Vault in dev mode, but still getting [ERROR]: unsupported scheme. use 'dev' mode

vault has been deployed on an AKS cluster following the instructions here: https://learn.hashicorp.com/tutorials/vault/kubernetes-azure-aks with a minor but important change:

helm install vault hashicorp/vault -n vault --set "server.dev.enabled=true"

Vault is correctly deployed and accessible via ui, api or vault cli.

The objective is to set up a test ssh OTP with a VM having vault helper configured. Everything is configured accordingly, but the first OTP login attempt via SSH to that VM fails with [ERROR]: unsupported scheme. use 'dev' mode at the helper log.

A vault-ssh-helper -verify-only -config=/etc/vault-ssh-helper.d/config.hcl run confirms the issue with the same error message.

I don’t get where (why) the error is coming from. Could it be that the AKS cluster address for vault might have been incorrently deployed by helm as it is using https for port 8201? See below.

==> Vault server configuration:

             Api Address: http://172.18.1.18:8200
                     Cgo: disabled
         Cluster Address: https://vault-0.vault-internal:8201
              Go Version: go1.17.5
              Listener 1: tcp (addr: "[::]:8200", cluster address: "[::]:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
               Log Level: info
                   Mlock: supported: true, enabled: false
           Recovery Mode: false
                 Storage: inmem
                 Version: Vault v1.9.2
             Version Sha: f4c6d873e2767c0d6853b5d9ffc77b0d297bfbdf

Also, could it be that the code for the helper here https://github.com/hashicorp/vault-ssh-helper/blob/master/main.go does not allow http protocol for the helper?

if dev {
		log.Printf("==> WARNING: Dev mode is enabled!")
		if strings.HasPrefix(strings.ToLower(clientConfig.VaultAddr), "https://") {
			return fmt.Errorf("unsupported scheme in 'dev' mode")
		}
		clientConfig.CACert = ""
		clientConfig.CAPath = ""
	} else if strings.HasPrefix(strings.ToLower(clientConfig.VaultAddr), "http://") {
		return fmt.Errorf("unsupported scheme. use 'dev' mode")
	}

Just found -dev switch.
After adding to sshd’s PAM config file, everything works fine.