How do I install Vault?

Vault is a local plugin. Install it using npm package: @aiwerk/mcp-server-vault and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

Is Vault safe to use?

Vault scored 5.2/10 (moderate risk) in MCP Marketplace's automated security scan. It has 4 high or critical findings to review. It's listed, but review the security report on this page before installing.

What credentials does Vault need?

Vault requires the following credentials or environment variables: VAULT_REGION, VAULT_API_BASE, VAULT_CLIENT_ID, VAULT_CLIENT_SECRET, VAULT_MASTER_PASSWORD. You can find setup instructions on the server detail page.

What AI apps work with Vault?

Vault uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Vault MCP Server

by AIWerk

SecurityModerate5.2MCP RegistryLocal

Free

Server data from the Official MCP Registry

Bitwarden/Vaultwarden for agents: list tagged items, TOTP codes, one-time Sends, save new secrets.

About

Bitwarden/Vaultwarden for agents: list tagged items, TOTP codes, one-time Sends, save new secrets.

Security Report

5.2

Moderate5.2Moderate Risk

A well-designed Bitwarden/Vaultwarden MCP server with strong security architecture. The implementation properly enforces opt-in exposure, uses E2E encryption for secret delivery, and includes comprehensive safety tests. Minor code quality issues (broad error handling, incomplete test file) and a missing input validation edge case prevent a higher score, but permissions and authentication are appropriate for the server's purpose. Supply chain analysis found 4 known vulnerabilities in dependencies (1 critical, 3 high severity). Package verification found 1 issue.

4 files analyzed · 11 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

env_vars

Check that this permission is expected for this type of plugin.

HTTP Network Access

Connects to external APIs or services over the internet.

File System Read

Reads files on your machine. Normal for tools that analyze or process local data.

What You'll Need

Set these up before or after installing:

Bitwarden region or self-hosted mode (e.g. us, eu, or self-hosted).Optional

Environment variable: VAULT_REGION

Base URL for self-hosted Vaultwarden, scheme+host only (e.g. https://pass.example.com). Omit for Bitwarden cloud.Optional

Environment variable: VAULT_API_BASE

Bitwarden API client_id (personal API key).Required

Environment variable: VAULT_CLIENT_ID

Bitwarden API client_secret (personal API key).Required

Environment variable: VAULT_CLIENT_SECRET

Vault master password, used to unlock and decrypt items.Required

Environment variable: VAULT_MASTER_PASSWORD

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-aiwerk-mcp-server-vault": {
      "env": {
        "VAULT_REGION": "your-vault-region-here",
        "VAULT_API_BASE": "your-vault-api-base-here",
        "VAULT_CLIENT_ID": "your-vault-client-id-here",
        "VAULT_CLIENT_SECRET": "your-vault-client-secret-here",
        "VAULT_MASTER_PASSWORD": "your-vault-master-password-here"
      },
      "args": [
        "-y",
        "@aiwerk/mcp-server-vault"
      ],
      "command": "npx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

@aiwerk/mcp-server-vault

Bitwarden / Vaultwarden MCP server — BYOK vault access for AI agents.

Exposes 6 tools over stdio. Secret values are never sent in plaintext through list_vault_items or get_vault_metadata — secrets are delivered only through Bitwarden Sends (E2E-encrypted one-time URLs).

Install

npx -y @aiwerk/mcp-server-vault

Configure

Variable	Required	Default	Description
`VAULT_API_BASE`	✅	—	Base URL of your Bitwarden/Vaultwarden instance (no trailing slash), e.g. `https://pass.aiwerk.ch`
`VAULT_CLIENT_ID`	✅	—	Personal API key `client_id` (e.g. `user.abc-def-1234`)
`VAULT_CLIENT_SECRET`	✅	—	Personal API key `client_secret`
`VAULT_MASTER_PASSWORD`	✅	—	Vault master password (used for E2E decryption key derivation)
`VAULT_EXPOSED_COLLECTION`	—	`mcp-exposed`	Name of the collection visible to agents
`VAULT_AGENT_CREATED_COLLECTION`	—	`mcp-agent-created`	Name of the collection for agent-created secrets
`VAULT_API_TIMEOUT_MS`	—	`15000`	HTTP timeout in milliseconds
`DRY_RUN`	—	`0`	Set `1` to log write operations without executing them
`READ_ONLY`	—	`0`	Set `1` to block all write operations (Send creation and save)

