HashiCorp Vault MCP Server for Mastra AIGive Mastra AI instant access to 50 tools to Approle Login, Configure Aws Root, Configure Database, and more
GDPR Free for SubscribersMastra AI is a TypeScript-native agent framework built for modern web stacks. Connect HashiCorp Vault through Vinkius and Mastra agents discover all tools automatically. type-safe, streaming-ready, and deployable anywhere Node.js runs.
Ask AI about this MCP Server for Mastra AI
The HashiCorp Vault MCP Server for Mastra AI is a standout in the Fort Knox category — giving your AI agent 50 tools to work with, ready to go from day one.
Vinkius delivers Streamable HTTP and SSE to any MCP client
Geminiimport { Agent } from "@mastra/core/agent";
import { createMCPClient } from "@mastra/mcp";
import { openai } from "@ai-sdk/openai";
async function main() {
// Your Vinkius token. get it at cloud.vinkius.com
const mcpClient = await createMCPClient({
servers: {
"hashicorp-vault": {
url: "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp",
},
},
});
const tools = await mcpClient.getTools();
const agent = new Agent({
name: "HashiCorp Vault Agent",
instructions:
"You help users interact with HashiCorp Vault " +
"using 50 tools.",
model: openai("gpt-4o"),
tools,
});
const result = await agent.generate(
"What can I do with HashiCorp Vault?"
);
console.log(result.text);
}
main();
* Every MCP server runs on Vinkius-managed infrastructure inside AWS - a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts optimized for native MCP execution. See our infrastructure
About HashiCorp Vault MCP Server
Connect your HashiCorp Vault instance to any AI agent to automate secrets management and security operations through natural language.
Mastra's agent abstraction provides a clean separation between LLM logic and HashiCorp Vault tool infrastructure. Connect 50 tools through Vinkius and use Mastra's built-in workflow engine to chain tool calls with conditional logic, retries, and parallel execution. deployable to any Node.js host in one command.
What you can do
- Secrets Management — Read, write, and list KV secrets directly from your secure mounts using the KV engine.
- Dynamic Credentials — Generate on-demand credentials for Databases, AWS, and PKI certificates without manual intervention.
- Token Operations — Create, lookup, and renew tokens to manage session lifecycles and access control.
- Transit Encryption — Encrypt and decrypt data using Vault's transit engine to protect sensitive information without exposing keys.
- System Administration — Check cluster health, manage mounts, and configure auth methods or ACL policies directly.
The HashiCorp Vault MCP Server exposes 50 tools through the Vinkius. Connect it to Mastra AI in under two minutes — credentials fully managed, no infrastructure to provision, no vendor lock-in. Your configuration, your data, your control.
All 50 HashiCorp Vault tools available for Mastra AI
When Mastra AI connects to HashiCorp Vault through Vinkius, your AI agent gets direct access to every tool listed below — spanning secrets-management, encryption, key-management, and more. Every call runs in a secure, isolated environment with full audit visibility. Beyond a simple connection, you get real-time monitoring of agent activity, enterprise governance, and optimized token usage.
Approle login on HashiCorp Vault
Login using AppRole authentication
Configure aws root on HashiCorp Vault
Configure AWS root credentials
Configure database on HashiCorp Vault
Configure a database connection
Configure kubernetes auth on HashiCorp Vault
Configure Kubernetes authentication
Create acl policy on HashiCorp Vault
Create or update an ACL policy
Create approle role on HashiCorp Vault
Create or update an AppRole role
Create aws role on HashiCorp Vault
Create an AWS role
Create database role on HashiCorp Vault
Create a database role
Create pki role on HashiCorp Vault
Create a PKI role
Create token on HashiCorp Vault
Create a new Vault token
Create transit key on HashiCorp Vault
Create a new Transit key
Create userpass user on HashiCorp Vault
Create a new Userpass user
Decrypt transit on HashiCorp Vault
Decrypt data using Transit engine
Delete kv secret on HashiCorp Vault
Delete the latest version of a KV v2 secret
Enable audit device on HashiCorp Vault
Enable an audit device
Enable auth method on HashiCorp Vault
Enable a new auth method
Enable engine on HashiCorp Vault
Enable a new secrets engine
Encrypt transit on HashiCorp Vault
Encrypt data using Transit engine
Generate approle secret id on HashiCorp Vault
Generate a new Secret ID for an AppRole
Generate aws creds on HashiCorp Vault
Generate dynamic AWS credentials
Generate database creds on HashiCorp Vault
Generate dynamic database credentials
Generate pki root on HashiCorp Vault
Generate a new PKI root certificate
Get init status on HashiCorp Vault
Check Vault initialization status
Get openapi spec on HashiCorp Vault
