4,500+ servers built on MCP Fusion
Vinkius
HashiCorp Vault logo
Vinkius
Mastra AI logo

How to Use the HashiCorp Vault MCP in Mastra AI

Build resilient automation for HashiCorp Vault with Mastra AI. Manage credentials, rotate keys, and handle failures without writing custom retry logic.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

HashiCorp Vault MCP on Cursor AI Code Editor MCP Client HashiCorp Vault MCP on Claude Desktop App MCP Integration HashiCorp Vault MCP on OpenAI Agents SDK MCP Compatible HashiCorp Vault MCP on Visual Studio Code MCP Extension Client HashiCorp Vault MCP on GitHub Copilot AI Agent MCP Integration HashiCorp Vault MCP on Google Gemini AI MCP Integration HashiCorp Vault MCP on Lovable AI Development MCP Client HashiCorp Vault MCP on Mistral AI Agents MCP Compatible HashiCorp Vault MCP on Amazon AWS Bedrock MCP Support
MCP Servers - Free for Subscribers
Mastra AI

Connect HashiCorp Vault MCP to Mastra AI

Create your Vinkius account to connect HashiCorp Vault to Mastra AI and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers
Setup HashiCorp Vault with Mastra AI
ChatGPT ChatGPT Claude Claude Perplexity Perplexity

Automate Credential Lifecycles

Your Mastra agent can now fully manage dynamic credentials. A workflow can trigger `generate_database_creds` for a nightly batch job, pass them to another step, and automatically `revoke_lease` when the job is done. No human intervention needed. Mastra's built-in retry logic is perfect for this. If Vault is temporarily unavailable when your agent tries to `renew_lease`, Mastra handles the backoff and retries automatically. This prevents your automated jobs from failing due to transient network issues.

Configure Vault with Code

Stop configuring Vault by hand. Use a Mastra workflow to initialize a new cluster. The agent can `initialize_vault`, `unseal_vault` with the provided keys, and then `enable_engine` for KV, PKI, or Transit backends. Your workflow can then set up authentication by calling `enable_auth_method` for 'approle' or 'kubernetes'. Follow that by using `create_acl_policy` to lock down permissions. You get a repeatable, auditable setup process for every new environment.

Run Encryption as a Service

Use Vault’s transit engine as a step in your Mastra workflows. An agent can take sensitive data from one source, call `encrypt_transit` with a specific key, and then store the ciphertext. This keeps plaintext data out of your application code. Your automation doesn't stop at encryption. You can build workflows to manage the keys themselves, using `create_transit_key` for new services and `rotate_transit_key` as part of your security compliance schedule. This MCP Server makes it possible.

Setup guide

Set up HashiCorp Vault MCP in Mastra AI

Prerequisites

  • Node.js 18+ and a TypeScript project
  • @mastra/mcp + @mastra/core packages
  • Active Vinkius subscription with a valid endpoint token
  1. 1

    Install dependencies

    Run npm install @mastra/mcp @mastra/core plus your preferred model provider (e.g. @ai-sdk/openai).

  2. 2

    Configure the MCPClient

    Create an MCPClient with your Vinkius endpoint as a URL object. Replace [YOUR_TOKEN_HERE] with your token from cloud.vinkius.com.

  3. 3

    Discover and inject tools

    Call mcpClient.listTools() and spread the result into your agent's tools object. All HashiCorp Vault tools become native Mastra tools.

  4. 4

    Run with any model

    Swap openai("gpt-4o") for any AI SDK-compatible provider. Call agent.generate() and the agent routes tool calls through MCP automatically.

agent.ts 
import { MCPClient } from "@mastra/mcp";
import { Agent } from "@mastra/core/agent";
import { openai } from "@ai-sdk/openai";

const mcpClient = new MCPClient({
  id: "hashicorp-vault-mcp-client",
  servers: {
    "hashicorp-vault-mcp": {
      url: new URL(
        "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
      ),
    },
  },
});

const agent = new Agent({
  name: "HashiCorp Vault Agent",
  model: openai("gpt-4o"),
  instructions: "You have access to HashiCorp Vault tools.",
  tools: {
    ...(await mcpClient.listTools()),
  },
});

const result = await agent.generate(
  "List recent HashiCorp Vault transactions"
);
console.log(result.text);
Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by HashiCorp Vault. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect HashiCorp Vault now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about HashiCorp Vault MCP in Mastra AI

You add the Vinkius server URL to your Mastra AI agent's configuration. Mastra handles the connection, and your agent can then use any of the Vault auth tools like `userpass_login` or `approle_login` as the first step in a workflow.
Yes. If your workflow detects a sealed Vault via `get_system_health`, you can have it automatically call `unseal_vault`. You'd need to provide the unseal keys to the agent from a secure source as part of the workflow's inputs.
Build a workflow that audits access. Your agent can periodically run `list_acl_policies` and check them against a known-good configuration. If it finds overly permissive rules, it can flag them or use `create_acl_policy` to fix them.
Mastra's workflow engine can handle this. Before using a credential, have a step that calls `lookup_lease`. If the TTL is low, your workflow can branch to a `renew_lease` step before continuing, which prevents unexpected failures.
No. Vinkius operates the MCP server in a sandboxed environment and does not log or persist the payload of your tool calls. The plaintext data you send to `encrypt_transit` or secrets from `write_kv_secret` are passed directly to Vault and are never visible to the host.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

Claude Desktop ide
Cursor ide
VS Code Copilot ide
Windsurf ide
Cline ide
Claude Code cli
OpenAI Agents SDK sdk-python
Google ADK sdk-python
Pydantic AI sdk-python
Vercel AI SDK sdk-typescript
Mastra AI sdk-typescript
Mastra AI
CrewAI framework
LangChain framework
LlamaIndex framework
LlamaIndex
AutoGen framework
AutoGen

Start using the HashiCorp Vault MCP today

We host it, we monitor it, we maintain it. You just paste one token.

Get started
Built & Managed by Vinkius 30s setup 50 tools

We've already built the connector for HashiCorp Vault. Just plug in your AI agents and start using Vinkius.

No hosting. No infrastructure. No complex setup.
All 50 tools are live and waiting. You're up and running in seconds.

Claude Claude
ChatGPT ChatGPT
Cursor Cursor
Gemini Gemini
Windsurf Windsurf
VS Code VS Code
JetBrains JetBrains
Vercel Vercel
+ other MCP clients

Vinkius gives your AI agents access to the full catalog of app connectors, all fully managed, secure, and enterprise-ready. One subscription, every tool you need.

Zero hosting required Full MCP catalog included Enterprise-grade security Auto-updated by Vinkius

Built, hosted, and secured by Vinkius. You just connect and go.