Vault MCP Server

The Vault MCP Server is a Model Context Protocol (MCP) server implementation that provides integration with HashiCorp Vault for managing secrets and mounts. This server uses both stdio and StreamableHTTP transports for MCP communication, making it compatible with Claude for Desktop and other MCP clients.

Security Note: At this stage, the MCP server is intended for local use only. If using the StreamableHTTP transport, always configure the MCP_ALLOWED_ORIGINS environment variable to restrict access to trusted origins only. This helps prevent DNS rebinding attacks and other cross-origin vulnerabilities.

Security Note: Depending on the query, the MCP server may expose certain Vault data, including Vault secrets, to the MCP client and LLM. Do not use the MCP server with untrusted MCP clients or LLMs.

Legal Note: Your use of a third party MCP Client/LLM is subject solely to the terms of use for such MCP/LLM, and IBM is not responsible for the performance of such third party tools. IBM expressly disclaims any and all warranties and liability for third party MCP Clients/LLMs, and may not be able to provide support to resolve issues which are caused by the third party tools.

Caution: The outputs and recommendations provided by the MCP server are generated dynamically and may vary based on the query, model, and the connected MCP client. Users should thoroughly review all outputs/recommendations to ensure they align with their organization’s security best practices, cost-efficiency goals, and compliance requirements before implementation.

Features

• Create new mounts in Vault (KV v1, KV v2)
• List all available mounts
• Delete a mount
• Write secrets to KV mounts
• Read secrets from KV mounts
• List all secrets under a path
• Delete a complete secret or a key of a secret
• Comprehensive HTTP middleware stack (CORS, logging, Vault context)
• Session-based Vault client management
• Structured logging with configurable output

Prerequisites

• Go 1.24 or later (if building from source)
• Docker
• HashiCorp Vault server running locally or remotely
• A valid Vault token with appropriate permissions

Setup

1. Clone the repository:

   git clone https://github.com/hashicorp/vault-mcp-server.git
   cd vault-mcp-server
   

2. Build the binary:

   make build
   

3. Run the server:

   Stdio mode (default):

   ./vault-mcp-server
   # or explicitly
   ./vault-mcp-server stdio
   

   HTTP mode:

   ./vault-mcp-server http --transport-port 8080
   # or using make
   make run-http
   

Environment Variables

The server can be configured using environment variables:

• VAULT_ADDR: Vault server address (default: http://127.0.0.1:8200)
• VAULT_TOKEN: Vault authentication token (required)
• VAULT_NAMESPACE: Vault namespace (optional)
• TRANSPORT_MODE: Set to http to enable HTTP mode
• TRANSPORT_HOST: Host to bind to for HTTP mode (default: 127.0.0.1)
• TRANSPORT_PORT: Port for HTTP mode (default: 8080)
• MCP_ENDPOINT: HTTP server endpoint path (default: /mcp)
• MCP_ALLOWED_ORIGINS: Comma-separated list of allowed origins for CORS (default: "")
• MCP_CORS_MODE: CORS mode: strict, development, or disabled (default: strict)
• MCP_TLS_CERT_FILE: Location of the TLS certificate file (e.g. /path/to/cert.pem) (default: "")
• MCP_TLS_KEY_FILE: Location of the TLS key file (e.g. /path/to/key.pem)(default: "")
• MCP_RATE_LIMIT_GLOBAL: Global rate limit (format: rps:burst) (default: 10:20)
• MCP_RATE_LIMIT_SESSION: Per-session rate limit (format: rps:burst) (default: 5:10)

HTTP Mode Configuration

In HTTP mode, Vault configuration can be provided through multiple methods (in order of precedence):

• **HT

... View full README on GitHub