secure-vault-mcp

MCP server for agent-native secrets management. 24,008 secrets have been found in MCP config files on public GitHub. This server solves that.

Agents need secrets to call APIs, but they shouldn't see raw values. secure-vault-mcp stores secrets encrypted with AES-256-GCM, issues short-lived scoped tokens, and injects secrets into requests server-side so the agent never handles plaintext credentials.

Install

npx secure-vault-mcp

Claude Desktop

Add to claude_desktop_config.json:

{
  "mcpServers": {
    "secure-vault": {
      "command": "npx",
      "args": ["secure-vault-mcp"]
    }
  }
}

From source

git clone https://github.com/mdfifty50-boop/secure-vault-mcp.git
cd secure-vault-mcp
npm install
node src/index.js

Tools

store_secret

Store an encrypted secret with optional rotation policy.

Param	Type	Default	Description
name	string	required	Secret name (e.g. "openai_api_key")
value	string	required	Secret value — encrypted immediately
service	string	"default"	Service this secret belongs to
rotation_policy	string	"none"	"none", "daily", "weekly", "monthly"

get_agent_token

Issue a short-lived, scoped token. The agent receives an opaque token ID, never the raw secret.

Param	Type	Default	Description
agent_id	string	required	Requesting agent identifier
service	string	required	Service to get a token for
scope	string	"read"	"read", "write", "admin"
ttl_seconds	number	300	Token TTL (10s to 86400s)

rotate_secrets

Rotate all secrets for a service. Old tokens are invalidated.

Param	Type	Description
service	string	Service whose secrets to rotate
new_value	string	New secret value

audit_secret_access

View who accessed what secrets over a time range.

Param	Type	Default	Description
time_range	string	"24h"	"1h", "6h", "24h", "7d", "all"
agent_id	string	optional	Filter by agent
secret_name	string	optional	Filter by secret

scan_config_for_leaks

Scan config text for exposed secrets. Detects AWS keys, GitHub tokens, OpenAI/Anthropic keys, Slack tokens, Stripe keys, private key blocks, bearer tokens, and generic credentials using 12 regex patterns.

Param	Type	Default	Description
config_text	string	required	Config content to scan
source_label	string	"unknown"	Label for audit trail

inject_secret_to_request

Return a request with the secret injected server-side. The agent provides a template with {{SECRET}} placeholder and a valid token ID.

Param	Type	Description
token_id	string	Token from get_agent_token
request_template	string	Template with {{SECRET}} placeholder

Resources

URI	Description
secure-vault://secrets	All stored secret names with metadata (no raw values)

Usage Pattern

1. store_secret — store credentials at setup time
2. get_agent_token — agent requests a scoped, time-limited token
3. inject_secret_to_request — inject secret into API call template
4. rotate_secrets — rotate when needed, old tokens auto-invalidate
5. scan_config_for_leaks — check config files before committing
6. audit_secret_access — review access trail

Security Model

• Secrets encrypted at rest with AES-256-GCM using a server-generated key
• Agents receive opaque token IDs, never raw secret values
• Tokens are scoped (read/write/admin) and time-limited (default 5 minutes)
• Token rotation invalidates all outstanding tokens for the rotated secret
• Full audit trail of every store, token issuance,

... View full README on GitHub