Which integrations are available for this server?

Provides tools for reading secrets and metadata from HashiCorp Vault KV secrets engine, including listing paths, reading secret versions, and checking server health.

How do I use vault-kv-mcp?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@vault-kv-mcp read the secret at path secret/demo" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

vault-kv-mcp

by elisjetmax

Overview Schema Related Servers Score Discussions

JavaScript

Local

vault-kv-mcp

A read-only MCP (Model Context Protocol) server that exposes the HashiCorp Vault KV secrets engine (versions 1 and 2) as tools. Every tool performs only non-destructive reads — there are no write, delete, or destroy operations. It authenticates with a Vault token and speaks MCP over stdio, so it works with local MCP clients such as Claude Desktop.

Tools (all read-only)

Tool	Description
`vault_kv_read`	Read a secret (latest or a specific KV v2 version).
`vault_kv_list`	List keys / sub-folders under a path.
`vault_kv_read_metadata`	KV v2: read version history and metadata.
`vault_list_kv_mounts`	Discover available secret mounts and their KV versions.
`vault_health`	Check Vault server health / connectivity.

KV v1 vs v2 is auto-detected per mount when kv_version is not supplied (falling back to v2).

For defense in depth, pair this with a Vault token whose policies grant only read/list capabilities on the relevant paths.

Related MCP server: FS Context MCP Server

Configuration

Set these environment variables (see .env.example):

VAULT_ADDR — Vault base URL (default http://127.0.0.1:8200)
VAULT_TOKEN — required Vault token, sent as the X-Vault-Token header
VAULT_NAMESPACE — optional, for Vault Enterprise / HCP Vault
VAULT_SKIP_VERIFY — optional, set true to skip TLS verification (dev only)

The token only needs policies granting access to the KV paths you intend to use.

Build

npm install
npm run build

Run / test with the MCP Inspector

VAULT_ADDR=http://127.0.0.1:8200 VAULT_TOKEN=hvs.xxxx npm run inspector

Use with Claude Desktop

Add to your claude_desktop_config.json:

{
  "mcpServers": {
    "vault-kv": {
      "command": "node",
      "args": ["/absolute/path/to/vault-mcp/dist/index.js"],
      "env": {
        "VAULT_ADDR": "http://127.0.0.1:8200",
        "VAULT_TOKEN": "hvs.your-token-here"
      }
    }
  }
}

Quick local Vault for testing

vault server -dev          # prints a Root Token and unseal info
export VAULT_ADDR=http://127.0.0.1:8200
export VAULT_TOKEN=<root-token-from-output>
vault kv put secret/demo username=app password=s3cr3t

Then ask your MCP client to read secret/demo.

Security notes

The server only ever reads from Vault; it never writes, deletes, or destroys secrets.
The token is read only from the environment and never logged.
Prefer a short-lived, least-privilege token (read/list only) over a root token.

Install Server

license - not found

quality

maintenance

How are these scores calculated?

Maintenance

–Maintainers

–Response time

–Release cycle

–Releases (12mo)

Commit activity

Resources

GitHub Repository

Need Help?

Related Servers

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/elisjetmax/mcp-vault-hashicorp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server