HashiCorp Vault MCP

by HashiCorp

Official HashiCorp MCP for Vault: secrets, mounts, KV, and PKI management with stdio and Streamable HTTP transports. 9 commits on main in the last 30 days. MPL-2.0 with HashiCorp official-vendor signal.

★ 45·9 tools·Released SEP 2025·MPL-2.0

docker run --network=mcp -p 8080:8080 -e VAULT_ADDR -e VAULT_TOKEN hashicorp/vault-mcp-server

“Official HashiCorp MCP for Vault: secrets, mounts, KV, and PKI management with stdio and Streamable HTTP transports. 9 commits on main in the last 30 days. MPL-2.0 with HashiCorp official-vendor signal. Stars are modest (45) reflecting recent launch; the official vendor backing carries editorial weight.”
Reviewed by M. Nouriel · MAY 2026

// Connect

INSTALL THIS SERVER

Requires authenticationVault token via VAULT_TOKEN environment variable. Vault server URL via VAULT_ADDR. Streamable HTTP mode requires MCP_ALLOWED_ORIGINS configured for origin allow-list.

{
  "mcpServers": {
    "vault": {
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "-i",
        "-e",
        "VAULT_ADDR",
        "-e",
        "VAULT_TOKEN",
        "hashicorp/vault-mcp-server"
      ],
      "env": {
        "VAULT_ADDR": "https://vault.example.com:8200",
        "VAULT_TOKEN": "<your-vault-token>"
      }
    }
  }
}

PrereqDocker image: `hashicorp/vault-mcp-server`. Set VAULT_ADDR to the Vault server URL and VAULT_TOKEN to a scoped Vault token. For HTTP mode, set MCP_ALLOWED_ORIGINS. Vault policies on the token govern the secrets the agent can read and write. Documentation: developer.hashicorp.com/vault/docs/mcp-server. Path: ~/Library/Application Support/Claude/claude_desktop_config.json (macOS).

{
  "mcpServers": {
    "vault": {
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "-i",
        "-e",
        "VAULT_ADDR",
        "-e",
        "VAULT_TOKEN",
        "hashicorp/vault-mcp-server"
      ],
      "env": {
        "VAULT_ADDR": "https://vault.example.com:8200",
        "VAULT_TOKEN": "<your-vault-token>"
      }
    }
  }
}

{
  "mcpServers": {
    "vault": {
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "-i",
        "-e",
        "VAULT_ADDR",
        "-e",
        "VAULT_TOKEN",
        "hashicorp/vault-mcp-server"
      ],
      "env": {
        "VAULT_ADDR": "https://vault.example.com:8200",
        "VAULT_TOKEN": "<your-vault-token>"
      }
    }
  }
}

{
  "mcpServers": {
    "vault": {
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "-i",
        "-e",
        "VAULT_ADDR",
        "-e",
        "VAULT_TOKEN",
        "hashicorp/vault-mcp-server"
      ],
      "env": {
        "VAULT_ADDR": "https://vault.example.com:8200",
        "VAULT_TOKEN": "<your-vault-token>"
      }
    }
  }
}

{
  "mcpServers": {
    "vault": {
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "-i",
        "-e",
        "VAULT_ADDR",
        "-e",
        "VAULT_TOKEN",
        "hashicorp/vault-mcp-server"
      ],
      "env": {
        "VAULT_ADDR": "https://vault.example.com:8200",
        "VAULT_TOKEN": "<your-vault-token>"
      }
    }
  }
}

// Tools

9 TOOLS AVAILABLE

create_mount

Create a new Vault mount

Admin

list_mounts

List configured Vault mounts

Read

list_secrets

List secrets at a path

Read

read_secret

Read secret data at a path

Read

write_secret

Write secret data at a path

Write

delete_secret

Delete a secret at a path

Write

// Editorial Review

OUR ASSESSMENT

Strengths

Official HashiCorp maintenance.
9 commits on main in the last 30 days.
MPL-2.0 licence (HashiCorp standard licence).
Two transports: stdio (recommended for local use) and Streamable HTTP (with origin allow-list).
Docker image on Docker Hub for container-native install.
Tool surface covers Mounts, KV, and PKI workflows.
Tagged release cadence: v0.2.0 from 2025-09-24.
Middleware stack for HTTP mode includes audit logging primitives.

Weaknesses

45 GitHub stars at time of review; the project is newer than the parent Vault repo.
HashiCorp documents the MCP as intended for local use only; production multi-user deployments require careful network scoping.
Latest tagged release (v0.2.0) is from 2025-09-24, older than the recent commits suggest; running from main is the path for current features.
Requires a running Vault instance with appropriate policies in place.

Security Notes

The MCP server may expose Vault data, including secrets, to the connected MCP client and LLM. HashiCorp explicitly restricts usage to trusted MCP clients and LLMs only. For Streamable HTTP mode, always set MCP_ALLOWED_ORIGINS to restrict origin access. The recommended posture is local stdio deployment with a Vault token scoped via Vault policies to only the secrets and mounts the agent should access. Token rotation and revocation flow through standard Vault primitives.

