diff --git a/vault/Dockerfile b/vault/Dockerfile
index b53add3..a32663b 100644
--- a/vault/Dockerfile
+++ b/vault/Dockerfile
@@ -9,7 +9,7 @@ ENV VAULT_VER 0.2.0
 ENV VAULT_URL http://dl.bintray.com/mitchellh/vault/vault_${VAULT_VER}_linux_amd64.zip
 ENV VAULT_MD5 0ba0029ddccb737cd2dbb1f018136535
 ENV VAULT_FILE vault.zip
-ENV VAULT_ADDR http://127.0.0.1:8200
+ENV VAULT_ADDR https://127.0.0.1:8200
 
 RUN wget -O $VAULT_FILE $VAULT_URL \
     && echo "$VAULT_MD5  $VAULT_FILE" | md5sum -c \
diff --git a/vault/README.md b/vault/README.md
index ed77c2c..dcd6527 100644
--- a/vault/README.md
+++ b/vault/README.md
@@ -20,8 +20,9 @@ vault:
   image: vimagick/vault
   ports:
     - "8200:8200"
-  volumes-from:
+  volumes_from:
     - data
+  privileged: true
   restart: always
 ```
 
@@ -36,17 +37,18 @@ $ docker cp vault_vault_1:/usr/bin/vault /usr/local/bin/
 ## client
 
 ```
-$ export VAULT_ADDR='http://127.0.0.1:8200'
+$ export VAULT_ADDR='https://127.0.0.1:8200'
 $ vault status
 $ vault init | tee vault.key
 $ vault unseal
-$ vault auth xxxxxx
-$ vault write secret/hello value=world
-$ vault read secret/hello
+$ vault auth
+$ vault write secret/name key=value
+$ vault read secret/name
 $ vault seal
 ```
 
-- Keep `vault.key` a secret.
-- Run `vault unseal` 3 times.
+- Split `vault.key`, keep them a secret.
+- Run `vault unseal` 3 times to unseal.
+- Use `key=@value` to read secret from file.
 
 [1]: https://www.vaultproject.io/
diff --git a/vault/docker-compose.yml b/vault/docker-compose.yml
index 17e9f97..7e75516 100644
--- a/vault/docker-compose.yml
+++ b/vault/docker-compose.yml
@@ -7,6 +7,7 @@ vault:
   image: vimagick/vault
   ports:
     - "8200:8200"
-  volumes-from:
+  volumes_from:
     - data
+  privileged: true
   restart: always
diff --git a/vault/vault.hcl b/vault/vault.hcl
index 756e590..ee30826 100644
--- a/vault/vault.hcl
+++ b/vault/vault.hcl
@@ -4,5 +4,4 @@ backend "file" {
 
 listener "tcp" {
   address = "0.0.0.0:8200"
-  tls_disable = 1
 }