logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

secure-vault-connector-for-obsidian

Enables secure, brokered interaction between AI assistants and Obsidian knowledge bases via the Model Context Protocol (MCP), supporting semantic querying, dynamic template invocation, and controlled file system operations while strictly isolating external entities from direct vault access.

Author

secure-vault-connector-for-obsidian logo

IraBond

MIT License

Quick Info

GitHub GitHub Stars 0
NPM Weekly Downloads 0
Tools 1
Last Updated 2026-02-19

Actions

GitHub View on GitHub

Tags

toolsobsidianaiobsidian mcptools irabondmcp tools

MCP Bridge for Obsidian Vaults

Latest Release Version CI Build Status Software License

Core Capabilities | Setup Guide | Configuration Details | Issue Resolution | Safeguards | Development Stack | Assistance

This utility establishes a secure conduit, leveraging the Model Context Protocol (MCP), allowing sophisticated autonomous agents (e.g., Claude Desktop) to interface with your locally stored Obsidian knowledge repository. MCP standardizes the secure exchange between AI systems and external data stores, guaranteeing user oversight remains paramount. [^2]

This package comprises two integral elements: 1. An Obsidian add-on module to imbue the vault with MCP functionality. 2. A dedicated, intermediary MCP service running locally.

Upon deployment, the installer assists in deploying both parts. The local MCP service functions as an encrypted intermediary layer; it prevents external AI entities from achieving direct filesystem access to your vault. Instead, they interface via a secure Application Programming Interface (API) only upon your explicit consent, facilitating reading notes, initiating template routines, and performing context-aware data retrieval. [^3]

Data Sovereignty Notice: By default, interactions routed through this connection do not contribute to the training datasets of Anthropic's proprietary models when using accompanying client applications like Claude Desktop. [^1]

Core Capabilities

When linked with an authorized MCP client (such as Claude Desktop), this system unlocks:

  • Knowledge Retrieval: Grants AI agents the ability to reference and analyze your notes securely within the vault boundaries [^4]
  • Contextual Indexing: Facilitates meaning-based data discovery across your notes, moving beyond simplistic string matching [^5]
  • Automated Scripting: Enables the execution of Obsidian templates via AI prompts, supporting parameter injection for dynamic content generation [^6]

These functions are entirely dependent on an active MCP client, as this component provides the necessary server infrastructure to enable these specialized integrations. It operates by creating a secure overlay, not by altering Obsidian's native operation.

Prerequisites

Mandatory Dependencies

  • Obsidian application, version 1.7.7 or newer
  • Claude Desktop application, fully initialized
  • Local REST API plugin for Obsidian, installed and secured with an API key
  • Templater plugin, for advanced template scripting
  • Smart Connections plugin, for enhanced vector-based search functionality

Setup Guide

[!Note] This toolset necessitates the deployment of a local background daemon (the server component). This executable is cryptographically signed, and its full source is viewable in packages/mcp-server/. Refer to the Safeguards section for signature and build validation procedures.

  1. Acquire the module via Obsidian's Community Plugin browser.
  2. Activate the add-on within Obsidian's preferences panel.
  3. Navigate to the add-on's settings interface.
  4. Initiate the "Install Server" procedure.

Activating installation executes the following sequence:

  • Fetches and installs the platform-specific MCP server executable.
  • Establishes configuration linkage with Claude Desktop.
  • Sets up required operating system permissions and directory structures.

Component File Locations

  • Server Executable: {vault}/.obsidian/plugins/obsidian-mcp-tools/bin/
  • System Diagnostic Logs:
  • macOS: ~/Library/Logs/obsidian-mcp-tools
  • Windows: %APPDATA%\obsidian-mcp-tools\logs
  • Linux: ~/.local/share/obsidian-mcp-tools/logs

Configuration Details

Following the execution of the "Install Server" function, the system automatically handles:

  1. Acquisition of the correct MCP server binary.
  2. Utilization of the API credential established by the Local REST API plugin.
  3. Configuration parameters pushed to Claude Desktop to point to the new MCP endpoint.
  4. Creation of necessary access paths and security settings.

While initial setup is largely autonomous, system operation requires your consent during the binary installation and configuration modification steps for the client application.

