HashiCorp Vault MCP Server with 50 Tools for Claude, Cursor, and AI Agents
GDPR Free for SubscribersSecurely manage secrets, tokens, and encryption keys via HashiCorp Vault — read KV secrets, generate dynamic credentials, and monitor system health. Vinkius routes your AI agents directly to HashiCorp Vault through a governed connection. 50 tools ready to use with Claude, ChatGPT, Cursor, or any AI agent — no hosting, no setup, connect in 30 seconds.
Ask AI about this server
Compatible with every major AI agent and IDE
Gemini* Every MCP server runs on Vinkius-managed infrastructure inside AWS - a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts optimized for native MCP execution. See our infrastructure
What is the HashiCorp Vault MCP Server?
The HashiCorp Vault MCP Server routes AI agents like Claude, ChatGPT, and Cursor directly to HashiCorp Vault via 50 tools. Securely manage secrets, tokens, and encryption keys via HashiCorp Vault — read KV secrets, generate dynamic credentials, and monitor system health. Powered by Vinkius — your credentials stay on your side of the connection, every request is auditable. Connect in under 2 minutes.
Built-in capabilities (50)
Tools for your AI Agents to operate HashiCorp Vault
Ask your AI agent "Check the health and initialization status of my Vault server." and get the answer without opening a single dashboard. With 50 tools connected to real HashiCorp Vault data, your agents reason over live information, cross-reference it with other MCP servers, and deliver insights you would spend hours assembling manually.
Works with Claude, ChatGPT, Cursor, and any MCP-compatible client. Powered by Vinkius — your credentials never touch the AI model, every request is auditable. Connect in under two minutes.
Why teams choose Vinkius
One subscription gives you the infrastructure to connect your AI agents to thousands of MCP servers — and deploy your own to the Vinkius Edge. Your credentials stay yours. Your data flows directly between your agent and the API. DLP blocks sensitive information from ever reaching the model, kill switch for instant shutdown, and up to 60% token savings. Enterprise-grade routing and governance, zero maintenance.
Build your own MCP Server with our secure development framework →The HashiCorp Vault App Connector works with every AI agent you already use
…and any MCP-compatible client
Use all 50 HashiCorp Vault tools with your AI agents right now
Vinkius routes your AI agents to HashiCorp Vault through a governed proxy. Beyond a simple connection, you get full visibility into every action your agents perform, with enterprise-grade security and up to 60% savings on AI costs.
Approle login on HashiCorp Vault
Login using AppRole authentication
Configure aws root on HashiCorp Vault
Configure AWS root credentials
Configure database on HashiCorp Vault
Configure a database connection
Configure kubernetes auth on HashiCorp Vault
Configure Kubernetes authentication
Create acl policy on HashiCorp Vault
Create or update an ACL policy
Create approle role on HashiCorp Vault
Create or update an AppRole role
Create aws role on HashiCorp Vault
Create an AWS role
Create database role on HashiCorp Vault
Create a database role
Create pki role on HashiCorp Vault
Create a PKI role
Create token on HashiCorp Vault
Create a new Vault token
Create transit key on HashiCorp Vault
Create a new Transit key
Create userpass user on HashiCorp Vault
Create a new Userpass user
Decrypt transit on HashiCorp Vault
Decrypt data using Transit engine
Delete kv secret on HashiCorp Vault
Delete the latest version of a KV v2 secret
Enable audit device on HashiCorp Vault
Enable an audit device
Enable auth method on HashiCorp Vault
Enable a new auth method
Enable engine on HashiCorp Vault
Enable a new secrets engine
Encrypt transit on HashiCorp Vault
Encrypt data using Transit engine
Generate approle secret id on HashiCorp Vault
Generate a new Secret ID for an AppRole
Generate aws creds on HashiCorp Vault
Generate dynamic AWS credentials
Generate database creds on HashiCorp Vault
Generate dynamic database credentials
Generate pki root on HashiCorp Vault
Generate a new PKI root certificate
Get init status on HashiCorp Vault
Check Vault initialization status
Get openapi spec on HashiCorp Vault
Generate OpenAPI V3 document of mounted backends
Get system health on HashiCorp Vault
Check Vault system health
Github login on HashiCorp Vault
Login using GitHub personal access token
Initialize vault on HashiCorp Vault
Initialize a new Vault cluster
Issue pki cert on HashiCorp Vault
Issue a new PKI certificate
Kubernetes login on HashiCorp Vault
Login using Kubernetes authentication
List acl policies on HashiCorp Vault
List ACL policies
List audit devices on HashiCorp Vault
List enabled audit devices
List auth methods on HashiCorp Vault
List enabled auth methods
List kv secrets on HashiCorp Vault
