Claude DesktopIDE

HashiCorp Vault MCP Server

Bring Secrets Management
to Claude Desktop

Name: HashiCorp Vault MCP Server
Price: 29 USD
Availability: InStock
Rating: 4.9 (1 reviews)
Author: Vinkius

Learn how to connect HashiCorp Vault to Claude Desktop and start using 50 AI agent tools in minutes. Fully managed, enterprise secure, and ready to use without writing a single line of code.

GDPR Free for Subscribers

Approle LoginConfigure Aws RootConfigure DatabaseConfigure Kubernetes AuthCreate Acl PolicyCreate Approle RoleCreate Aws RoleCreate Database RoleCreate Pki RoleCreate TokenCreate Transit KeyCreate Userpass UserDecrypt TransitDelete Kv SecretEnable Audit DeviceEnable Auth MethodEnable EngineEncrypt TransitGenerate Approle Secret IdGenerate Aws CredsGenerate Database CredsGenerate Pki RootGet Init StatusGet Openapi SpecGet System HealthGithub LoginInitialize VaultIssue Pki CertKubernetes LoginList Acl PoliciesList Audit DevicesList Auth MethodsList Kv SecretsList MountsList Token AccessorsLookup LeaseLookup Self TokenMap Github TeamRead Kv MetadataRead Kv SecretRenew LeaseRenew Self TokenRevoke LeaseRevoke Pki CertRevoke Self TokenRotate Transit KeySeal VaultUnseal VaultUserpass LoginWrite Kv Secret

Unlock for AI Agents

Ask AI about this MCP Server ChatGPT Claude Perplexity

Compatible with every major AI agent and IDE

Claude

ChatGPT

Cursor

Gemini

Windsurf

VS Code

JetBrains

Vercel

+ other MCP clients

What is the HashiCorp Vault MCP Server?

Connect your HashiCorp Vault instance to any AI agent to automate secrets management and security operations through natural language.

What you can do

Secrets Management — Read, write, and list KV secrets directly from your secure mounts using the KV engine.
Dynamic Credentials — Generate on-demand credentials for Databases, AWS, and PKI certificates without manual intervention.
Token Operations — Create, lookup, and renew tokens to manage session lifecycles and access control.
Transit Encryption — Encrypt and decrypt data using Vault's transit engine to protect sensitive information without exposing keys.
System Administration — Check cluster health, manage mounts, and configure auth methods or ACL policies directly.

How it works

Subscribe to this server
Provide your Vault Address and Token
Start managing your infrastructure security from Claude, Cursor, or any MCP-compatible client

Who is this for?

DevOps Engineers — automate secret rotation and infrastructure provisioning workflows.
Security Teams — audit token accessors and manage ACL policies through conversation.
Developers — fetch development secrets and generate local database credentials without leaving the IDE.

Built-in capabilities (50)

approle_login

configure_aws_root

Configure AWS root credentials

configure_database

Configure a database connection

configure_kubernetes_auth

Configure Kubernetes authentication

create_acl_policy

Create or update an ACL policy

create_approle_role

Create or update an AppRole role

create_aws_role

Create an AWS role

create_database_role

Create a database role

create_pki_role

Create a PKI role

create_token

Create a new Vault token

create_transit_key

Create a new Transit key

create_userpass_user

Create a new Userpass user

decrypt_transit

Decrypt data using Transit engine

delete_kv_secret

Delete the latest version of a KV v2 secret

enable_audit_device

Enable an audit device

enable_auth_method

Enable a new auth method

enable_engine

Enable a new secrets engine

encrypt_transit

Encrypt data using Transit engine

generate_approle_secret_id

Generate a new Secret ID for an AppRole

generate_aws_creds

Generate dynamic AWS credentials

generate_database_creds

Generate dynamic database credentials

generate_pki_root

Generate a new PKI root certificate

get_init_status

Check Vault initialization status

get_openapi_spec

Generate OpenAPI V3 document of mounted backends

get_system_health

Check Vault system health

github_login

initialize_vault

Initialize a new Vault cluster

issue_pki_cert

Issue a new PKI certificate

kubernetes_login

list_acl_policies

List ACL policies

list_audit_devices

List enabled audit devices

list_auth_methods

List enabled auth methods

list_kv_secrets

List secrets in a KV v2 engine path

list_mounts

List mounted secrets engines

list_token_accessors

List token accessors (requires sudo)

lookup_lease

Lookup a lease by ID

lookup_self_token

Lookup details about the current Vault token

map_github_team

Map a GitHub team to Vault policies

read_kv_metadata

Read metadata for a KV v2 secret

read_kv_secret

Read a secret from KV v2 engine

renew_lease

Renew a lease

renew_self_token

Renew the current Vault token

revoke_lease

Revoke a lease

revoke_pki_cert

Revoke a PKI certificate

revoke_self_token

Revoke the current Vault token

rotate_transit_key

Rotate a Transit key

seal_vault

Seal the Vault

unseal_vault

Unseal the Vault with a key share

userpass_login

write_kv_secret

Create or update a secret in KV v2 engine

Why Claude Desktop?

Claude Desktop is the definitive way to connect HashiCorp Vault to your AI workflow. Add Vinkius Edge URL to your config, restart the app, and Claude immediately exposes all 50 tools in the chat interface. ask a question, Claude calls the right tool, and you see the answer. Zero code, zero context switching.

