Is Secure Vault free?

Yes, Secure Vault is free to use.

How do I install Secure Vault?

Secure Vault is a local plugin. Install it using npm package: secure-vault-mcp and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

What AI apps work with Secure Vault?

Secure Vault uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Secure Vault MCP Server

by Mdfifty50 Boop

SecurityUse Caution3.5MCP RegistryLocal

Free

Server data from the Official MCP Registry

Encrypted secrets and credential management for agents

About

Encrypted secrets and credential management for agents

Security Report

3.5

Use Caution3.5High Risk

secure-vault-mcp is a well-intentioned secrets management server with a sound encryption model (AES-256-GCM) and token-based access control. However, the security implementation has significant gaps: the server lacks any authentication/authorization mechanism to control who can store, retrieve, or rotate secrets; no input validation is evident from the documentation; and critical security operations (like token issuance and secret injection) are exposed without access controls. The in-memory-only storage means secrets are lost on restart, and the inability to verify implementation details from the provided files leaves core security claims unvalidated. Users should be aware these architectural weaknesses undermine the threat model despite good cryptographic intentions. Supply chain analysis found 4 known vulnerabilities in dependencies (0 critical, 3 high severity). Package verification found 1 issue.

4 files analyzed · 16 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

env_vars

Check that this permission is expected for this type of plugin.

file_system

Check that this permission is expected for this type of plugin.

database

Check that this permission is expected for this type of plugin.

process_spawn

Check that this permission is expected for this type of plugin.

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-mdfifty50-boop-secure-vault": {
      "args": [
        "-y",
        "secure-vault-mcp"
      ],
      "command": "npx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

secure-vault-mcp

MCP server for agent-native secrets management. 24,008 secrets have been found in MCP config files on public GitHub. This server solves that.

Agents need secrets to call APIs, but they shouldn't see raw values. secure-vault-mcp stores secrets encrypted with AES-256-GCM, issues short-lived scoped tokens, and injects secrets into requests server-side so the agent never handles plaintext credentials.

Install

npx secure-vault-mcp

Claude Desktop

Add to claude_desktop_config.json:

{
  "mcpServers": {
    "secure-vault": {
      "command": "npx",
      "args": ["secure-vault-mcp"]
    }
  }
}

From source

git clone https://github.com/mdfifty50-boop/secure-vault-mcp.git
cd secure-vault-mcp
npm install
node src/index.js

Tools

store_secret

Store an encrypted secret with optional rotation policy.

Param	Type	Default	Description
`name`	string	required	Secret name (e.g. "openai_api_key")
`value`	string	required	Secret value — encrypted immediately
`service`	string	`"default"`	Service this secret belongs to
`rotation_policy`	string	`"none"`	`"none"`, `"daily"`, `"weekly"`, `"monthly"`

get_agent_token

Issue a short-lived, scoped token. The agent receives an opaque token ID, never the raw secret.

Param	Type	Default	Description
`agent_id`	string	required	Requesting agent identifier
`service`	string	required	Service to get a token for
`scope`	string	`"read"`	`"read"`, `"write"`, `"admin"`
`ttl_seconds`	number	300	Token TTL (10s to 86400s)

rotate_secrets

Rotate all secrets for a service. Old tokens are invalidated.

Param	Type	Description
`service`	string	Service whose secrets to rotate
`new_value`	string	New secret value

audit_secret_access

View who accessed what secrets over a time range.

Param	Type	Default	Description
`time_range`	string	`"24h"`	`"1h"`, `"6h"`, `"24h"`, `"7d"`, `"all"`
`agent_id`	string	optional	Filter by agent
`secret_name`	string	optional	Filter by secret

scan_config_for_leaks

Scan config text for exposed secrets. Detects AWS keys, GitHub tokens, OpenAI/Anthropic keys, Slack tokens, Stripe keys, private key blocks, bearer tokens, and generic credentials using 12 regex patterns.

Param	Type	Default	Description
`config_text`	string	required	Config content to scan
`source_label`	string	`"unknown"`	Label for audit trail

inject_secret_to_request

Return a request with the secret injected server-side. The agent provides a template with {{SECRET}} placeholder and a valid token ID.

Param	Type	Description
`token_id`	string	Token from get_agent_token
`request_template`	string	Template with `{{SECRET}}` placeholder

Resources

URI	Description
`secure-vault://secrets`	All stored secret names with metadata (no raw values)

Usage Pattern

1. store_secret — store credentials at setup time
2. get_agent_token — agent requests a scoped, time-limited token
3. inject_secret_to_request — inject secret into API call template
4. rotate_secrets — rotate when needed, old tokens auto-invalidate
5. scan_config_for_leaks — check config files before committing
6. audit_secret_access — review access trail

Security Model

Secrets encrypted at rest with AES-256-GCM using a server-generated key
Agents receive opaque token IDs, never raw secret values
Tokens are scoped (read/write/admin) and time-limited (default 5 minutes)
Token rotation invalidates all outstanding tokens for the rotated secret
Full audit trail of every store, token issuance, and injection
In-memory storage — secrets exist only for the server session lifetime

Tests

npm test

License

MIT

Reviews

No reviews yet

Be the first to review this server!

More Security MCP Servers

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

MarkItDown

Free

by Microsoft · Content & Media

Convert files (PDF, Word, Excel, images, audio) to Markdown for LLM consumption

mcp-creator-typescript

Free

by mcp-marketplace · Developer Tools

Scaffold, build, and publish TypeScript MCP servers to npm — conversationally

FinAgent

Free

by mcp-marketplace · Finance

Free stock data and market news for any MCP-compatible AI assistant.

Google Workspace MCP

Free

by Taylorwilsdon · Productivity

Control Gmail, Calendar, Docs, Sheets, Drive, and more from your AI

Secure Vault MCP Server

About

Security Report

Findings (16)Action required

Permissions Required

How to Install

Documentation

secure-vault-mcp

Install

Claude Desktop

From source

Tools

store_secret

get_agent_token

rotate_secrets

audit_secret_access

scan_config_for_leaks

inject_secret_to_request

Resources

Usage Pattern

Security Model

Tests

License

Reviews

No reviews yet

More Security MCP Servers

Toleno

mcp-creator-python

MarkItDown

mcp-creator-typescript

FinAgent

Google Workspace MCP

Secure Vault MCP Server

About

Security Report

Findings (16)Action required

Permissions Required

How to Install

Documentation

secure-vault-mcp

Install

Claude Desktop

From source

Tools

store_secret

get_agent_token

rotate_secrets

audit_secret_access

scan_config_for_leaks

inject_secret_to_request

Resources

Usage Pattern

Security Model

Tests

License

Reviews

No reviews yet

More Security MCP Servers

Toleno

mcp-creator-python

MarkItDown

mcp-creator-typescript

FinAgent

Google Workspace MCP