List secrets in a KV v2 engine path
List mounts on HashiCorp Vault
List mounted secrets engines
List token accessors on HashiCorp Vault
List token accessors (requires sudo)
Lookup lease on HashiCorp Vault
Lookup a lease by ID
Lookup self token on HashiCorp Vault
Lookup details about the current Vault token
Map github team on HashiCorp Vault
Map a GitHub team to Vault policies
Read kv metadata on HashiCorp Vault
Read metadata for a KV v2 secret
Read kv secret on HashiCorp Vault
Read a secret from KV v2 engine
Renew lease on HashiCorp Vault
Renew a lease
Renew self token on HashiCorp Vault
Renew the current Vault token
Revoke lease on HashiCorp Vault
Revoke a lease
Revoke pki cert on HashiCorp Vault
Revoke a PKI certificate
Revoke self token on HashiCorp Vault
Revoke the current Vault token
Rotate transit key on HashiCorp Vault
Rotate a Transit key
Seal vault on HashiCorp Vault
Seal the Vault
Unseal vault on HashiCorp Vault
Unseal the Vault with a key share
Userpass login on HashiCorp Vault
Login using Username and Password
Write kv secret on HashiCorp Vault
Create or update a secret in KV v2 engine
What the HashiCorp Vault MCP Server unlocks
Connect your HashiCorp Vault instance to any AI agent to automate secrets management and security operations through natural language.
What you can do
- Secrets Management — Read, write, and list KV secrets directly from your secure mounts using the KV engine.
- Dynamic Credentials — Generate on-demand credentials for Databases, AWS, and PKI certificates without manual intervention.
- Token Operations — Create, lookup, and renew tokens to manage session lifecycles and access control.
- Transit Encryption — Encrypt and decrypt data using Vault's transit engine to protect sensitive information without exposing keys.
- System Administration — Check cluster health, manage mounts, and configure auth methods or ACL policies directly.
How it works
1. Subscribe to this server
2. Provide your Vault Address and Token
3. Start managing your infrastructure security from Claude, Cursor, or any MCP-compatible client
Who is this for?
- DevOps Engineers — automate secret rotation and infrastructure provisioning workflows.
- Security Teams — audit token accessors and manage ACL policies through conversation.
- Developers — fetch development secrets and generate local database credentials without leaving the IDE.
Frequently asked questions about the HashiCorp Vault MCP Server
Can I check the remaining TTL and policies of my current session token?
Yes. Use the lookup_self_token tool. It returns the creation time, TTL, associated policies, and metadata for the token currently in use.
How do I retrieve a specific secret from a KV version 2 engine?
Use the read_kv_secret tool by providing the path to the secret. The agent will fetch the data and present the key-value pairs securely.
Is it possible to generate temporary database credentials through the agent?
Yes. If the database engine is configured, use generate_database_creds with the specific role name to receive a temporary username and password.
More in this category
MintMCP
8 toolsEnterprise MCP Gateway: manage authentication, monitoring, and security guardrails via centralized virtual servers.
Logto (Auth Platform)
23 toolsManage users, roles, and organizations in your Logto auth tenant directly from your AI agent.
Tenable
10 toolsManage Tenable Vulnerability Management scans, inspect cloud assets, and triage CVEs natively via your AI agent.
Rapid7 InsightVM
10 toolsEquip your AI to interact directly with Rapid7 InsightVM, extracting vulnerability assessments, scanning network assets, and launching immediate scans.
You might also like
Diputación de Alicante
19 toolsAccess open data from the province of Alicante — query demographics, municipal budgets, public debt, and local festivals directly.
Fortnite Player Stats & News Intelligence
11 toolsThe definitive server for Fortnite player scouting — track wins, K/D ratios, and official game news via AI.
LearnUpon
9 toolsManage users, courses, and enrollments via the LearnUpon LMS API.
Boathouse Connect
10 toolsManage marina operations with boat slip reservations, customer records, and facility maintenance in one connected system.
We built the connector to HashiCorp Vault. Now put your agents to work. Fully governed.
Vinkius is the AI Gateway with managed hosting. Stop building connectors. Every connection runs inside eight layers of security.
Hosted, sandboxed, and live on AWS. You don't provision anything. You don't maintain anything. You connect.
Every tool call, every token, every response. Logged and auditable. Data flows direct from HashiCorp Vault to your agent. Nothing is stored on our side. Ever.
Eight governance layers on every request. Sensitive data redacted before it reaches the model. Kill switch if anything goes sideways. Always on.