Yes, Wundervault is free to use.

How do I install Wundervault?

Wundervault is a local plugin. Install it using npm package: @wundervault/mcp-server and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

What credentials does Wundervault need?

Wundervault requires the following credentials or environment variables: WUNDERVAULT_AGENT_NAME, WUNDERVAULT_AGENT_TOKEN. You can find setup instructions on the server detail page.

What AI apps work with Wundervault?

Wundervault uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Wundervault MCP Server

by Wundervault

Developer ToolsModerate5.2MCP RegistryLocal

Free

Server data from the Official MCP Registry

Zero-knowledge secret vault for AI agents: secrets injected into commands, never seen by the model

About

Zero-knowledge secret vault for AI agents: secrets injected into commands, never seen by the model

Security Report

5.2

Moderate5.2Moderate Risk

This MCP server implements a zero-knowledge secret management system with thoughtful security controls (burn-after-reading, directive integrity verification, secret scrubbing from output). However, several moderate-severity issues reduce confidence: the agent daemon uses machine-derived encryption keys without user-controlled derivation, temporary SSH key files could theoretically be recovered before secure deletion, the credentials loading mechanism deviates from documented behavior (daemon-based instead of environment/file), and path injection validation for env file writing could be more restrictive. Permissions align with the server's purpose (network access for vault API, file I/O for config/secrets, shell execution for secret injection). Supply chain analysis found 1 known vulnerability in dependencies (1 critical, 0 high severity). Package verification found 1 issue.

5 files analyzed · 11 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

HTTP Network Access

Connects to external APIs or services over the internet.

env_vars

Check that this permission is expected for this type of plugin.

File System Read

Reads files on your machine. Normal for tools that analyze or process local data.

File System Write

Writes or modifies files on your machine. Check that this is expected for the tool.

Shell Command Execution

Runs commands on your machine. Be cautious — only use if you trust this plugin.

process_spawn

Check that this permission is expected for this type of plugin.

system_info

Check that this permission is expected for this type of plugin.

What You'll Need

Set these up before or after installing:

Agent name registered with the local wundervault-agent daemon (run onboard.py to register).Optional

Environment variable: WUNDERVAULT_AGENT_NAME

Optional daemon auth token. Defaults to ~/.wundervault/agents/<agentName>.token.Required

Environment variable: WUNDERVAULT_AGENT_TOKEN

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-wundervault-wundervault-mcp": {
      "env": {
        "WUNDERVAULT_AGENT_NAME": "your-wundervault-agent-name-here",
        "WUNDERVAULT_AGENT_TOKEN": "your-wundervault-agent-token-here"
      },
      "args": [
        "-y",
        "@wundervault/mcp-server"
      ],
      "command": "npx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

@wundervault/mcp-server

MCP server for Wundervault zero-knowledge secret management. Exposes vault secrets to AI agents via the Model Context Protocol — secrets are decrypted server-side and never returned to the agent in plaintext.

Install

npm install -g @wundervault/mcp-server

Quick Start

{
  "mcpServers": {
    "wundervault": {
      "command": "wundervault-mcp",
      "env": {
        "WUNDERVault_AGENT_VAULT_URL": "https://wundervault.com",
        "WUNDERVault_AGENT_VAULT_API_KEY": "wv_agent_<AGENT_ID>|<KEY_SUFFIX>",
        "WUNDERVault_AGENT_KEY": "<BASE64_ENCRYPTION_KEY>"
      }
    }
  }
}

Or using a credentials file:

wundervault-mcp --credentials ~/.wundervault/creds.json

Security Model

Zero-knowledge: The encryption key lives only in the MCP server process. The Wundervault server never sees it.
Burn-after-reading: Plaintext secrets are never returned to the calling agent. After decryption, the agent receives only "Secret retrieved and burned.".
Exec scrubbing: If you use the exec parameter, stdout/stderr are scrubbed of the plaintext before being returned.
Directive integrity: Server-side directive signatures (PBKDF2-HMAC-SHA256, 600k iterations) are verified before any secret is released.
Timing-safe: HMAC comparison uses crypto.timingSafeEqual.

Tools

`vault_entries_list`

List all vault entries available to this agent. Returns entry IDs and secret names — no values.

Input: {}
Output: "Vault entries (N):\n  [entry_id]  secret_name  (tier: read)"

`vault_entry_get`

Retrieve and decrypt a vault secret. Optionally execute a command with it.

Input:
  entry_id: string          # from vault_entries_list
  purpose: string           # audit log reason
  exec?: string             # optional shell command

Output: "Secret retrieved and burned." (plaintext NEVER returned)

Secure exec pattern (sudo example):

sudo -S systemctl restart nginx <<< "$WUNDERVault_SECRET"

Do NOT use echo $WUNDERVault_SECRET | sudo -S — that exposes the secret in process logs.

`vault_entry_forget`

Discard a local reference. No-op on the server.

Input: { entry_id: string }
Output: "Reference [id] discarded from local context."

Credential Loading Priority

CLI flags (--api-key, --enc-key, --url)
Environment variables (WUNDERVault_AGENT_VAULT_API_KEY, WUNDERVault_AGENT_KEY, WUNDERVault_AGENT_VAULT_URL)
WUNDERVault_CREDENTIALS_FILE env var (explicit path)
~/.wundervault/creds.json
~/.config/wundervault/credentials (XDG)

Credentials file format

{
  "agent_vault_url": "https://wundervault.com",
  "agent_vault_api_key": "wv_agent_<ID>|<SUFFIX>",
  "agent_encryption_key": "<BASE64_URL_SAFE_32_BYTES>"
}

CLI Options

wundervault-mcp [options]

  --api-key <key>     Agent API key
  --enc-key <key>     Encryption key (base64 URL-safe)
  --url <url>         API base URL (default: https://wundervault.com)
  --credentials <f>   Path to credentials JSON file
  --help              Show help

Building from source

git clone https://github.com/wundervault/wundervault-mcp.git
cd wundervault-mcp
npm install
npm run build   # compiles TypeScript to dist/
npm test        # run the test suite

License

Licensed under the GNU Affero General Public License v3.0 or later (AGPL-3.0-or-later). See LICENSE.

Wundervault is open-core: this MCP server and the client are open source; the hosted service at wundervault.com is a commercial offering. For commercial or hosting inquiries, get in touch via wundervault.com/contact.

Reviews

No reviews yet

Be the first to review this server!

More Developer Tools MCP Servers

Fetch

Free

by Modelcontextprotocol · Developer Tools

Web content fetching and conversion for efficient LLM usage

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

Wundervault MCP Server

About

Security Report

Findings (11)Action required

Permissions Required

What You'll Need

How to Install

Documentation

@wundervault/mcp-server

Install

Quick Start

Security Model

Tools

`vault_entries_list`

`vault_entry_get`

`vault_entry_forget`

Credential Loading Priority

Credentials file format

CLI Options

Building from source

License

Reviews

No reviews yet

More Developer Tools MCP Servers

Fetch

Toleno

mcp-creator-python

MarkItDown

FinAgent

mcp-creator-typescript