access a container, you can use 'docker exec'. For example, to get a shell session in vault-1, use:

$ docker exec -i -t vault-1 sh

Export one of the following to address the Vault cluster node you need to communicate with (reverse proxy by default):

export VAULT_ADDR=https://localhost:8443 # Active node via reverse proxy
export VAULT_ADDR=https://localhost:8200 # Vault node 1
export VAULT_ADDR=https://localhost:8220 # Vault node 2
export VAULT_ADDR=https://localhost:8230 # Vault node 3
export VAULT_ADDR=https://localhost:8240 # Vault node 4
export VAULT_ADDR=https://localhost:8250 # Vault node 5

You can access the Vault UI for each node with the tabs labeled Vault 1 UI through Vault 5 UI.

The environment enables Vault server telemetry from the active node to Prometheus, and you can use Grafana to access a dashboard in the Grafana tab with these credentials:

Username: admin
Password: 2LearnVault

The sandbox is composed of 5 Vault Docker containers, and a reverse proxy container. Not shown are the Prometheus and Grafana containers which handle telemetry metrics.

 
    localhost :8230                                     localhost:8240
    ┌──────────┐                                        ┌──────────┐
    │          │                                        │          │
    │          │                                        │          │
    │ vault-3  ├────────────────────────────────────────┤  vault-4 │
    │          │                                        │          │
    │          │                                        │          │
    └────┬─────┘                                        └─────┬────┘
         │       localhost:8220          localhost:8230       │
         │        ┌──────────┐            ┌──────────┐        │
         │        │          │            │          │        │
         │        │          │            │          │        │
         └────────┤ vault-2  │            │  vault-5 ├────────┘
                  │          │            │          │
                  │          │            │          │
                  └────┬─────┘            └─────┬────┘
                       │                        │
                       │                        │
                       │     localhost:8200     │
                       │      ┌──────────┐      │
                       │      │          │      │
                       │      │          │      │
                       └──────┤ vault-1  ├──────┘
                              │          │
                              │          │
                              └─────┬────┘
                                    │
                                    │
                                    │
                                    │
                                    │
                                    │
                              ┌─────┴────┐
                              │          │
     https://localhost:8443   │ reverse  │
     (proxy to active node)   │ proxy    │
                              │          │
                              └──────────┘

Vault Sandbox is a development and testing environment configured as "production-lite", and has limitations that you should be aware of.

Not production ready

This environment is not production-ready, as it does not follow recommendations for production cluster deployments. Refer to these resources for more information:

Community edition

Be aware that Vault Sandbox uses the Vault Community edition, and this imposes the limitation that you cannot use enterprise features here.

TLS

Vault Sandbox features mutual TLS between cluster nodes. You should be aware that the environment dynamically generates TLS material used to enable TLS with a 24 hour time to live.

Root token

Vault Sandbox uses and exposes the initial root token value for ease of development and testing. You should not rely on root token use for production implementations.

Other sandboxes

Explore sandboxes for other HashiCorp products that you might find useful.

InteractiveInteractive Sandbox
Terraform Sandbox
Experiment with Terraform. This sandbox includes Docker and LocalStack preinstalled to test your Terraform configuration.
Terraform
InteractiveInteractive Sandbox
Boundary Sandbox
Experiment with Boundary. This sandbox contains a Boundary cluster (one controller server and one worker) configured with a Boundary target (Ubuntu 24.04) and a Postgres database.
Boundary
InteractiveInteractive Sandbox
Consul Sandbox (Service discovery)
Experiment with Consul. This sandbox contains a Consul cluster (3 servers and 4 clients) and a Bastion host. It also runs HashiCups, a demo web application.
Consul
InteractiveInteractive Sandbox
Consul Sandbox (Service mesh)
Experiment with Consul. This sandbox contains a Consul cluster (3 servers and 4 clients) and a Bastion host. It also runs HashiCups, a demo web application.
Consul
InteractiveInteractive Sandbox
Nomad Sandbox
Experiment with Nomad. This sandbox contains a Nomad cluster with one server and one client node with TLS and ACLs enabled.
Nomad