logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

vault-mcp-proxy

A structured API gateway for HashiCorp Vault, enabling LLMs and clients to securely interact with secret material and governance structures. Supports policy definition, retrieval of resource inventories, and automated policy construction.

Author

vault-mcp-proxy logo

ashgw

MIT License

Quick Info

GitHub GitHub Stars 4
NPM Weekly Downloads 0
Tools 1
Last Updated 2026-02-19

Actions

GitHub View on GitHub

Tags

vaulthashicorpashgwashgw vaulthashicorp vaultvault mcp

HashiCorp Vault Model Context Protocol Endpoint

This repository houses an implementation of the Model Context Protocol (MCP) server, specifically designed to interface securely with HashiCorp Vault. It grants Large Language Models (LLMs) and other compliant clients safe access to Vault's secret storage and access control list (ACL) management functionalities.

Capability Summary

This service empowers an LLM to execute the following operations through structured requests:

  • Secure storage handling via a formalized interface.
  • Definition and maintenance of Vault access policies.
  • Inventory retrieval and listing of available resources.
  • Automatic generation of necessary access policies.

Deployment Instructions

Deployment methodology varies based on your operational environment.

Cursor Integration (Preferred Method)

Incorporate the following configuration snippet into your Cursor MCP configuration file:

{
  "mcpServers": {
    "Vault MCP": {
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "-e",
        "VAULT_ADDR=https://your-vault-server:8200",
        "-e",
        "VAULT_TOKEN=hvs.your-vault-token",
        "ashgw/vault-mcp:latest"
      ]
    }
  }
}

For enhanced stability, substitute the latest tag with a precise image digest (e.g., 20250413-165732). All available versions are cataloged on Docker Hub.

After configuration, test functionality with a query like:

"Retrieve the credential stored at path apps/myapp/config from the Vault instance"

Cursor will transparently route this instruction through the configured MCP endpoint. A successful connection is indicated by a positive visual confirmation (green status).

image

Local Docker Execution

Execute the Vault MCP container directly using Docker:

docker run -d \
  --name vault-mcp \
  -e VAULT_ADDR=https://your-vault-server:8200 \
  -e VAULT_TOKEN=hvs.your-vault-token \
  -p 3000:3000 \
  ashgw/vault-mcp

This command utilizes the official image available at ashgw/vault-mcp.

Source Code Compilation

To build from the repository source:

  1. Clone the project and navigate into the root directory.
  2. Build the image using: docker build -t vault-mcp .
  3. Run the locally built image: docker run --rm -e VAULT_ADDR=localhost:8200 -e VAULT_TOKEN=hsv.yourtoken vault-mcp

Runtime Environment Variables

The following environment parameters are mandatory for service initialization:

  • VAULT_ADDR: Specifies the network location of the HashiCorp Vault instance.
  • VAULT_TOKEN: A security credential possessing requisite read/write permissions within Vault.
  • MCP_PORT: (Optional) Defines the TCP port for the service; defaults to 3000. This is not utilized by Cursor integration.

Detailed Functional Specifications

Secret Storage Operations

secret_create

Persists or overwrites secret data at a designated path.

await tool("secret_create", {
  path: "apps/myapp/config",
  data: {
    apiKey: "secret-key-123",
    environment: "production",
  },
});

secret_read

Fetches the stored payload associated with a specific path.

await tool("secret_read", {
  path: "apps/myapp/config",
});

secret_delete

Initiates a versioned deletion of a secret (applicable to KV v2 engine).

await tool("secret_delete", {
  path: "apps/myapp/config",
});

Access Governance Management

policy_create

Instantiates a new Vault access policy based on provided definition.

await tool("policy_create", {
  name: "app-readonly",
  policy: `
    path "secret/data/apps/myapp/*" {
      capabilities = ["read", "list"]
    }
  `,
});

Resource Indexing

vault://secrets

Enumerates all existing key paths within the Key-Value storage engine.

{
  "keys": ["apps/", "databases/", "certificates/"]
}

vault://policies

Retrieves a list of all currently defined Vault access policies.

{
  "policies": ["default", "app-readonly", "admin"]
}

Prompt Augmentation Tools

generate_policy

Constructs a standardized Vault policy block given a target path and requisite permissions.

await prompt("generate_policy", {
  path: "secret/data/apps/*",
  capabilities: "read,list",
});

Returns:

{
  "path": {
    "secret/data/apps/*": {
      "capabilities": ["read", "list"]
    }
  }
}

Proprietary rights governed by the MIT License.

== Business Tooling Context == Business management solutions encompass the applications, controls, computational frameworks, and methodologies deployed by organizations to adapt to shifting market dynamics, secure competitive advantage, and enhance organizational efficacy.

== Functional Categorization == Tools are often segmented based on organizational function or departmental need, covering areas such as strategic planning, transactional processing, historical data retention, human capital administration, decision support, and performance oversight. Modern business tooling has undergone rapid technological transformation in the past decade, making optimal selection challenging amid constant pressures for cost reduction, revenue growth, deep customer insight, and tailored product delivery. Managers must adopt a strategic framework for tool acquisition and deployment, ensuring systems are customized to enterprise requirements rather than adopting off-the-shelf solutions without modification.

== Prevalent Tools (2013 Survey Highlights) == A 2013 survey by Bain & Company illustrated global usage patterns, reflecting regional business needs and economic conditions. Top-tier tools frequently cited include:

  • Strategic Planning Frameworks
  • Customer Relationship Management (CRM)
  • Employee Feedback Mechanisms
  • Competitive Benchmarking
  • Balanced Scorecards
  • Core Competency Analysis
  • Outsourcing Strategies
  • Organizational Change Management
  • Supply Chain Optimization
  • Mission/Vision Articulation
  • Market Segmentation Analysis
  • Total Quality Management (TQM)

== Software Applications for Enterprise Use == Business software refers to suites or individual programs utilized by staff to execute various corporate functions, aiming to improve throughput, quantify performance metrics, and conduct tasks with high accuracy. This domain evolved from early Management Information Systems (MIS) to comprehensive Enterprise Resource Planning (ERP), later incorporating CRM, and now migrating toward cloud-native management platforms. While IT investment correlates with organizational results, sustained value creation hinges critically on implementation effectiveness and the judicious selection and tailoring of the chosen technological assets.

See Also

Man Pages
policy Man Pages
Apps
Apps PNG Icons
Man Pages
ifmib Man Pages
Accessible
Accessible PNG Icons
Man Pages
docker Man Pages
MCP
Token-info-mcp Mcp
← Back to Business Tools🙏  Credits & Acknowledgments
`