—
Claude Desktop is the reference MCP client. it was designed alongside the protocol itself, ensuring the most complete and stable MCP implementation available
—
Zero-code configuration: add a server URL to a JSON file and Claude instantly discovers and exposes all available tools in the chat interface
—
Claude's extended thinking capability lets it reason through multi-step tool usage, chaining multiple API calls to answer complex questions
—
Enterprise-grade security with local config storage. your tokens never leave your machine, and connections go directly to Vinkius Edge network

See it in action

HashiCorp Vault in Claude Desktop

AI Agent→Vinkius

High Security·Kill Switch·Plug and Play

Why Vinkius

HashiCorp Vault and 4,000+ other MCP servers. One platform. One governance layer.

Teams that connect HashiCorp Vault to Claude Desktop through Vinkius don't need to source, host, or maintain individual MCP servers. Every tool call runs inside a hardened runtime with credential isolation, DLP, and a signed audit chain.

4,000+MCP Servers ready

<40msCold start

60%Token savings

	Raw MCP	Vinkius
Server catalog	Find and host yourself	4,000+ managed
Infrastructure	Self-hosted	Sandboxed V8 isolates
Credential handling	Plaintext in config	Vault + runtime injection
Data loss prevention	None	Configurable DLP policies
Kill switch	None	Global instant shutdown
Financial circuit breakers	None	Per-server limits + alerts
Audit trail	None	Ed25519 signed logs
SIEM log streaming	None	Splunk, Datadog, Webhook
Honeytokens	None	Canary alerts on leak
Custom domains	Not applicable	DNS challenge verified
GDPR compliance	Manual effort	Automated purge + export

Unlock for AI Agents View step-by-step setup guide for Claude Desktop →

Enterprise Security

Why teams choose Vinkius for HashiCorp Vault in Claude Desktop

The HashiCorp Vault MCP Server runs on Vinkius-managed infrastructure inside AWS — a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts. All 50 tools execute in hardened sandboxes optimized for native MCP execution.

Your AI agents in Claude Desktop only access the data you authorize, with DLP that blocks sensitive information from ever reaching the model, kill switch for instant shutdown, and up to 60% token savings. Enterprise-grade infrastructure, zero maintenance.

Unlock for AI Agents View full HashiCorp Vault details →

Fully ManagedVinkius Servers

60%Token savings

High SecurityEnterprise-grade

IAMAccess control

EU AI ActCompliant

DLPData protection

V8 IsolateSandboxed

Ed25519Audit chain

<40msKill switch

Stream every event to Splunk, Datadog, or your own webhook in real-time

* Every MCP server runs on Vinkius-managed infrastructure inside AWS - a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts optimized for native MCP execution. See our infrastructure

The Vinkius Advantage

How Vinkius secures
HashiCorp Vault for Claude Desktop

Every tool call from Claude Desktop to the HashiCorp Vault MCP Server is protected by DLP redaction, cryptographic audit chains, V8 sandbox isolation, kill switch, and financial circuit breakers.

< 40msCold start

Ed25519Signed audit chain

60%Token savings

FAQ

Frequently asked questions

Can I check the remaining TTL and policies of my current session token?

Yes. Use the lookup_self_token tool. It returns the creation time, TTL, associated policies, and metadata for the token currently in use.

How do I retrieve a specific secret from a KV version 2 engine?

Use the read_kv_secret tool by providing the path to the secret. The agent will fetch the data and present the key-value pairs securely.

Is it possible to generate temporary database credentials through the agent?

Yes. If the database engine is configured, use generate_database_creds with the specific role name to receive a temporary username and password.

How does Claude Desktop discover MCP tools?

When Claude Desktop starts, it reads the claude_desktop_config.json file and connects to each configured MCP server. It calls the tools/list endpoint to fetch the schema for every available tool, then surfaces them as clickable options in the chat interface via the 🔌 icon.

What happens if the MCP server is temporarily unavailable?

Claude Desktop handles disconnections gracefully. if the server is unreachable at startup, the tools simply won't appear. Once the server becomes available again, restarting Claude Desktop will re-establish the connection. There is no timeout penalty or error loop.

Can I connect multiple MCP servers simultaneously?

Yes. You can add as many servers as you need in the mcpServers section of the config file. Each server appears as a separate tool provider, and Claude can use tools from multiple servers in a single conversation turn.

Is there a limit on the number of tools per server?

Claude Desktop can handle hundreds of tools per server. However, for optimal LLM performance, Vinkius servers are designed to expose focused, well-documented tool sets rather than overwhelming the model with too many options.

Does Claude Desktop support Streamable HTTP transport?

Yes. Claude Desktop supports both SSE (Server-Sent Events) and the newer Streamable HTTP transport that Vinkius uses. Simply provide the server URL. Claude auto-negotiates the transport protocol.

Server not appearing after restart

Ensure the JSON is valid (no trailing commas). Check the file path: ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\\Claude\\ (Windows).

Authentication error

Verify your Vinkius token is correct. Go to cloud.vinkius.com to regenerate it if needed.

Tools not showing in chat

Click the 🔌 icon at the bottom of the chat input. If it shows 0 tools, the server may still be connecting. wait a few seconds.

Explore More MCP Servers

View all →

Dialog Insight

10 tools

Equip your AI agent to manage marketing contacts, track campaigns, and monitor engagement via the Dialog Insight API.

Grain

12 tools

Manage AI meeting notes via Grain — list and search recordings, retrieve transcripts and AI insights, and track action items directly from any AI agent.