Generate OpenAPI V3 document of mounted backends
Get system health on HashiCorp Vault
Check Vault system health
Github login on HashiCorp Vault
Login using GitHub personal access token
Initialize vault on HashiCorp Vault
Initialize a new Vault cluster
Issue pki cert on HashiCorp Vault
Issue a new PKI certificate
Kubernetes login on HashiCorp Vault
Login using Kubernetes authentication
List acl policies on HashiCorp Vault
List ACL policies
List audit devices on HashiCorp Vault
List enabled audit devices
List auth methods on HashiCorp Vault
List enabled auth methods
List kv secrets on HashiCorp Vault
List secrets in a KV v2 engine path
List mounts on HashiCorp Vault
List mounted secrets engines
List token accessors on HashiCorp Vault
List token accessors (requires sudo)
Lookup lease on HashiCorp Vault
Lookup a lease by ID
Lookup self token on HashiCorp Vault
Lookup details about the current Vault token
Map github team on HashiCorp Vault
Map a GitHub team to Vault policies
Read kv metadata on HashiCorp Vault
Read metadata for a KV v2 secret
Read kv secret on HashiCorp Vault
Read a secret from KV v2 engine
Renew lease on HashiCorp Vault
Renew a lease
Renew self token on HashiCorp Vault
Renew the current Vault token
Revoke lease on HashiCorp Vault
Revoke a lease
Revoke pki cert on HashiCorp Vault
Revoke a PKI certificate
Revoke self token on HashiCorp Vault
Revoke the current Vault token
Rotate transit key on HashiCorp Vault
Rotate a Transit key
Seal vault on HashiCorp Vault
Seal the Vault
Unseal vault on HashiCorp Vault
Unseal the Vault with a key share
Userpass login on HashiCorp Vault
Login using Username and Password
Write kv secret on HashiCorp Vault
Create or update a secret in KV v2 engine
Connect HashiCorp Vault to Mastra AI via MCP
Follow these steps to wire HashiCorp Vault into Mastra AI. The entire setup takes under two minutes — your credentials stay safe behind Vinkius.
Install dependencies
npm install @mastra/core @mastra/mcp @ai-sdk/openaiReplace the token
[YOUR_TOKEN_HERE] with your Vinkius tokenRun the agent
agent.ts and run with npx tsx agent.tsExplore tools
Why Use Mastra AI with the HashiCorp Vault MCP Server
Mastra AI provides unique advantages when paired with HashiCorp Vault through the Model Context Protocol.
Mastra's agent abstraction provides a clean separation between LLM logic and tool infrastructure. add HashiCorp Vault without touching business code
Built-in workflow engine chains MCP tool calls with conditional logic, retries, and parallel execution for complex automation
TypeScript-native: full type inference for every HashiCorp Vault tool response with IDE autocomplete and compile-time checks
One-command deployment to any Node.js host. Vercel, Railway, Fly.io, or your own infrastructure
HashiCorp Vault + Mastra AI Use Cases
Practical scenarios where Mastra AI combined with the HashiCorp Vault MCP Server delivers measurable value.
Automated workflows: build multi-step agents that query HashiCorp Vault, process results, and trigger downstream actions in a typed pipeline
SaaS integrations: embed HashiCorp Vault as a first-class tool in your product's AI features with Mastra's clean agent API
Background jobs: schedule Mastra agents to query HashiCorp Vault on a cron and store results in your database automatically
Multi-agent systems: create specialist agents that collaborate using HashiCorp Vault tools alongside other MCP servers
Example Prompts for HashiCorp Vault in Mastra AI
Ready-to-use prompts you can give your Mastra AI agent to start working with HashiCorp Vault immediately.
"Check the health and initialization status of my Vault server."
"Read the secret stored at 'secret/data/production/api-keys'."
"Renew my current Vault token for another hour."
Troubleshooting HashiCorp Vault MCP Server with Mastra AI
Common issues when connecting HashiCorp Vault to Mastra AI through Vinkius, and how to resolve them.
createMCPClient not exported
npm install @mastra/mcpHashiCorp Vault + Mastra AI FAQ
Common questions about integrating HashiCorp Vault MCP Server with Mastra AI.
How does Mastra AI connect to MCP servers?
MCPClient with the server URL and pass it to your agent. Mastra discovers all tools and makes them available with full TypeScript types.Can Mastra agents use tools from multiple servers?
Does Mastra support workflow orchestration?
Explore More MCP Servers
View all →
Invoice Ninja (Invoicing & Billing)
10 toolsManage invoicing via Invoice Ninja — create clients, track payments, and manage invoices and balances.
Browserhub
10 toolsAutomate web scraping via Browserhub — run scrapers, manage jobs, and retrieve extracted data directly from any AI agent.
Browse AI
12 toolsExtract data from any website without code using trained robots that monitor pages and deliver structured results automatically.
SendCloud
10 toolsLeading email and SMS marketing platform — manage campaigns, templates, and addresses via AI.