vault-mcp
The HashiCorp Vault MCP Server facilitates secure and structured interactions with HashiCorp Vault, offering key functionalities like secret management and policy handling. It's designed to work with LLMs and other MCP clients, supporting features such as resource discovery and automated policy generation.
HashiCorp Vault MCP Server
A Model Context Protocol (MCP) server implementation that provides a secure interface to HashiCorp Vault which enables LLMs and other MCP clients to interact with Vault's secret and policy management features.
Overview
This allows you to prompt an LLM to:
- Secure secret management through structured API
- Policy creation and management
- Resource discovery and listing
- Automated policy generation
Installation
There are multiple ways to use this server depending on your setup.
Cursor (recommended)
Add this to your Cursor MCP configuration:
{
"mcpServers": {
"Vault MCP": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"-e",
"VAULT_ADDR=https://your-vault-server:8200",
"-e",
"VAULT_TOKEN=hvs.your-vault-token",
"ashgw/vault-mcp:latest"
]
}
}
}
If you prefer pinning to a specific docker image build (e.g. 20250413-165732), use that tag instead of latest. Browse available versions on Docker Hub.
Once added, you can use prompts like:
"Read the secret at path
apps/myapp/configfrom Vault"
Cursor will route that request through the MCP server automatically.
Check if it works, it should be green
Docker (manual)
You can run Vault MCP manually via Docker:
docker run -d \
--name vault-mcp \
-e VAULT_ADDR=https://your-vault-server:8200 \
-e VAULT_TOKEN=hvs.your-vault-token \
-p 3000:3000 \
ashgw/vault-mcp
This uses the pre-built image published at ashgw/vault-mcp.
Repo
Clone the repository and cd into it, then build with
docker build -t vault-mcp .
Then run with
docker run --rm -e VAULT_ADDR=localhost:8200 -e VAULT_TOKEN=hsv.yourtoken vault-mcp
Environment Variables
These are required to run the MCP Vault server:
VAULT_ADDR: Your HashiCorp Vault server addressVAULT_TOKEN: A valid Vault token with read/write permissionsMCP_PORT: Optional. Defaults to 3000. Not required for Cursor.
Features in Detail
Secret Management Tools
secret_create
Creates or updates a secret at specified path.
await tool("secret_create", {
path: "apps/myapp/config",
data: {
apiKey: "secret-key-123",
environment: "production",
},
});
secret_read
Retrieves a secret from specified path.
await tool("secret_read", {
path: "apps/myapp/config",
});
secret_delete
Soft-deletes a secret (versioned delete in KV v2).
await tool("secret_delete", {
path: "apps/myapp/config",
});
Policy Management
policy_create
Creates a new Vault policy with specified permissions.
await tool("policy_create", {
name: "app-readonly",
policy: `
path "secret/data/apps/myapp/*" {
capabilities = ["read", "list"]
}
`,
});
Resources
vault://secrets
Lists all available secret paths in the KV store.
{
"keys": ["apps/", "databases/", "certificates/"]
}
vault://policies
Lists all available Vault policies.
{
"policies": ["default", "app-readonly", "admin"]
}
Prompts
generate_policy
Generates a Vault policy from path and capabilities.
await prompt("generate_policy", {
path: "secret/data/apps/*",
capabilities: "read,list",
});
Returns:
{
"path": {
"secret/data/apps/*": {
"capabilities": ["read", "list"]
}
}
}