Issue Resolution

If operational interruptions occur:

  1. Consult the plugin interface to confirm:
  2. All listed dependencies are present.
  3. The server component reports successful installation.
  4. Claude Desktop shows proper connectivity status.
  5. Scrutinize the diagnostics report:
  6. Access the configuration panel.
  7. Select "Open Logs" under the Utilities section.
  8. Search for system warnings or error codes.
  9. Common Fault Patterns:
    • Daemon Failure: Confirm that the connected AI client (e.g., Claude Desktop) is presently active.
    • Communication Breakdown: Re-validate the API key setup within the prerequisite Local REST API plugin.
    • Access Denied: Attempt a complete server re-installation via the settings panel.

Safeguards

Binary Supply Chain Integrity

  • All official distributions originate from controlled GitHub Actions pipelines ensuring reproducible builds.
  • Executables are digitally signed and accompanied by SLSA provenance metadata.
  • The entire release pipeline is fully transparent and auditable within the source repository.

Operational Security Posture

  • The MCP server executes with the minimum necessary operational privileges.
  • All data transmission channels utilize mandatory encryption protocols.
  • Sensitive configuration elements (like API tokens) are managed using secure, OS-native credential vaults.

Executable Provenance Validation

The MCP server binaries are accompanied by official SLSA Provenance attestations, which serve as cryptographic proof detailing the build environment and process. This assures the integrity of downloaded files.

To validate a binary using the GitHub Command Line Interface (CLI):

  1. Install the GitHub CLI utility:

bash # For macOS users via Homebrew brew install gh

# For Windows users via Scoop scoop install gh

# For Debian/Ubuntu Linux distributions sudo apt install gh

  1. Execute the verification command: bash gh attestation verify --owner jacksteamdev

The output confirms:

  • The file's SHA256 checksum.
  • Verification that the binary originated exclusively from this repository's official GitHub Actions jobs.
  • The precise workflow file and source version tag used for compilation.
  • Conformance to specified SLSA Level 3 security criteria.

This rigorous check guarantees the delivered software has not been modified post-build.

Vulnerability Disclosure

Report all security exposures confidentially via our designated security reporting channel. Public disclosure of vulnerabilities via issue trackers is strictly prohibited.

Development Stack

This repository employs a modular, monorepo architecture. Comprehensive architectural guidelines are defined in the [.clinerules] file.

Utilizing Cline Integration

Certain code elements were generated or guided by the Cline AI coding assistant. Cline relies on the .clinerules definitions and documentation within cline_docs/ to maintain adherence to project patterns during feature expansion.

Workspace Structure

The project utilizes a Bun workspace configuration for dependency management:

packages/ ├── mcp-server/ # Core server logic implementation ├── obsidian-plugin/ # Obsidian front-end module └── shared/ # Common interfaces and utility functions

Building Artifacts

  1. Dependency acquisition: bash bun install

  2. Comprehensive package compilation: bash bun run build

  3. Continuous development mode: bash bun run dev

Required Toolchain

  • Bun runtime, version 1.1.42 or newer
  • TypeScript compiler, version 5.0 or later

Contribution Guidelines

To propose enhancements:

  1. Fork the repository.
  2. Establish a dedicated feature branch.
  3. Integrate your modifications.

  4. Run the automated test suite: bash bun test

  5. Submit a comprehensive Pull Request.

Detailed submission protocols are outlined in [CONTRIBUTING.md].

Assistance

  • Report bugs or suggest new functionalities via Issues
  • Engage in general inquiries or discussions in the Discussions Forum

Revision History

Refer to [CHANGELOG.md] for granular release notes.

Licensing

Distributed under the terms of the MIT License

References

[^1]: Detailed insights into data privacy protocols for Claude AI are available in Anthropic's official guidance: Claude AI Data Usage Policy [^2]: Comprehensive documentation on the Model Context Protocol specification can be found at: MCP Protocol Overview [^3]: A directory listing of current clients implementing the MCP standard is maintained here: MCP Example Clients List [^4]: Dependency on the Local REST API plugin for Obsidian is mandatory for vault interaction. [^5]: Semantic search functionality is contingent upon the Smart Connections plugin. [^6]: Advanced template processing requires the presence of the Templater plugin.

See Also

Obsidian
Obsidian PNG Icons
MCP
Servers Mcp
Plugin
Plugin PNG Icons
Claude
Claude PNG Icons
Man Pages
Tirex::Config Man Pages
Tools
JSON Utilities Tools
Desktop
Desktop PNG Icons
Man Pages
system Man Pages
Data
Data PNG Icons
← Back to Business Tools🙏  Credits & Acknowledgments
`