HashiCorp Vault MCP. Automate credential handling and policy enforcement.
Gemini Works with every AI agent you already use
…and any MCP-compatible client
Just plug in your AI agents and start using Vinkius.
HashiCorp Vault MCP lets you manage all your infrastructure secrets, encryption keys, and access tokens through natural conversation. Read stored credentials, generate dynamic database logins for AWS or Kubernetes, and audit system policies without leaving your AI client.
It's the central control plane for modern security operations.
What your AI agents can do
Approle login
Logs into Vault using AppRole authentication credentials.
Configure aws root
Sets up the AWS root credentials for use with Vault.
Configure database
Configures a connection point to a specific database type.
The agent creates temporary, time-limited login details for databases, AWS services, or Kubernetes clusters.
You can read, write, and list specific secrets stored within your secure key/value paths.
The agent creates or updates access control policies (ACLs) and manages user roles for strict permission enforcement.
You use the transit engine to encrypt data before storage, or decrypt it when you need to read it back safely.
The agent checks the cluster's operational health and lists all active authentication methods and mounted secrets engines.
Ask AI about this MCP
Supported MCP Clients
OAuth 2.0 Compatible Gemini Waiting for input…
HashiCorp Vault with 40 Tools
Use these tools to read, write, delete, and manage every aspect of your infrastructure's secrets, roles, and access control policies.
Make your AI actually useful.
Add this MCP to Claude, Cursor, or Windsurf and your AI stops guessing. It gets real tools to look things up, take action, and handle the stuff you keep doing by hand.
Start using HashiCorp Vault on Vinkius019e38a6approle login
Logs into Vault using AppRole authentication credentials.
019e38a6configure aws root
Sets up the AWS root credentials for use with Vault.
019e38a6configure database
Configures a connection point to a specific database type.
019e38a6configure kubernetes auth
Sets up authentication using Kubernetes service account tokens.
019e38a6create acl policy
Creates or updates a specific access control list (ACL) policy for Vault resources.
019e38a6create approle role
Creates or modifies an AppRole role definition within the system.
019e38a6create aws role
Defines a new AWS IAM role that Vault can use to generate credentials.
019e38a6create database role
Creates a specific user or service role within a connected database system.
019e38a6create pki role
Establishes a new set of rules for managing PKI certificates.
019e38a6create token
Generates and issues a brand-new, temporary Vault access token.
019e38a6create transit key
Creates a new cryptographic key pair for data encryption operations.
019e38a6create userpass user
Registers a simple user account using a username and password.
019e38a6decrypt transit
Decrypts sensitive data that was previously encrypted using the Vault transit engine.
019e38a6delete kv secret
Removes the latest version of a specific secret stored in the KV v2 engine.
019e38a6enable audit device
Turns on a new auditing mechanism to log system activity.
019e38a6enable auth method
Activates an entirely new way that users can authenticate with Vault (e.g., GitHub, LDAP).
019e38a6enable engine
Turns on a specific secret management engine (like KV or Consul) within the vault.
019e38a6encrypt transit
Encrypts sensitive data using the Vault transit encryption engine.
019e38a6generate approle secret id
Creates a new Secret ID for an existing AppRole, necessary for machine authentication.
019e38a6generate aws creds
Produces dynamic AWS credentials that expire after a set time.
019e38a6generate database creds
Creates temporary, dedicated login credentials for a specified database.
019e38a6generate pki root
Generates the initial root certificate authority key pair for PKI services.
019e38a6get init status
Checks if the Vault cluster has been correctly initialized and is ready to run.
019e38a6get openapi spec
Downloads an OpenAPI V3 document detailing all currently mounted backend services.
019e38a6get system health
Checks the overall operational status of the Vault cluster in real time.
019e38a6github login
Allows a user to log into Vault using their GitHub personal access token.
019e38a6initialize vault
Sets up and initializes an entirely new Vault cluster instance from scratch.
019e38a6issue pki cert
Generates a specific, valid PKI certificate for immediate use.
019e38a6kubernetes login
Authenticates the user using credentials provided by Kubernetes service accounts.
019e38a6list acl policies
Displays all existing access control policies configured in Vault.
019e38a6list audit devices
Lists every enabled mechanism used for monitoring and auditing system activities.
019e38a6list auth methods
Shows all authentication methods (like GitHub or LDAP) that are currently active.
019e38a6list kv secrets
Displays a list of secret paths and metadata within the KV v2 engine.
019e38a6list mounts
Lists all secrets engines that are currently mounted to the Vault instance.
019e38a6list token accessors
Displays a list of token accessors, which helps audit who has elevated privileges.
019e38a6lookup lease
Retrieves details about a temporary lease using its unique ID.
019e38a6lookup self token
Looks up and displays the detailed information regarding the current Vault token used by your agent.
