VS Code CopilotIDE

HashiCorp Vault MCP Server

Bring Secrets Management
to VS Code Copilot

Name: HashiCorp Vault MCP Server
Price: 29 USD
Availability: InStock
Rating: 4.9 (1 reviews)
Author: Vinkius

Learn how to connect HashiCorp Vault to VS Code Copilot and start using 50 AI agent tools in minutes. Fully managed, enterprise secure, and ready to use without writing a single line of code.

GDPR Free for Subscribers

Approle LoginConfigure Aws RootConfigure DatabaseConfigure Kubernetes AuthCreate Acl PolicyCreate Approle RoleCreate Aws RoleCreate Database RoleCreate Pki RoleCreate TokenCreate Transit KeyCreate Userpass UserDecrypt TransitDelete Kv SecretEnable Audit DeviceEnable Auth MethodEnable EngineEncrypt TransitGenerate Approle Secret IdGenerate Aws CredsGenerate Database CredsGenerate Pki RootGet Init StatusGet Openapi SpecGet System HealthGithub LoginInitialize VaultIssue Pki CertKubernetes LoginList Acl PoliciesList Audit DevicesList Auth MethodsList Kv SecretsList MountsList Token AccessorsLookup LeaseLookup Self TokenMap Github TeamRead Kv MetadataRead Kv SecretRenew LeaseRenew Self TokenRevoke LeaseRevoke Pki CertRevoke Self TokenRotate Transit KeySeal VaultUnseal VaultUserpass LoginWrite Kv Secret

Unlock for AI Agents

Ask AI about this MCP Server ChatGPT Claude Perplexity

Compatible with every major AI agent and IDE

Claude

ChatGPT

Cursor

Gemini

Windsurf

VS Code

JetBrains

Vercel

+ other MCP clients

What is the HashiCorp Vault MCP Server?

Connect your HashiCorp Vault instance to any AI agent to automate secrets management and security operations through natural language.

What you can do

Secrets Management — Read, write, and list KV secrets directly from your secure mounts using the KV engine.
Dynamic Credentials — Generate on-demand credentials for Databases, AWS, and PKI certificates without manual intervention.
Token Operations — Create, lookup, and renew tokens to manage session lifecycles and access control.
Transit Encryption — Encrypt and decrypt data using Vault's transit engine to protect sensitive information without exposing keys.
System Administration — Check cluster health, manage mounts, and configure auth methods or ACL policies directly.

How it works

Subscribe to this server
Provide your Vault Address and Token
Start managing your infrastructure security from Claude, Cursor, or any MCP-compatible client

Who is this for?

DevOps Engineers — automate secret rotation and infrastructure provisioning workflows.
Security Teams — audit token accessors and manage ACL policies through conversation.
Developers — fetch development secrets and generate local database credentials without leaving the IDE.

Built-in capabilities (50)

approle_login

configure_aws_root

Configure AWS root credentials

configure_database

Configure a database connection

configure_kubernetes_auth

Configure Kubernetes authentication

create_acl_policy

Create or update an ACL policy

create_approle_role

Create or update an AppRole role

create_aws_role

Create an AWS role

create_database_role

Create a database role

create_pki_role

Create a PKI role

create_token

Create a new Vault token

create_transit_key

Create a new Transit key

create_userpass_user

Create a new Userpass user

decrypt_transit

Decrypt data using Transit engine

delete_kv_secret

Delete the latest version of a KV v2 secret

enable_audit_device

Enable an audit device

enable_auth_method

Enable a new auth method

enable_engine

Enable a new secrets engine

encrypt_transit

Encrypt data using Transit engine

generate_approle_secret_id

Generate a new Secret ID for an AppRole

generate_aws_creds

Generate dynamic AWS credentials

generate_database_creds

Generate dynamic database credentials

generate_pki_root

Generate a new PKI root certificate

get_init_status

Check Vault initialization status

get_openapi_spec

Generate OpenAPI V3 document of mounted backends

get_system_health

Check Vault system health

github_login

initialize_vault

Initialize a new Vault cluster

issue_pki_cert

Issue a new PKI certificate

kubernetes_login

list_acl_policies

List ACL policies

list_audit_devices

List enabled audit devices

list_auth_methods

List enabled auth methods

list_kv_secrets

List secrets in a KV v2 engine path

list_mounts

List mounted secrets engines

list_token_accessors

List token accessors (requires sudo)

lookup_lease

Lookup a lease by ID

lookup_self_token

Lookup details about the current Vault token

map_github_team

Map a GitHub team to Vault policies

read_kv_metadata

Read metadata for a KV v2 secret

read_kv_secret

Read a secret from KV v2 engine

renew_lease

Renew a lease

renew_self_token

Renew the current Vault token

revoke_lease

Revoke a lease

revoke_pki_cert

Revoke a PKI certificate

revoke_self_token

Revoke the current Vault token

rotate_transit_key

Rotate a Transit key

seal_vault

Seal the Vault

unseal_vault

Unseal the Vault with a key share

userpass_login

write_kv_secret

Create or update a secret in KV v2 engine

Why VS Code Copilot?

GitHub Copilot Agent mode brings HashiCorp Vault data directly into your VS Code workflow. With a project-scoped config, the entire team shares access to 50 tools. Copilot queries live data, generates typed code, and writes tests from actual API responses, all without leaving the editor.