Auth — Personal API Key

Log in to your Bitwarden/Vaultwarden instance
Go to Account Settings → Security → Keys → API Key
Note the client_id and client_secret
Reference: https://bitwarden.com/help/personal-api-key/

Vault Setup

Before using this server, create two collections in your Vaultwarden organization:

mcp-exposed — items you want to expose to agents (your existing secrets: API keys, passwords, etc.)
mcp-agent-created — items written by agents via save_generated_secret

Add items to mcp-exposed via the Vaultwarden web UI.

Custom fields

Optionally add these custom fields to items in mcp-exposed for fine-grained control:

Field	Type	Purpose
`mcp-scope`	text	Comma-separated glob list of tool/server names allowed to use this item (e.g. `stripe.*,openai`)
`mcp-chat-reveal-allowed`	text	`"true"` to allow chat delivery of the Send URL
`mcp-delivery-channel`	text	`"chat"` (default), `"telegram"`, or `"email"`

Tools

Tool	Description
`list_vault_items`	List items from `mcp-exposed` and `mcp-agent-created`. Returns metadata only — no secret values.
`get_vault_metadata`	Get full metadata for a named item (name, type, username, URIs, custom fields, expiry). No password/secret.
`reveal_secret_via_send`	Reveal a secret via a Bitwarden Send (E2E-encrypted one-time URL with configurable TTL and max-views).
`get_totp_code`	Get the current TOTP code for a login item, including remaining seconds in the period.
`save_generated_secret`	Save an agent-generated secret (password / api-key) into `mcp-agent-created` as a secure note. CREATE-only — no overwrite.
`save_login_item`	Save sign-in credentials (username + password + optional URL + TOTP seed) into `mcp-agent-created` as a real login item. CREATE-only — no overwrite.
`health_check`	Check connectivity: auth status, API version, collection visibility, item counts, latency.

Security model

Opt-in exposure: only items in mcp-exposed or mcp-agent-created are accessible; all other items return item_not_visible
Read-only existing items: no update_*, delete_*, or change_* tools exist
Secret value delivery via Send only: list_vault_items and get_vault_metadata never return passwords, TOTP seeds, or api-key values
E2E encryption preserved: the server decrypts vault data locally (master password stays in env vars, never sent over the wire)
Constrained agent writes: save_generated_secret and save_login_item are CREATE-only into the dedicated mcp-agent-created collection

Note: Actual {{vault:NAME}} placeholder resolution in tool call arguments happens in the AIWerk hosted bridge, not in this server. The bridge's resolution uses the same BYOC credentials. See the bridge-patch companion document for details.

License

MIT — AIWerk kontakt@aiwerk.ch

Homepage: https://aiwerkmcp.com

Reviews

No reviews yet

Be the first to review this server!

More Security MCP Servers

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

MarkItDown

Free

by Microsoft · Content & Media

Convert files (PDF, Word, Excel, images, audio) to Markdown for LLM consumption

Vault MCP Server

About

Security Report

Findings (11)Action required

Permissions Required

What You'll Need

How to Install

Documentation

@aiwerk/mcp-server-vault

Install

Configure

Auth — Personal API Key

Vault Setup

Custom fields

Tools

Security model

License

Reviews

No reviews yet

More Security MCP Servers

Toleno

mcp-creator-python

MarkItDown

FinAgent

mcp-creator-typescript

MCP Marketplace