019e38a6map github team
Maps a specific GitHub team name to a predefined set of Vault policies.
019e38a6read kv metadata
Reads non-secret metadata about a specific key/value secret path without exposing the content.
019e38a6read kv secret
Retrieves the actual sensitive data stored at a specified KV v2 engine path.
019e38a6renew lease
Extends the expiration time on an existing temporary access lease.
019e38a6renew self token
Resets and extends the lifespan of your current Vault token.
019e38a6revoke lease
Immediately invalidates a specific, temporary access lease.
019e38a6revoke pki cert
Revokes the validity of an issued PKI certificate before its natural expiration date.
019e38a6revoke self token
Immediately invalidates your current Vault token, requiring re-authentication.
019e38a6rotate transit key
Performs a key rotation cycle on an existing transit encryption key.
019e38a6seal vault
Temporarily seals the Vault, preventing all access to secrets until it is unsealed again.
019e38a6unseal vault
Restores the Vault system and makes all secrets available using a key share.
019e38a6userpass login
Logs into Vault using simple, static username and password credentials.
019e38a6write kv secret
Creates or updates a secret value within the KV v2 engine path for permanent storage.
Choose How to Get Started
Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.
Build Your Own
Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.
- Import from OpenAPI, Swagger, or YAML specs
- Create Agent Skills with progressive disclosure
- Deploy to edge with MCPFusion framework
- Built in DLP, auth, and compliance on every call
- Real time usage dashboard and cost metering
- Publish to catalog or keep private
Make Your AI Do More
Start with HashiCorp Vault, then connect any of our 4,900+ other servers whenever your AI needs more. One click, no limits.
- Use this MCP plus 4,900+ others, all in one place
- Add new capabilities to your AI anytime you want
- Every connection is secured and compliant automatically
- Track usage and costs across all your servers
- Works with Claude, ChatGPT, Cursor, and more
- New servers added to the catalog every week
Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by HashiCorp Vault. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.
VINKIUS INFRASTRUCTURE
Cloud Hosted
Managed infra
V8 Isolated
Sandboxed per request
Zero-Trust Proxy
No stored credentials
DLP Enforced
Policy on every call
GDPR Compliant
EU data residency
Token Compression
~60% cost reduction
Works with Claude, ChatGPT, Cursor, and more
The Model Context Protocol standardizes how applications expose capabilities to LLMs. Instead of operating in isolation, your AI gains direct access to external platforms, live data, and real-world actions through secure, standardized connections.
This server provides 50 capabilities that interface natively with Claude, ChatGPT, Cursor, and any MCP client. No middleware. No custom integration required.
Managing secrets means copying and pasting from 8 different dashboards.
Right now, rotating a single database password requires jumping between the service dashboard, the identity provider, and the application config file. You copy a temporary key into one place, then paste it into another, all while praying you don't accidentally commit that plaintext secret to Git.
With this MCP, you just tell your agent: 'Rotate the staging database password.' It handles the entire lifecycle—calling tools like `generate_database_creds` and updating the necessary records—and gives you a single, clean confirmation. The whole manual process collapses into one conversation.
Generate dynamic credentials for any service.
You no longer have to wait for an admin to manually generate a temporary AWS key or create a new Kubernetes role. You simply ask the agent to `generate_aws_creds` or use `create_approle_role`, and it runs the necessary backend logic immediately.
This means your services get credentials in seconds, not hours. It's about moving from static, risky assets to temporary, controlled access.
What you can do with this MCP connector
Managing sensitive data used across development teams is a nightmare if you rely on static files or manual processes. This MCP connects directly to your HashiCorp Vault instance, giving your agent full visibility into your secrets landscape. You can read stored API keys from KV mounts, generate temporary credentials for external services like AWS and databases, or even decrypt sensitive payloads using the transit engine—all through simple commands.
It handles more than just storage; it controls identity. Need to change an access policy? Just ask. Want to check if the cluster is healthy? You can. By connecting this MCP via Vinkius, you turn complex security workflows into conversational actions, keeping your sensitive data locked down while giving developers and ops engineers what they need, exactly when they need it.
019e38a6-3017-71b5-b2db-f5919385da3b 
How HashiCorp Vault MCP Works
- 1 First, subscribe to this MCP and provide your Vault address and security token.
- 2 Next, use your AI client to issue commands—for example, asking it to generate dynamic database credentials or read a specific API key.
- 3 The agent executes the request against your vault instance, retrieving the necessary credential or data directly for you.
The bottom line is that your entire infrastructure security setup runs through natural language commands instead of multiple dashboards.
Who Is HashiCorp Vault MCP For?
This MCP targets the DevOps Engineer tired of juggling credential managers, the Security Analyst who needs to audit policy changes instantly, and the Developer who can't afford context switching when fetching a development API key.
