HashiCorp Vault MCP Server: Let AI Manage Secrets and PKI

Why Give AI Access to HashiCorp Vault?

Vault is the central nervous system for secrets, encryption, and identity across most production environments. When developers need a database credential, rotate an API key, or issue a TLS certificate, they interact with Vault through CLI commands or API calls that require context-switching away from their coding workflow.

An MCP server for Vault lets your AI agent handle secrets operations directly. Read credentials, check lease status, rotate keys, issue certificates, and audit access policies without leaving Claude, Cursor, or Windsurf.

What Becomes Possible

Once your AI agent has Vault access:

• "What secrets engines are mounted in production?"
• "Read the database credentials for the orders service"
• "When does the TLS cert for api.internal expire?"
• "Rotate the AWS access key for the deploy role"
• "Who accessed the payments secret path in the last 24 hours?"
• "Issue a new certificate for staging.internal with a 30-day TTL"

How It Works

1. Go to DataFaucet and enter your Vault URL (e.g. https://vault.company.com)
2. Authenticate with your Vault token or OIDC login
3. Browse secrets engines, policies, and audit logs as you normally would
4. Each action becomes an MCP tool your AI can call
5. Deploy and connect to Claude, Cursor, or Windsurf

Works with Vault OSS and Enterprise. The AI agent gets whatever access your token's policies allow.

Security Best Practices

• Least-privilege tokens — create a dedicated token with read-only policies for AI access
• Short TTLs — use tokens with aggressive expiration (1-4 hours)
• Namespace isolation — restrict to specific namespaces in Enterprise
• No root tokens — never expose root or high-privilege tokens to AI agents
• Audit logging — every AI request appears in Vault's audit log
• Response wrapping — use wrapped tokens for sensitive operations

Use Cases by Role

Platform engineers: Check mounted engines and policy configurations. "What policies does the deploy-bot role have?" without navigating the Vault UI.

Backend developers: Credential access mid-coding. "What's the connection string for the staging database?" without running vault CLI commands.

Security engineers: Audit and compliance. "Show me all secret accesses by the CI pipeline in the last week" for access reviews.

SREs: Certificate management during incidents. "Is the internal CA cert expiring soon?" and "Issue an emergency cert for the failover endpoint."

Vault UI vs AI Agent

Getting Started

Create a read-only policy for AI access:

path "secret/data/*" {
  capabilities = ["read", "list"]
}
path "pki/issue/*" {
  capabilities = ["create", "update"]
}
path "sys/audit-hash/*" {
  capabilities = ["read"]
}

Then point DataFaucet at your Vault instance, authenticate, and your AI agent inherits those capabilities as MCP tools.