Which integrations are available for this server?

Provides tools for interacting with GitHub, including listing repositories, viewing repositories, managing issues, pull requests, reading files, and searching code. Provides read-only access to Stripe data, including listing customers, charges, subscriptions, and retrieving objects. Provides tools for managing Supabase projects, organizations, running SQL queries, listing tables, and retrieving logs. Provides tools for managing Vercel projects, deployments, and domains.

How do I use mcpvault?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@mcpvault Switch to Acme Supabase account and list projects" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

mcpvault

by Elraian

Overview Schema Related Servers Score Discussions

TypeScript

Local

mcpvault

Local, encrypted credential vault for AI agents. Keep many accounts per service (Supabase, GitHub, Vercel, Stripe), and let Claude / Cursor / Codex pick the right one mid-conversation.

"I'm working on the Acme project today — switch me to that Supabase account and list the projects."

The agent calls a vault tool, the right credentials are loaded, the request executes against the real API. No restart, no manual token-swapping.

Install

npm i -g mcpvault

Requires Node 20+. Works on Windows, macOS, Linux.

Setup in 3 commands

mcpvault init                 # create vault, set master password
mcpvault add supabase         # paste a PAT — validated immediately against the API
mcpvault setup                # auto-wire into Claude Code / Desktop / Cursor

Then restart your chat client. That's it.

Day-to-day

Command	What it does
`mcpvault add <service>`	Add an account. Validates the token live, suggests a label.
`mcpvault list`	See all accounts. The currently active one is marked ● per service.
`mcpvault update <svc> <label>`	Rotate a token, edit description/tags.
`mcpvault remove <svc> <label>`	Delete an account (with type-the-label confirmation).
`mcpvault activate <svc> <label>`	Set the active account. Wrappers pick it up on next call.
`mcpvault active`	Show what's active per service.
`mcpvault status` / `lock` / `unlock`	Vault lock state.
`mcpvault doctor`	Diagnose vault / keyring / file issues.
`mcpvault setup`	Re-run to wire additional clients later.

mcpvault, mvault, and mcp-vault all work — they're aliases.

What you can ask the agent

After mcpvault setup + restart, your agent has these tools available:

vault (control plane) unlock_vault, lock_vault, vault_status, list_accounts, find_account, get_active, activate_account, add_account, update_account, delete_account, export_redacted

vault-supabase supabase_list_projects, supabase_list_organizations, supabase_run_sql, supabase_list_tables, supabase_get_logs

vault-github github_list_repos, github_get_repo, github_list_issues, github_create_issue, github_list_pulls, github_get_file, github_search_code

vault-vercel vercel_list_projects, vercel_list_deployments, vercel_get_deployment, vercel_list_domains

vault-stripe (read-only by design — no writes) stripe_list_customers, stripe_retrieve_customer, stripe_list_charges, stripe_list_subscriptions, stripe_retrieve

Example flow

You:    Switch to the Acme Supabase account and list its projects.

Agent:  [find_account "Acme"] → matched "client-acme"
        [activate_account supabase client-acme]
        [supabase_list_projects]
        Active is now client-acme. 3 projects: acme-prod, acme-staging, acme-internal.

You:    Now switch to my personal one and show me its orgs.

Agent:  [activate_account supabase personal]
        [supabase_list_organizations]
        Personal account has 1 org: my-projects.

Same wrapper process. Zero restart between switches.

Security model

Layer	Mechanism
Vault file on disk	AES-256-GCM, Argon2id KDF (m=64 MiB, t=3, p=1)
Master password	Never written to disk; held in memory after `unlock`
Session key (after unlock)	OS keyring (Windows Credential Manager / macOS Keychain / libsecret on Linux). Survives reboots so you don't re-type your password daily.
Wrapper MCP processes	Read decrypted creds from keyring per request. Credentials never returned through MCP — only the API result is.
Stripe wrapper	Read-only by design. No `create_charge`, no `refund`.
Audit log	`~/.mvault/vault.log` records which account was used per request, never the credential.

If you want stricter behavior (re-enter master password every boot), run mcpvault lock before shutdown, or call lock_vault through your agent.

Files on disk

~/.mvault/
├── vault.enc         # AES-256-GCM, Argon2id-derived key
├── active.json       # plain JSON, only labels — no secrets
└── vault.log         # append-only audit log

The legacy path ~/.mcp-vault/ is also recognized for existing users.

Architecture

Chat client (Claude Code / Desktop / Cursor)
   │
   ├── spawns: mcpvault server          ← control plane (list/find/activate/add)
   ├── spawns: mcpvault wrap supabase   ← per-service wrapper
   ├── spawns: mcpvault wrap github
   ├── spawns: mcpvault wrap vercel
   └── spawns: mcpvault wrap stripe
                    │
                    ├── reads: ~/.mvault/active.json    (which label per service)
                    └── reads: ~/.mvault/vault.enc      (encrypted creds)
                                │
                         decrypted with key from
                         OS keyring (cached at unlock)

Each wrapper re-reads the active label on every tool call, so switching accounts is instant — no process restart.

Development

git clone https://github.com/Elraian/mcpvault.git
cd mcpvault
npm install
npm run build
npm test           # ~22 unit + e2e tests
npm link           # exposes `mcpvault` globally for local testing

Why this exists

Most MCP servers are locked to one account at startup. If you have 10 Supabase projects across 4 clients, you either register the Supabase MCP 10 times or constantly swap tokens by hand. mcpvault lets the agent search and switch accounts naturally during a conversation. Same idea applies to any service Anthropic / Cursor / etc. don't natively multi-account.

Roadmap

v2: OAuth-based services (Gmail, Drive, Slack — needs refresh logic)
v3: 1Password / Bitwarden CLI integration
v3: Account "contexts" — switch Supabase + GitHub + Vercel + Stripe atomically per project
v4: Web UI (Tauri / system tray)

Credits

Built by AISIDE — @Elraian. Marketing site: mcpvault-website (coming soon).

If you find this useful, the cheapest way to say thanks is a star on the repo.

License

MIT — see LICENSE.

This server cannot be installed

license - permissive license

quality - not tested

maintenance

How are these scores calculated?

Resources

GitHub Repository

Need Help?

Related Servers

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Elraian/mcpvault'

If you have feedback or need assistance with the MCP directory API, please join our Discord server