MCP.so
Sign In

Vault MCP Server

@mschuchard

About Vault MCP Server

The third-party FOSS MCP server for Vault

Basic information

Category

Developer Tools

License

MIT

Runtime

python

Transports

stdio

Publisher

mschuchard

Config

Add this server to your MCP-compatible client using the configuration below.

{
  "mcpServers": {
    "vault": {
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "-e",
        "VAULT_URL",
        "-e",
        "VAULT_TOKEN",
        "matthewschuchard/vault-mcp-server"
      ],
      "env": {
        "VAULT_URL": "<VAULT SERVER CLUSTER URL>",
        "VAULT_TOKEN": "<VAULT AUTHENTICATION TOKEN>"
      }
    }
  }
}

Tools

No tools detected

We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.

Overview

What is Vault MCP Server?

Vault MCP Server is a third-party MCP server that integrates with HashiCorp Vault, providing tools and resources for managing Vault through MCP-compatible clients. It can be executed locally or remotely via Docker. It is not recommended for enterprise production usage.

How to use Vault MCP Server?

Configure the server as a Docker container in desktop MCP clients like Claude or VSCode. Set environment variables for Vault connection (e.g., VAULT_URL, VAULT_TOKEN, VAULT_AUTH_METHOD) and pass them to the container. Example configuration files are provided for Claude and VSCode.

Key features of Vault MCP Server

  • 5 resources: ACL policies, audit devices, auth engines, secret engines, Raft cluster config.
  • 138 tools covering system and secrets backends.
  • 4 prompts for ACL policy generation and Vault diagnostics.
  • Supports token, userpass, and approle authentication methods.
  • Configurable cache TTL for read/list operations.
  • Container image available on Dockerhub.

Use cases of Vault MCP Server

  • Automating Vault ACL policy creation and optimization via LLM.
  • Diagnosing Vault server state and configuration deficiencies.
  • Interacting with KV v2, PKI, Transit, and database secrets engines.
  • Managing Vault system backend operations (audit, auth, Raft, etc.).

FAQ from Vault MCP Server

How does this server differ from the official HashiCorp Vault MCP Server?

This is a third-party alternative that can be executed locally (not only remotely) and continues to be updated, but is not recommended for enterprise production. The official server is from HashiCorp.

What are the runtime requirements?

The server runs as a Docker container. You must provide environment variables for Vault connection (e.g., VAULT_URL, VAULT_TOKEN, VAULT_AUTH_METHOD).

How do I authenticate to Vault?

Set the VAULT_AUTH_METHOD environment variable to token, userpass, or approle. Provide the corresponding credentials (e.g., VAULT_TOKEN, VAULT_USERNAME/VAULT_PASSWORD, VAULT_ROLE_ID/VAULT_SECRET_ID).

Does this server have a formal release process?

No. There is no formal release process, versioning, or changelog. The container image always represents the code at HEAD.

Where is the container image hosted?

The container image is hosted on Dockerhub at matthewschuchard/vault-mcp-server.

Comments

More Developer Tools MCP servers