Zero-knowledge secret vault for AI agents: secrets injected into commands, never seen by the model
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"wundervault": {
"env": {
"WUNDERVault_AGENT_KEY": "<BASE64_ENCRYPTION_KEY>",
"WUNDERVault_AGENT_VAULT_URL": "https://wundervault.com",
"WUNDERVault_AGENT_VAULT_API_KEY": "wv_agent_<AGENT_ID>|<KEY_SUFFIX>"
},
"command": "wundervault-mcp"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
MCP server for Wundervault zero-knowledge secret management. Exposes vault secrets to AI agents via the Model Context Protocol — secrets are decrypted server-side and never returned to the agent in plaintext.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
npx -y '@wundervault/mcp-server' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
Checked @wundervault/mcp-server against OSV.dev.
Click any tool to inspect its schema.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in ai-ml
Dynamic problem-solving through sequential thought chains
Persistent memory using a knowledge graph
An autonomous agent that conducts deep research on any data using any LLM providers
🌊 The leading agent orchestration platform for Claude. Deploy intelligent multi-agent swarms, coordinate autonomous workflows, and build conversational AI systems. Features enterprise-grade architecture, distributed swarm intelligence, RAG integration, and native Claude Code / Codex Integration
MCP Security Weekly
Get CVE alerts and security updates for io.github.wundervault/wundervault-mcp and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
MCP server for Wundervault zero-knowledge secret management. Exposes vault secrets to AI agents via the Model Context Protocol — secrets are decrypted server-side and never returned to the agent in plaintext.
npm install -g @wundervault/mcp-server
{
"mcpServers": {
"wundervault": {
"command": "wundervault-mcp",
"env": {
"WUNDERVault_AGENT_VAULT_URL": "https://wundervault.com",
"WUNDERVault_AGENT_VAULT_API_KEY": "wv_agent_<AGENT_ID>|<KEY_SUFFIX>",
"WUNDERVault_AGENT_KEY": "<BASE64_ENCRYPTION_KEY>"
}
}
}
}
Or using a credentials file:
wundervault-mcp --credentials ~/.wundervault/creds.json
"Secret retrieved and burned.".exec parameter, stdout/stderr are scrubbed of the plaintext before being returned.crypto.timingSafeEqual.vault_entries_listList all vault entries available to this agent. Returns entry IDs and secret names — no values.
Input: {}
Output: "Vault entries (N):\n [entry_id] secret_name (tier: read)"
vault_entry_getRetrieve and decrypt a vault secret. Optionally execute a command with it.
Input:
entry_id: string # from vault_entries_list
purpose: string # audit log reason
exec?: string # optional shell command
Output: "Secret retrieved and burned." (plaintext NEVER returned)
Secure exec pattern (sudo example):
sudo -S systemctl restart nginx <<< "$WUNDERVault_SECRET"
Do NOT use echo $WUNDERVault_SECRET | sudo -S — that exposes the secret in process logs.
vault_entry_forgetDiscard a local reference. No-op on the server.
Input: { entry_id: string }
Output: "Reference [id] discarded from local context."
--api-key, --enc-key, --url)WUNDERVault_AGENT_VAULT_API_KEY, WUNDERVault_AGENT_KEY, WUNDERVault_AGENT_VAULT_URL)WUNDERVault_CREDENTIALS_FILE env var (explicit path)~/.wundervault/creds.json~/.config/wundervault/credentials (XDG){
"agent_vault_url": "https://wundervault.com",
"agent_vault_api_key": "wv_agent_<ID>|<SUFFIX>",
"agent_encryption_key": "<BASE64_URL_SAFE_32_BYTES>"
}
wundervault-mcp [options]
--api-key <key> Agent API key
--enc-key <key> Encryption key (base64 URL-safe)
--url <url> API base URL (default: https://wundervault.com)
--credentials <f> Path to credentials JSON file
--help Show help
Set WUNDERVAULT_MOCK=1 to run the server without a wundervault-agent
daemon or any credentials. In this mode every tool call returns a representative
response clearly labelled [DEMO MODE] instead of contacting the vault — no
real secret is ever involved. This exists so MCP directory scanners and CI
(e.g. Glama) can start the server, exercise each tool,