Vault Kv
БесплатноНе проверенA read-only MCP server that provides tools to read, list, and inspect secrets from HashiCorp Vault's KV secrets engine (versions 1 and 2) using a Vault token.
Описание
A read-only MCP server that provides tools to read, list, and inspect secrets from HashiCorp Vault's KV secrets engine (versions 1 and 2) using a Vault token.
README
A read-only MCP (Model Context Protocol) server that exposes the HashiCorp Vault KV secrets engine (versions 1 and 2) as tools. Every tool performs only non-destructive reads — there are no write, delete, or destroy operations. It authenticates with a Vault token and speaks MCP over stdio, so it works with local MCP clients such as Claude Desktop.
Tools (all read-only)
| Tool | Description |
|---|---|
vault_kv_read |
Read a secret (latest or a specific KV v2 version). |
vault_kv_list |
List keys / sub-folders under a path. |
vault_kv_read_metadata |
KV v2: read version history and metadata. |
vault_list_kv_mounts |
Discover available secret mounts and their KV versions. |
vault_health |
Check Vault server health / connectivity. |
KV v1 vs v2 is auto-detected per mount when kv_version is not supplied (falling back to v2).
For defense in depth, pair this with a Vault token whose policies grant only read/list capabilities on the relevant paths.
Configuration
Set these environment variables (see .env.example):
VAULT_ADDR— Vault base URL (defaulthttp://127.0.0.1:8200)VAULT_TOKEN— required Vault token, sent as theX-Vault-TokenheaderVAULT_NAMESPACE— optional, for Vault Enterprise / HCP VaultVAULT_SKIP_VERIFY— optional, settrueto skip TLS verification (dev only)
The token only needs policies granting access to the KV paths you intend to use.
Build
npm install
npm run build
Run / test with the MCP Inspector
VAULT_ADDR=http://127.0.0.1:8200 VAULT_TOKEN=hvs.xxxx npm run inspector
Use with Claude Desktop
Add to your claude_desktop_config.json:
{
"mcpServers": {
"vault-kv": {
"command": "node",
"args": ["/absolute/path/to/vault-mcp/dist/index.js"],
"env": {
"VAULT_ADDR": "http://127.0.0.1:8200",
"VAULT_TOKEN": "hvs.your-token-here"
}
}
}
}
Quick local Vault for testing
vault server -dev # prints a Root Token and unseal info
export VAULT_ADDR=http://127.0.0.1:8200
export VAULT_TOKEN=<root-token-from-output>
vault kv put secret/demo username=app password=s3cr3t
Then ask your MCP client to read secret/demo.
Security notes
- The server only ever reads from Vault; it never writes, deletes, or destroys secrets.
- The token is read only from the environment and never logged.
- Prefer a short-lived, least-privilege token (read/list only) over a root token.
Установка Vault Kv
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/elisjetmax/mcp-vault-hashicorpFAQ
Vault Kv MCP бесплатный?
Да, Vault Kv MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для Vault Kv?
Нет, Vault Kv работает без API-ключей и переменных окружения.
Vault Kv — hosted или self-hosted?
Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.
Как установить Vault Kv в Claude Desktop, Claude Code или Cursor?
Открой Vault Kv на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
GitHub
PRs, issues, code search, CI status
автор: GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
автор: mcpdotdirectCompare Vault Kv with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории development
