Infisical MCP
Official Infisical MCP server for secrets management. 10 tools cover the full secret lifecycle plus project, environment, folder, and member management. Two authentication methods (machine identity universal-auth and access-token), self-hostable instance support via INFISICAL_HOST_URL.
“Official Infisical MCP for secrets management. The most actively maintained official server in this batch security category (8 commits in the last 30 days). 10 tools cover the full secret lifecycle plus project, environment, folder, and member management. Two releases shipped, latest two weeks ago. Apache-2.0, npm-distributed. Two authentication methods: machine identity universal-auth (recommended for production) and access-token (for personal or single-machine workflows). Self-hostable Infisical instances supported via INFISICAL_HOST_URL. Free Infisical tier available for evaluation.”
INSTALL THIS SERVER
{
"mcpServers": {
"infisical": {
"command": "npx",
"args": [
"-y",
"@infisical/mcp"
],
"env": {
"INFISICAL_UNIVERSAL_AUTH_CLIENT_ID": "<machine-identity-client-id>",
"INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET": "<machine-identity-client-secret>"
}
}
}
}
{
"mcpServers": {
"infisical": {
"command": "npx",
"args": [
"-y",
"@infisical/mcp"
],
"env": {
"INFISICAL_UNIVERSAL_AUTH_CLIENT_ID": "<machine-identity-client-id>",
"INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET": "<machine-identity-client-secret>"
}
}
}
}
{
"mcpServers": {
"infisical": {
"command": "npx",
"args": [
"-y",
"@infisical/mcp"
],
"env": {
"INFISICAL_UNIVERSAL_AUTH_CLIENT_ID": "<machine-identity-client-id>",
"INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET": "<machine-identity-client-secret>"
}
}
}
}
{
"mcpServers": {
"infisical": {
"command": "npx",
"args": [
"-y",
"@infisical/mcp"
],
"env": {
"INFISICAL_UNIVERSAL_AUTH_CLIENT_ID": "<machine-identity-client-id>",
"INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET": "<machine-identity-client-secret>"
}
}
}
}
{
"mcpServers": {
"infisical": {
"command": "npx",
"args": [
"-y",
"@infisical/mcp"
],
"env": {
"INFISICAL_UNIVERSAL_AUTH_CLIENT_ID": "<machine-identity-client-id>",
"INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET": "<machine-identity-client-secret>"
}
}
}
}
10 TOOLS AVAILABLE
OUR ASSESSMENT
- Official Infisical org publication.
- Apache-2.0 license.
- 8 commits in the last 30 days; the most actively maintained official security server in this batch.
- 10-tool surface covering secret lifecycle plus project/env/folder management.
- Two authentication methods: machine identity (production) and access token (personal).
- Self-hosted instance support via INFISICAL_HOST_URL.
- npm distribution as @infisical/mcp.
- 45 stars; community traction is modest despite the official vendor signal.
- Two releases shipped (0.0.x line); API surface is still maturing.
- JavaScript implementation requires Node.js on the host.
This server reads and writes production secrets when given universal-auth credentials. Scope machine identity client IDs to the minimum required project access; the principle of least privilege is non-negotiable here. For evaluation, use access-token mode with a personal access token tied to a sandbox Infisical project. Universal-auth client secrets are equivalent to the keys to the kingdom; rotate on any suspected exposure. Avoid embedding INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET in shared MCP configs; prefer per-host environment variables.
Teams already on Infisical for secrets management, engineers wanting agent-driven secret rotation, project provisioning, or environment setup, and self-hosted Infisical operators (INFISICAL_HOST_URL configurable).
TECHNICAL DETAILS
ADOPTION METRICS
// Reading this45 stars and 12 forks. The Infisical org placement and active commit cadence (8 in last 30 days) carry the editorial weight.
// Reading thisFirst-ranked in security category. Strongest official-vendor signal in a thin category.
SOURCES & VERIFICATION
We don't take any single directory's word for it. Before scoring, we cross-reference 5 public MCP sources, install the server ourselves against the clients we cover, and record when we last re-verified.
The same server, 5 different lenses. We reconcile these signals into our editorial score, which is why our number sometimes diverges from a directory-aggregate star count.
| Source | Their rating | Their star count | Their downloads | Last synced |
|---|---|---|---|---|
| AutomationSwitch This page | 4editorial | 45 | — | APR 29, 2026 |
| PulseMCP | — unrated | unavailable | unavailable | APR 29, 2026 |
| MCP.so | — unrated | unavailable | unavailable | APR 29, 2026 |
| Glama | — unrated | unavailable | unavailable | APR 29, 2026 |
| Smithery | — unrated | unavailable | unavailable | APR 29, 2026 |
| Official MCP Registry | — unrated | unavailable | unavailable | APR 29, 2026 |
// Counts are directory-reported; we don't adjust them. Discrepancies usually come from different snapshot times or star-caching.
OTHER SECURITY MCP SERVERS
Trivy MCP
Official Aqua Security Trivy plugin that turns Trivy scanning capabilities into an MCP server. Distributed as a Trivy plugin: `trivy plugin install mcp`. Three transport modes (stdio, streamable HTTP, SSE), IDE integration for VS Code, Cursor, JetBrains, and Claude Desktop.
Okta MCP Server
Official Okta IAM MCP. Full CRUD on users, groups, applications, and policies via the Okta Python SDK. Two authentication methods (Device Authorization Grant for interactive use, Private Key JWT for server-to-server) and integration with the MCP Elicitation API for confirming destructive operations.
DISCUSS YOUR
MCP REQUIREMENTS.
Evaluating a server, scoping an internal deployment, or working out whether MCP is the right fit at all. Start the conversation and we will point you at the right piece of the ecosystem.