Best For

Teams running Vault for secret storage who want agents to read, write, and manage secrets through the same audit-logged Vault API the production application uses; PKI workflows where the agent issues certificates from Vault-managed issuers under role-scoped policies; operators who want an official vendor MCP for Vault as the primary path over a community wrapper.

// Technical

TECHNICAL DETAILS

Language

Transport

stdiostreamable-http

Clients

Claude DesktopClaude CodeCursorVS CodeWindsurf

License

MPL-2.0

GitHub

hashicorp/vault-mcp-server · ★ 45

npm

hashicorp/vault-mcp-server

Last Release

v0.2.0SEP 24, 2025

First Released

SEP 1, 2025

// Adoption

ADOPTION METRICS

// GitHub Stars

// Reading this45 stars on the hashicorp/vault-mcp-server repo. 9 commits on main in the last 30 days. Official HashiCorp maintenance carries the editorial weight.

// Popularity Rank

Globally · #3 in Security

// Reading thisThird-ranked in security on official-vendor signal for Vault-specific workflows.

// How we found this server

SOURCES & VERIFICATION

We don't take any single directory's word for it. Before scoring, we cross-reference 4 public MCP sources, install the server ourselves against the clients we cover, and record when we last re-verified.

Discovered

Manual submission

First indexed MAY 1, 2026

Cross-referenced

4 directories

PulseMCP, MCP.so, Glama, Official MCP Registry

Verified against

Claude Desktop, Cursor, VS Code, Gemini (per README integration sections)

Installed and tested across clients

Last re-checked

MAY 1, 2026

Weekly re-verification

// How other directories see it

The same server, 4 different lenses. We reconcile these signals into our editorial score, which is why our number sometimes diverges from a directory-aggregate star count.

Source	Their rating	Their star count	Their downloads	Last synced
AutomationSwitch This page	4.2editorial	45	—	MAY 1, 2026
PulseMCP	— unrated	unavailable	unavailable	MAY 1, 2026
MCP.so	— unrated	unavailable	unavailable	MAY 1, 2026
Glama	— unrated	unavailable	unavailable	MAY 1, 2026
Official MCP Registry	— unrated	unavailable	unavailable	MAY 1, 2026

// Counts are directory-reported; we don't adjust them. Discrepancies usually come from different snapshot times or star-caching.

// Alternatives

OTHER SECURITY MCP SERVERS

Vendor4.6

Prowler MCP

Prowler

Cloud Security Posture Management (CSPM) platform with 1000+ security checks across multiple cloud providers and 70+ compliance frameworks, exposed through MCP. Three deployment options: Prowler Cloud (recommended), local stdio, self-hosted HTTP. 13,717 stars, Apache-2.0.

8 tools★ 13,717

Vendor4.3

Auth0 MCP Server

Auth0

Official Auth0 MCP server connecting Claude, Cursor, Windsurf, VS Code, and Gemini to Auth0 Management APIs. Create apps, deploy Actions, debug logs, and query users with natural-language commands. Read-only mode and tool-glob filtering supported. Beta software per Auth0.

8 tools★ 106

Official4.1

AWS IAM MCP

AWS Labs

Official AWS Labs MCP for IAM administration: users, roles, groups, policies, inline policies, access keys, and policy simulation. Read-only mode supported via --allow-write opt-in pattern. Apache-2.0 within awslabs/mcp monorepo.

7 tools★ 8,924

Official4

AWS CloudTrail MCP

AWS Labs

Official AWS Labs MCP for CloudTrail: 90 days of management events via lookup_events and Trino-compatible SQL queries against CloudTrail Lake Event Data Stores. 3 commits on the server path in the last 30 days. Pairs with the IAM MCP for security audit workflows.

5 tools★ 8,924

Vendor4

Infisical MCP

Infisical

Official Infisical MCP server for secrets management. 10 tools cover the full secret lifecycle plus project, environment, folder, and member management. Two authentication methods (machine identity universal-auth and access-token), self-hostable instance support via INFISICAL_HOST_URL.

10 tools★ 45

Vendor3.8

Trivy MCP

Aqua Security

Official Aqua Security Trivy plugin that turns Trivy scanning capabilities into an MCP server. Distributed as a Trivy plugin: `trivy plugin install mcp`. Three transport modes (stdio, streamable HTTP, SSE), IDE integration for VS Code, Cursor, JetBrains, and Claude Desktop.

4 tools★ 37

// Get in touch

DISCUSS YOUR
MCP REQUIREMENTS.

Evaluating a server, scoping an internal deployment, or working out whether MCP is the right fit at all. Start the conversation and we will point you at the right piece of the ecosystem.

Discuss Your MCP Requirements →

HashiCorp Vault MCP

INSTALL THIS SERVER

9 TOOLS AVAILABLE

OUR ASSESSMENT

TECHNICAL DETAILS

ADOPTION METRICS

SOURCES & VERIFICATION

OTHER SECURITY MCP SERVERS

Prowler MCP

Auth0 MCP Server

AWS IAM MCP

AWS CloudTrail MCP

Infisical MCP

Trivy MCP

DISCUSS YOURMCP REQUIREMENTS.

DISCUSS YOUR
MCP REQUIREMENTS.