MCP.so
ログイン
V

Vaulted MCP Server — Encrypted Secret Sharing for AI Agents

@vaulted-fyi

Vaulted MCP Server — Encrypted Secret Sharing for AI Agents について

Share encrypted, self-destructing secrets directly from Claude, Cursor, or Windsurf. Zero-knowledge E2E encryption. Agent-blind input sources (env:, file:, dotenv:) — secrets never pass through LLM context.

基本情報

カテゴリ

AI とエージェント

トランスポート

stdio

公開者

vaulted-fyi

投稿者

Max Novak

設定

以下の設定を使って、このサーバーを MCP 対応クライアントに追加してください。

{
  "mcpServers": {
    "vaulted": {
      "command": "npx",
      "args": [
        "-y",
        "@vaulted/mcp-server"
      ]
    }
  }
}

ツール

ツールは検出されませんでした

ツールは README から自動的に抽出されます。メンテナーは ## Tools という見出しの下に記載することで、このタブに反映できます。

概要

What is Vaulted MCP Server?

Vaulted MCP Server lets AI agents share encrypted, self‑destructing secrets via zero‑knowledge E2E encryption (AES‑256‑GCM). It integrates with any MCP‑compatible host (Claude Desktop, Cursor, Windsurf, etc.) and supports agent‑blind input – the LLM never sees the actual secret value.

How to use Vaulted MCP Server?

Run npx -y @vaulted/mcp-server or install globally with npm install -g @vaulted/mcp-server and then run vaulted-mcp-server. Add the server to your MCP host’s config file (e.g., claude_desktop_config.json, .cursor/mcp.json, windsurf/mcp_config.json) using the provided JSON snippet. Optional flags include --base-url for a self‑hosted API and --allowed-dirs to extend accessible file directories.

Key features of Vaulted MCP Server

  • Zero‑knowledge E2E encryption (AES‑256‑GCM, key never sent to server)
  • Agent‑blind input: env vars, files, and .env keys resolved locally
  • Four tools: create_secret, view_secret, check_status, list_secrets
  • Local history with live status tracking
  • Works with Claude Desktop, Cursor, Windsurf, Claude Code, VS Code

Use cases of Vaulted MCP Server

  • Share API keys, tokens, or passwords via self‑destructing links from within an AI chat
  • Expose environment variables or file contents to another person without the LLM ever seeing the value
  • Monitor whether a shared secret has been viewed and how many times it has been consumed
  • Securely transfer credentials to a teammate without exposing them in chat history

FAQ from Vaulted MCP Server

What is agent‑blind input?

Agent‑blind input means the MCP server resolves sensitive values (environment variables, files, .env keys) directly on your machine. The AI agent only ever passes a reference like env:STRIPE_SECRET_KEY – it never sees the actual secret, so it never enters the conversation history or the LLM’s context.

What tools does the server provide?

It provides four tools: create_secret (encrypt and store a secret, returning a shareable link), view_secret (retrieve and decrypt a secret), check_status (check views/expiry without consuming a view), and list_secrets (show all locally tracked secrets with live status).

What are the system requirements?

Node.js 18 or later is required. The server runs as a stdio MCP transport and communicates with the Vaulted API at https://vaulted.fyi by default. You can point it at a self‑hosted instance using --base-url.

How do I configure Vaulted MCP Server for different AI hosts?

Add the server to your host’s MCP configuration file. The README provides exact JSON snippets for Claude Desktop, Cursor, Windsurf, Claude Code, and VS Code. For any other MCP client, run npx @vaulted/mcp-server as a stdio transport.

Where are secrets stored and how is encryption handled?

Secrets are encrypted with AES‑256‑GCM on your machine before being sent to the Vaulted API. The encryption key is never transmitted – it remains in the URL fragment, so only someone with the full URL can decrypt the secret. The server enforces a 1000‑character limit on secret content.

コメント

「AI とエージェント」の他のコンテンツ