vault-mcp-server
Verified Safeby hashicorp
Overview
Provides a Model Context Protocol (MCP) server implementation to integrate HashiCorp Vault secrets management and PKI operations with LLM clients.
Installation
docker run -i --rm -e VAULT_ADDR -e VAULT_TOKEN -e VAULT_NAMESPACE hashicorp/vault-mcp-server:0.2.1Environment Variables
- VAULT_TOKEN
- VAULT_ADDR
- TRANSPORT_MODE
- MCP_ALLOWED_ORIGINS
- MCP_CORS_MODE
- MCP_TLS_CERT_FILE
- MCP_TLS_KEY_FILE
Security Notes
The server implements robust security features including configurable CORS policies (`MCP_ALLOWED_ORIGINS`, `MCP_CORS_MODE`), TLS support (`MCP_TLS_CERT_FILE`, `MCP_TLS_KEY_FILE`), and global/per-session rate limiting. It explicitly rejects Vault tokens passed via URL query parameters. It uses environment variables for sensitive configurations, preventing hardcoding. The README clearly warns that the server is intended for local use only and that exposing Vault data (including secrets) to untrusted LLMs/clients is a significant inherent risk that users must mitigate.
Similar Servers
mcp-filesystem-server
Provides secure and controlled access to the local filesystem via the Model Context Protocol (MCP) for AI agents and other applications.
mcp-k8s-go
This MCP server enables interaction with Kubernetes clusters to list, get, apply, and execute commands on various resources through a conversational interface.
mkp
MKP is a Model Context Protocol (MCP) server for Kubernetes, enabling LLM-powered applications to interact with Kubernetes clusters by providing tools for resource listing, getting, applying, deleting, and executing commands.
kafka-mcp-server
Enables LLM models and AI applications to interact with Apache Kafka for producing/consuming messages, managing topics, monitoring consumer groups, and assessing cluster health via the Model Context Protocol (MCP).