From 1e96682d7902c42bea26d846f93fa5a7f4d6817d Mon Sep 17 00:00:00 2001
From: Slawomir Koszewski <slawek@koszewscy.waw.pl>
Date: Fri, 2 Jan 2026 22:54:56 +0100
Subject: [PATCH] Add local mode section to README with usage instructions for
 local Vault instance

---
 README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/README.md b/README.md
index 351ddeb..2d7b21e 100644
--- a/README.md
+++ b/README.md
@@ -37,6 +37,12 @@ export VAULT_ADDR='http://127.0.0.1:8200' VAULT_TOKEN='root-token'
 
 > **Warning:** Development mode is designed for experimentation only. Data is stored in-memory and will be lost when the Vault process is stopped.
 
+## Local Mode
+
+The repository also contains a set of scripts to run a local Vault instance. That instance may be used for experimentation, but unlike the development mode, it uses a file storage backend located at `./data`.
+
+Start it using `bin/vault-start`. The script will create necessary directories and configuration files if they do not exist. The output from the `vault operator init` is saved to `config/vault-init.json`. The single unseal key and the root token are encrypted using GPG key available on the host system. The `bin/vault-unseal` script decrypts the unseal key and unseals the Vault. `set-env` script sets the `VAULT_TOKEN` and `VAULT_ADDR` environment variables. It should be sourced before running any Vault commands.
+
 ## TLS Certificate
 
 Use standard Lego ACME installation instructions available at [Let's Encrypt directory](../letsencrypt/README.md) for both the main and the KMS Vault servers.