Vault (Docker) MCP Server
CommunityContributed by HashiCorp
Connect to HashiCorp Vault via Docker to manage secrets and secrets engines. Read, write, list, and delete key-value secrets, create and manage mounts, and handle PKI certificates (issuers, roles, certificate issuance) in an isolated container.
About the Vault (Docker) MCP Server
The Vault (Docker) MCP server is a local (stdio) Model Context Protocol server available in the McpMux registry. Connect to HashiCorp Vault via Docker to manage secrets and secrets engines. Read, write, list, and delete key-value secrets, create and manage mounts, and handle PKI certificates (issuers, roles, certificate issuance) in an isolated container. This is a community-contributed MCP server by HashiCorp.
Install the Vault (Docker) MCP server with one click using McpMux. It works with Cursor, Claude Desktop, Claude Code, VS Code, ChatGPT, Windsurf, JetBrains, and any MCP-compatible AI client. This server requires an API key — McpMux securely stores your credentials with AES-256-GCM encryption.
Transport Configuration
{
"type": "stdio",
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"-e",
"VAULT_ADDR",
"-e",
"VAULT_TOKEN",
"hashicorp/vault-mcp-server:latest"
],
"env": {
"VAULT_ADDR": "${input:VAULT_ADDR}",
"VAULT_TOKEN": "${input:VAULT_TOKEN}"
},
"metadata": {
"inputs": [
{
"id": "VAULT_ADDR",
"label": "Vault Address",
"description": "Base URL of your HashiCorp Vault server. Use host.docker.internal instead of localhost to reach a Vault instance running on the host machine (e.g., https://host.docker.internal:8200).",
"type": "url",
"required": true,
"secret": false,
"placeholder": "https://vault.example.com:8200"
},
{
"id": "VAULT_TOKEN",
"label": "Vault Token",
"description": "Vault authentication token used to access secrets and secrets engines. The token's policies determine which paths and operations are permitted.",
"type": "text",
"required": true,
"secret": true,
"placeholder": "hvs.****************************",
"obtain": {
"url": "https://developer.hashicorp.com/vault/docs/commands/token/create",
"instructions": "1. Authenticate to your Vault server (e.g., vault login)\n2. Create a token scoped to the policies you need: vault token create -policy=<policy>\n3. Copy the token value from the output (token field)",
"button_label": "Create Token"
}
}
]
}
}Categories
Tags
Supported AI Clients
The Vault (Docker) MCP server works with all MCP-compatible AI clients through McpMux:
Related MCP Servers
1Password (npx)
Access secrets from 1Password vaults. List vaults, retrieve items, and search for credentials using a service account token.
Aikido Security (npx)
Scan code and secrets with Aikido Security directly from your AI coding agent. Exposes Aikido's Code and Secrets Scan as an MCP tool returning machine-readable findings you can triage, fix, or ignore.
Auth0 (npx)
Manage your Auth0 tenant through natural language: applications, APIs (resource servers), actions, forms, and logs via the Auth0 Management API. Authentication uses an OAuth 2.0 device-authorization browser flow handled by the server; tokens are stored in your OS keychain.
Bitwarden (npx)
Securely access your Bitwarden vault and administer your organization through the Bitwarden CLI and Public API. Manage vault items, folders, collections, Sends, and password generation, plus organization members, groups, policies, and audit logs.
Codacy (npx)
Connect to Codacy to analyze code quality and security, run static analysis (SAST, secrets, dependency, and IaC scans), browse repositories, list issues, and surface coverage data from your Codacy account via npx.
DB Query Guard MCP
Governed database query review, SQL simulation, approvals, and audits as a paid remote MCP.
Install Vault (Docker) with McpMux
One-click install from the McpMux desktop app. Auto-configures for Cursor, Claude, VS Code, ChatGPT, Windsurf, JetBrains, and any MCP-compatible client.