—
VS Code is used by over 70% of developers. adding MCP tools to Copilot means your team can leverage external data without leaving their primary editor
—
Project-scoped MCP configs (.vscode/mcp.json) let you commit server configurations to your repository, ensuring the entire team shares the same tool access
—
Copilot's Agent mode integrates MCP tools seamlessly with file editing, terminal commands, and workspace search in a single agentic loop
—
GitHub's enterprise compliance and audit features extend to MCP tool usage, providing visibility into how AI interacts with external services

See it in action

HashiCorp Vault in VS Code Copilot

AI Agent→Vinkius

High Security·Kill Switch·Plug and Play

Why Vinkius

HashiCorp Vault and 4,000+ other MCP servers. One platform. One governance layer.

Teams that connect HashiCorp Vault to VS Code Copilot through Vinkius don't need to source, host, or maintain individual MCP servers. Every tool call runs inside a hardened runtime with credential isolation, DLP, and a signed audit chain.

4,000+MCP Servers ready

<40msCold start

60%Token savings

	Raw MCP	Vinkius
Server catalog	Find and host yourself	4,000+ managed
Infrastructure	Self-hosted	Sandboxed V8 isolates
Credential handling	Plaintext in config	Vault + runtime injection
Data loss prevention	None	Configurable DLP policies
Kill switch	None	Global instant shutdown
Financial circuit breakers	None	Per-server limits + alerts
Audit trail	None	Ed25519 signed logs
SIEM log streaming	None	Splunk, Datadog, Webhook
Honeytokens	None	Canary alerts on leak
Custom domains	Not applicable	DNS challenge verified
GDPR compliance	Manual effort	Automated purge + export

Unlock for AI Agents View step-by-step setup guide for VS Code Copilot →

Enterprise Security

Why teams choose Vinkius for HashiCorp Vault in VS Code Copilot

The HashiCorp Vault MCP Server runs on Vinkius-managed infrastructure inside AWS — a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts. All 50 tools execute in hardened sandboxes optimized for native MCP execution.

Your AI agents in VS Code Copilot only access the data you authorize, with DLP that blocks sensitive information from ever reaching the model, kill switch for instant shutdown, and up to 60% token savings. Enterprise-grade infrastructure, zero maintenance.

Unlock for AI Agents View full HashiCorp Vault details →

Fully ManagedVinkius Servers

60%Token savings

High SecurityEnterprise-grade

IAMAccess control

EU AI ActCompliant

DLPData protection

V8 IsolateSandboxed

Ed25519Audit chain

<40msKill switch

Stream every event to Splunk, Datadog, or your own webhook in real-time

* Every MCP server runs on Vinkius-managed infrastructure inside AWS - a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts optimized for native MCP execution. See our infrastructure

The Vinkius Advantage

How Vinkius secures
HashiCorp Vault for VS Code Copilot

Every tool call from VS Code Copilot to the HashiCorp Vault MCP Server is protected by DLP redaction, cryptographic audit chains, V8 sandbox isolation, kill switch, and financial circuit breakers.

< 40msCold start

Ed25519Signed audit chain

60%Token savings

FAQ

Frequently asked questions

Can I check the remaining TTL and policies of my current session token?

Yes. Use the lookup_self_token tool. It returns the creation time, TTL, associated policies, and metadata for the token currently in use.

How do I retrieve a specific secret from a KV version 2 engine?

Use the read_kv_secret tool by providing the path to the secret. The agent will fetch the data and present the key-value pairs securely.

Is it possible to generate temporary database credentials through the agent?

Yes. If the database engine is configured, use generate_database_creds with the specific role name to receive a temporary username and password.

Which VS Code version supports MCP?

MCP support requires VS Code 1.99 or later with the GitHub Copilot extension. Ensure both are updated to the latest version. Older versions of Copilot may not expose the Agent mode toggle.

How do I switch to Agent mode?

Open the Copilot Chat panel and look for two mode options: "Ask" and "Agent". Click "Agent" to enable autonomous tool calling. In Ask mode, Copilot provides conversational answers but cannot invoke MCP tools.

Can I restrict which MCP tools Copilot can access?

Yes. VS Code shows a tool consent dialog before any MCP tool is invoked for the first time. You can also configure tool access policies at the organization level through GitHub Copilot settings.

Does MCP work in VS Code Remote or Codespaces?

Yes. MCP servers configured via .vscode/mcp.json work in Remote SSH, WSL, and GitHub Codespaces environments. The MCP connection is established from the remote host, so ensure the server URL is accessible from that environment.

MCP tools not available

Ensure you are in Agent mode in Copilot Chat. MCP tools only appear in Agent mode.

Explore More MCP Servers

View all →

Chargeblast

8 tools

Manage chargeback prevention and dispute alerts via Chargeblast — intercept disputes, automate refunds, and audit deflection logs directly from any AI agent.

Snov.io

10 tools

Find business emails, verify deliverability, and run multi-step drip campaigns that fill your outbound sales pipeline.

Cleared (ClearedIn)

8 tools

Manage identity verification and background screening via Cleared — track verifications, monitor screenings, and audit security logs directly from any AI agent.