HashiCorp Vault MCP connector
HashiCorp Vault is a secrets management platform that stores and controls access to sensitive credentials, API keys, and encryption keys. The HashiCorp Vault MCP connector allows AI agents to read, create, update, and delete secrets in key-value stores, manage secret metadata and versions, and control secret engine lifecycle. It also supports permanently destroying specific secret versions, listing all mounted secret engines, and enabling or disabling secrets engines across your Vault environment.
Authentication type
- API Key - Requires a static API key to be configured before the agent can connect to the service.
Uses
Use the HashiCorp Vault MCP connector to perform the following actions:
- Retrieve database passwords and API keys without exposing them in code or configuration files
- Rotate credentials automatically across applications and services on a schedule
- Control who can access sensitive data by enforcing role-based access policies
- Audit all secret access and changes for compliance and security investigations
- Provision temporary credentials that expire automatically for third-party integrations
- Centralize secret management across development, testing, and production environments
- Revoke access to compromised credentials instantly across multiple systems
Example prompts
Use the following example prompts to invoke HashiCorp Vault MCP connector tools from your AI assistant or Boomi Connect workflow:
Retrieve the database password for our production Salesforce integration from HashiCorp Vault.Show me all the secrets stored in the engineering team's path in HashiCorp Vault.Create a new API key in HashiCorp Vault for the marketing automation workflow.Delete the outdated AWS credentials we stored in HashiCorp Vault last quarter.Generate a temporary token in HashiCorp Vault for our contractor's access.List all the policies we've created in HashiCorp Vault to control access.Update the Slack webhook secret in HashiCorp Vault with the new token.Show me who accessed the payment processing credentials in HashiCorp Vault last week.Enable the PKI secrets engine in HashiCorp Vault for certificate management.Find all mounted secret engines in our HashiCorp Vault instance.
HashiCorp Vault MCP connector tools
The HashiCorp Vault MCP connector provides the following tools. Each tool maps to a specific action you can invoke from your AI agent or automation.
| Tool | Description |
|---|---|
| hashicorpvault_hashicorpvaultreadkvv2secret_invoke | Retrieves the current version of a secret stored in KV v2 storage. |
| getSecretData | Retrieves the data contents of a stored secret. |
| createOrUpdateSecretData | Stores a new secret or overwrites an existing secret with new data. |
| patchSecretData | Updates specific fields of an existing secret without replacing the entire secret. |
| deleteSecretData | Removes the latest version of a secret from storage. |
| getSecretMetadata | Retrieves metadata information about a secret including versions and timestamps. |
| destroySecretVersions | Permanently and irreversibly removes specified versions of a secret. |
| listMounts | Shows all configured secret storage engines currently available in Vault. |
| disableSecretsEngine | Deactivates an existing secret storage engine and its associated data. |
| enableSecretsEngine | Activates a new secret storage engine at a specified location. |
| listAuthMethods | Shows all authentication methods currently configured in Vault. |
| loginWithAuthMethod | Generates a Vault token by authenticating with a configured auth method. |
| listAclPolicies | Displays all access control policies defined in Vault. |
| createOrUpdateAclPolicy | Creates a new access control policy or updates an existing one. |
