{ "name": "io.github.hashicorp/mcp-server-vault", "description": "A community-maintained MCP that connects an AI agent to a HashiCorp Vault deployment. Supports KV v2 secret reads, dynamic database credentials, and PKI certificate issuance against policies the agent's token allows. Built around the same reference-only pattern as the 1Password server — the model sees the secret path, never the cleartext.", "status": "active", "version": "latest", "_meta": { "com.top-mcps/lastVerified": "2026-05-27", "com.top-mcps/score": { "value": 54, "rubricVersion": "2026-04", "lastComputed": "2026-06-02T13:16:41.646Z", "methodology": "https://top-mcps.com/about/methodology" }, "com.top-mcps/stats": { "fetchedAt": "2026-06-02T11:55:52.320Z" } }, "repository": { "url": "https://github.com/hashicorp/mcp-server-vault", "source": "github" }, "author": { "name": "Community / HashiCorp" }, "packages": [ { "registryType": "npm", "registryBaseUrl": "https://registry.npmjs.org", "identifier": "install", "version": "latest", "transport": { "type": "stdio" }, "runtimeArguments": [ { "type": "positional", "value": "github.com/hashicorp/mcp-server-vault@latest" } ], "environmentVariables": [ { "name": "VAULT_ADDR", "description": "VAULT_ADDR — required credential for HashiCorp Vault.", "isRequired": true, "isSecret": true }, { "name": "VAULT_TOKEN", "description": "VAULT_TOKEN — required credential for HashiCorp Vault.", "isRequired": true, "isSecret": true }, { "name": "VAULT_NAMESPACE", "description": "VAULT_NAMESPACE — required credential for HashiCorp Vault.", "isRequired": true, "isSecret": true } ] } ], "capabilities": { "tools": [ { "name": "kv_v2_get", "description": "Read a KV v2 secret at a path.", "sideEffect": "read", "args": [ { "name": "mount", "type": "string", "required": true }, { "name": "path", "type": "string", "required": true } ] }, { "name": "database_creds", "description": "Request dynamic database credentials.", "sideEffect": "read", "args": [ { "name": "mount", "type": "string", "required": true }, { "name": "role", "type": "string", "required": true } ] }, { "name": "pki_issue", "description": "Issue a certificate from a PKI role.", "sideEffect": "write", "args": [ { "name": "mount", "type": "string", "required": true }, { "name": "role", "type": "string", "required": true }, { "name": "common_name", "type": "string", "required": true } ] } ], "security": { "scope": "read-only", "sandbox": "Vault token in env. All capability checks happen at the Vault side — the MCP is a thin client. Treat the token as a high-value credential and prefer short-lived tokens issued at session start.", "gotchas": [ "A wildcard policy on the agent token defeats the entire purpose. Mint narrowly-scoped tokens, one per workflow.", "Dynamic credentials revoke when their TTL expires — design the workflow around that lifetime.", "Audit logs on the Vault side are your forensic trail. Make sure they are enabled and shipped off-host." ] } }, "_links": { "html": "https://top-mcps.com/mcp/vault", "markdown": "https://top-mcps.com/mcp/vault.md", "methodology": "https://top-mcps.com/about/methodology" } }