Infisical MCP Server

Instructions

Implementation Reference

• src/index.ts:575-595 (handler)

  The handler logic for the 'get-secret' tool within the CallToolRequestSchema request handler. It validates the input arguments using the Zod schema, calls the Infisical SDK's getSecret method with the parsed parameters, and returns the retrieved secret in a formatted text response.
  if (name === AvailableTools.GetSecret) { const data = getSecretSchema.zod.parse(args); const secret = await infisicalSdk.secrets().getSecret({ environment: data.environmentSlug, projectId: data.projectId, secretName: data.secretName, secretPath: data.secretPath, expandSecretReferences: data.expandSecretReferences, includeImports: data.includeImports }); return { content: [ { type: "text", text: `Secret retrieved successfully: ${JSON.stringify(secret, null, 3)}` } ] }; }
• src/index.ts:230-274 (schema)

  The schema definition for the 'get-secret' tool, including Zod validation object and the MCP inputSchema capability for tool discovery and validation.
  const getSecretSchema = { zod: z.object({ secretName: z.string(), projectId: z.string(), environmentSlug: z.string(), secretPath: z.string().default("/"), expandSecretReferences: z.boolean().default(true), includeImports: z.boolean().default(true) }), capability: { name: AvailableTools.GetSecret, description: "Get a secret in Infisical", inputSchema: { type: "object", properties: { secretName: { type: "string", description: "The name of the secret to get (required)" }, projectId: { type: "string", description: "The ID of the project to get the secret from (required)" }, environmentSlug: { type: "string", description: "The slug of the environment to get the secret from (required)" }, secretPath: { type: "string", description: "The path of the secret to get (Defaults to /)" }, expandSecretReferences: { type: "boolean", description: "Whether to expand secret references (Defaults to true)" }, includeImports: { type: "boolean", description: "Whether to include secret imports. If the secret isn't found, it will try to find a secret in a secret import that matches the requested secret name (Defaults to true)" } }, required: ["projectId", "environmentSlug", "secretName"] } } };
• src/index.ts:452-467 (registration)

  The tool registration in the ListToolsRequestSchema handler, where getSecretSchema.capability is included in the list of available tools returned to clients.
  server.setRequestHandler(ListToolsRequestSchema, async () => { return { tools: [ createSecretSchema.capability, deleteSecretSchema.capability, updateSecretSchema.capability, listSecretsSchema.capability, getSecretSchema.capability, createProjectSchema.capability, createEnvironmentSchema.capability, createFolderSchema.capability, inviteMembersToProjectSchema.capability, listProjectsSchema.capability ] }; });
• src/index.ts:57-68 (registration)

  Enum defining the tool names, including 'get-secret' as AvailableTools.GetSecret, used throughout for matching tool calls.
  enum AvailableTools { CreateSecret = "create-secret", DeleteSecret = "delete-secret", UpdateSecret = "update-secret", ListSecrets = "list-secrets", GetSecret = "get-secret", CreateProject = "create-project", CreateEnvironment = "create-environment", CreateFolder = "create-folder", InviteMembersToProject = "invite-members-to-project", ListProjects = "list-projects" }