Back to MCP Servers

Vault MCP Server

Official HashiCorp MCP server for managing Vault secrets, KV mounts, and PKI certificate engines through natural language.

Developer Tools by HashiCorp Bearer Token (Vault token) active
GitHub Docs
Overview

The Vault MCP Server is the official Model Context Protocol implementation from HashiCorp that lets AI agents interact with a HashiCorp Vault instance. It exposes tooling for managing secrets, mounts, and PKI workflows, allowing agents to read and write KV secrets, create and remove mounts, enable the PKI secrets engine, and issue certificates against roles and issuers. The project is currently in beta and is intended for local-only deployments.

The server supports two transports: stdio (the default, for direct integration with Claude Desktop, Cursor, VS Code, and Amazon Q) and streamable HTTP (for network-based clients with CORS, TLS, and per-session rate limiting). Authentication is handled via a standard Vault token, supplied either through the VAULT_TOKEN environment variable, the X-Vault-Token HTTP header, or a query parameter. Namespaces are supported via VAULT_NAMESPACE or the X-Vault-Namespace header.

Because the server can expose Vault data and secrets to whatever LLM is connected, HashiCorp explicitly warns against using it with untrusted MCP clients or models. It is distributed as source on GitHub, as prebuilt binaries via releases.hashicorp.com, and as a Docker image (hashicorp/vault-mcp-server).

Tools

Tool Description
create_mount Create a new mount in Vault (KV v1, KV v2, PKI, etc.).
list_mounts List all available mounts in the Vault instance.
delete_mount Remove an existing mount from Vault.
write_secret Write a secret to a KV v1 or v2 mount.
read_secret Read a secret from a KV mount.
list_secrets List secrets under a given path in a KV mount.
delete_secret Delete a secret or specific keys from a KV mount.
enable_pki Enable the PKI secrets engine at a given mount path.
create_pki_issuer Create a new certificate issuer in the PKI secrets engine.
list_pki_issuers List all PKI issuers on a mount.
read_pki_issuer Read configuration and details for a PKI issuer.
create_pki_role Create a role for certificate issuance on a PKI mount.
read_pki_role Read configuration for a PKI role.
list_pki_roles List available roles on a PKI mount.
delete_pki_role Delete a PKI role.
issue_pki_certificate Issue a certificate using a PKI role.
Setup Guide

Prerequisites

  • A running HashiCorp Vault server (local or remote)
  • A valid Vault token with permissions for the operations you want to perform
  • Docker, or a downloaded binary from releases.hashicorp.com/vault-mcp-server, or Go 1.24+ to build from source

Install

Option A: Docker (recommended)

docker pull hashicorp/vault-mcp-server

Option B: Compiled binary

Download from releases.hashicorp.com/vault-mcp-server and place it on your PATH.

Option C: From source

go install github.com/hashicorp/vault-mcp-server/cmd/vault-mcp-server@latest

Required environment variables

  • VAULT_ADDR: Vault server address (e.g. http://127.0.0.1:8200)
  • VAULT_TOKEN: Vault authentication token
  • VAULT_NAMESPACE: optional, Vault namespace

Claude Desktop / Cursor / Amazon Q config (Docker, stdio)

{
  "mcp": {
    "servers": {
      "vault-mcp-server": {
        "command": "docker",
        "args": [
          "run", "-i", "--rm",
          "-e", "VAULT_ADDR",
          "-e", "VAULT_NAMESPACE",
          "-e", "VAULT_TOKEN",
          "hashicorp/vault-mcp-server"
        ],
        "env": {
          "VAULT_ADDR": "<<vault_address_here>>",
          "VAULT_NAMESPACE": "<<vault_namespace_here>>",
          "VAULT_TOKEN": "<<vault_token_here>>"
        },
        "type": "stdio"
      }
    }
  }
}

VS Code config (.vscode/mcp.json)

{
  "mcp": {
    "servers": {
      "vault-mcp-server": {
        "command": "docker",
        "args": ["run", "-i", "--rm", "-e", "VAULT_ADDR", "-e", "VAULT_NAMESPACE", "-e", "VAULT_TOKEN", "hashicorp/vault-mcp-server"],
        "env": {
          "VAULT_ADDR": "${input:vault_address}",
          "VAULT_NAMESPACE": "${input:vault_namespace}",
          "VAULT_TOKEN": "${input:vault_token}"
        },
        "type": "stdio"
      }
    }
  }
}

Binary config

{
  "mcp": {
    "servers": {
      "vault": {
        "command": "/path/to/vault-mcp-server",
        "args": ["stdio"],
        "env": {
          "VAULT_ADDR": "<<vault_address_here>>",
          "VAULT_NAMESPACE": "<<vault_namespace_here>>",
          "VAULT_TOKEN": "<<vault_token_here>>"
        }
      }
    }
  }
}

Streamable HTTP mode

vault-mcp-server streamable-http \
  --transport-port 8080 \
  --transport-host 127.0.0.1 \
  --mcp-endpoint /mcp

When using HTTP transport, set MCP_ALLOWED_ORIGINS to restrict CORS to trusted origins, and consider configuring MCP_TLS_CERT_FILE / MCP_TLS_KEY_FILE.

Use Cases
  • Provision a new KV v2 mount and seed it with application secrets during environment bootstrap
  • Read and rotate secrets from existing KV mounts as part of an agent driven deployment workflow
  • Enable the PKI secrets engine, define an issuer and role, and issue a short lived certificate for a service
  • Audit a Vault instance by listing all mounts, then enumerating secrets under each KV mount
  • Clean up unused mounts, PKI roles, or stale secrets based on a natural language audit request
Example Prompts
  • "List all mounts in my Vault instance and tell me which ones are KV v2."
  • "Create a new KV v2 mount at apps/billing and write a secret db_password with value s3cret to it."
  • "Enable the PKI secrets engine at pki/, create an issuer for example.com, and add a role named web that allows the example.com domain."
  • "Issue a certificate for api.example.com using the web role on the pki/ mount."
  • "Read the secret at apps/billing/db_password and then delete it."
Pros
  • Officially maintained by HashiCorp in the hashicorp/vault-mcp-server repo
  • Covers the most common Vault workflows: KV secrets, mount management, and PKI issuance
  • Supports both stdio and streamable HTTP transports, with TLS, CORS, and rate limiting for HTTP
  • Distributed as Docker image, prebuilt binaries, and source for flexible deployment
Limitations
  • Still in beta and intended for local-only use; not yet recommended for production deployments
  • Tool coverage is limited to KV and PKI engines; other Vault engines (database, transit, AWS, etc.) are not exposed
  • Any connected LLM can potentially see secrets returned by read_secret, so it should not be used with untrusted clients or models
Alternatives
More Developer Tools MCP Servers
AWS API
Bridge that lets AI assistants manage AWS infrastructure by executing validated AWS CLI commands across every AWS service.
AWS CDK
Official AWS Labs MCP server that guides agents through AWS CDK development with prescriptive patterns, CDK Nag security validation, and Solutions Constructs discovery.
AWS CloudWatch
Official AWS Labs MCP server for CloudWatch. Query metrics, analyze logs, investigate alarms, and run PromQL queries for AI-powered root cause analysis.
Aiven
Official MCP server for the Aiven cloud data platform. Manage PostgreSQL, Apache Kafka, and other Aiven services from AI assistants.