Automating secret rotation or provisioning new environments by calling tools like create_approle_role instead of manually updating configuration files.
Auditing who accessed which secrets and managing system access control policies using calls to list_token_accessors or read_kv_metadata.
Fetching local development secrets (like a database connection string) by invoking the appropriate read tool, keeping them in the IDE.
What Changes When You Connect
- Stop juggling credentials. You can use the agent to generate dynamic AWS credentials or database logins on demand, meaning your service accounts never use static passwords.
- Full visibility into security posture. Need to know who accessed what? Use
list_token_accessorsandread_kv_metadatato audit access without manual dashboard reports. - Centralized control over access policies. Instead of touching configuration files, you tell the agent to
create_acl_policy, enforcing least privilege immediately. - Handling sensitive data is safer than ever. You can use
encrypt_transitanddecrypt_transitfor end-to-end protection without exposing keys anywhere in your workflow. - Never lose track of service status. Check the cluster's health with
get_system_health, or list all active authentication methods usinglist_auth_methodsto verify connectivity.
Real-World Use Cases
Onboarding a new developer to a project
A developer needs access to the staging database. Instead of asking an admin for temporary credentials, they ask their agent: 'Generate dynamic credentials for the staging Postgres DB.' The agent calls generate_database_creds and returns valid, time-limited login details instantly.
Performing a security audit
The Security Analyst needs to know if any service account has overly broad permissions. They prompt the agent: 'List all ACL policies.' The agent calls list_acl_policies, allowing them to verify that roles only have what they need.
Fixing a forgotten API key
A service fails because an API key was rotated. The engineer asks: 'Read the secret stored at production/api-keys.' The agent calls read_kv_secret, retrieves the necessary data, and gets the service back online.
Preparing for a new microservice deployment
The team needs to add a new authentication source. They ask: 'Enable GitHub as an auth method.' The agent calls enable_auth_method and guides them through the required setup steps.
The Tradeoffs
Using static credentials everywhere
The developer hardcodes a long-lived AWS secret key into their local startup script, making it permanently visible in git history.
→
Instead, they ask the agent to generate_aws_creds. This creates temporary keys that expire automatically, eliminating the need for static credentials entirely.
Forgetting to check system status
The application fails at runtime because nobody knows if Vault is actually available or sealed. The engineer wastes 30 minutes checking logs.
→
Always start by asking the agent to get_system_health. This confirms the cluster is unsealed and operational before any other calls are made.
Giving too much access upfront
The admin uses a single tool call that grants read/write access globally, violating least privilege.
→
Instead, they use create_acl_policy to define extremely narrow rules. They only grant 'read' access on one specific path and nothing else.
When It Fits, When It Doesn't
You should use this MCP if your primary pain point is managing credentials (API keys, database passwords, tokens) or controlling system permissions at scale. This is for security infrastructure automation; it's about who can do what, and when. Don't use this if you are just trying to read general application data that isn't sensitive. For simple configuration checks, get_system_health is sufficient. If your goal is merely listing resources without changing permissions, tools like list_acl_policies work fine. But if the task involves generating a key, encrypting data, or defining an access boundary, this MCP is required.
Common Questions About HashiCorp Vault MCP
How do I check if Vault is ready to use with the `get_system_health` tool? +
The agent runs get_system_health and reports back a status code. You want to see '200 OK' and confirmation that the vault is unsealed before trying any other operation.
What do I use if I need to store a new API key? Should I call `write_kv_secret`? +
Yes, you use write_kv_secret. This tool ensures the secret is saved in the secure KV v2 engine path and is version-controlled within Vault.
Can I revoke a credential using `revoke_self_token`? +
No, revoke_self_token only invalidates your current session token. To remove an API key or temporary access right, you need to call the specific tool for that resource.
How does `create_acl_policy` work? +
create_acl_policy lets you define granular rules. You specify exactly which paths can be read or written to, ensuring only authorized actions are possible.
If I'm integrating a new service, how do I authenticate using the `approle_login` tool? +
You use AppRole credentials for machine-to-machine authentication. This requires defining specific roles and secrets within Vault first, which then allows your agent to assume those defined permissions.
When setting up a new database connection, what do I need to know about using `configure_database`? +
You must first define the necessary backend roles and credential generation methods for that specific database. The tool handles generating temporary credentials on demand when your agent requests them.
What kind of audit information can I gather by calling `list_token_accessors`? +
This command lists all accessors tied to a given token, helping you audit exactly which resources that specific token is allowed to interact with. It's critical for checking permissions.
How does the `issue_pki_cert` tool work to generate new client certificates? +
This command issues a signed X.509 certificate based on your existing PKI roles and policies. You'll need to specify key details like the common name and desired expiration date.
Use it with your favorite AI tools
Connect this server to Cursor, Claude, VS Code, and more.