MCP Server Policy

HASHICORP VAULT MCP POLICY

Enforce policies on every tool call to the HashiCorp Vault MCP Server. 20 tools listed, categorised, and ready for rules.

hashicorp/vault-mcp-server 7 read 13 write 20 tools total

hashicorp-vault secrets security infrastructure

GET STARTED

Download this policy scaffold and add your rules. Intercept enforces them on every tool call before it reaches HashiCorp Vault.

terminal

# Download policy scaffold


curl -o hashicorp-vault.yaml https://raw.githubusercontent.com/policylayer/intercept/main/policies/hashicorp-vault.yaml

# Run with Intercept


intercept --policy hashicorp-vault.yaml -- npx -y @hashicorp/vault-mcp-server

Server documentation: https://github.com/hashicorp/vault-mcp-server

READ TOOLS

list_mounts List all mounts in Vault

list_secrets List secrets in a KV mount under a specific path

read_secret Read a secret from a KV mount

list_pki_issuers List all PKI issuers in a mount

read_pki_issuer Read details about a specific PKI issuer

read_pki_role Read a PKI role configuration

list_pki_roles List all PKI roles in a mount

WRITE TOOLS

create_mount Create a new mount in Vault

write_secret Write a secret to a KV mount

enable_pki Enable and configure a PKI secrets engine

create_pki_issuer Create a new PKI issuer

create_pki_role Create a new PKI role for issuing certificates

issue_pki_certificate Issue a new certificate using a PKI role

DESTRUCTIVE TOOLS

delete_mount Delete a mount in Vault

delete_secret Delete secrets or keys in a KV mount

delete_pki_role Delete a PKI role

POLICY YAML

This scaffold lists every tool with empty rules. Add conditions — rate limits, argument validation, deny rules — then deploy with Intercept.

hashicorp-vault.yaml

version: "1"
description: "Policy for hashicorp/vault-mcp-server"
default: "allow"
tools:
    list_mounts:
        rules: []
    list_secrets:
        rules: []
    read_secret:
        rules: []
    list_pki_issuers:
        rules: []
    read_pki_issuer:
        rules: []
    read_pki_role:
        rules: []
    list_pki_roles:
        rules: []
    create_mount:
        rules: []
    write_secret:
        rules: []
    enable_pki:
        rules: []
    create_pki_issuer:
        rules: []
    create_pki_role:
        rules: []
    issue_pki_certificate:
        rules: []
    delete_mount:
        rules: []
    delete_secret:
        rules: []
    delete_pki_role:
        rules: []

RELATED POLICIES

CrowdStrike Falcon 33 tools

security

Auth0 21 tools

security

FREQUENTLY ASKED QUESTIONS

What tools does the HashiCorp Vault MCP server expose?

The HashiCorp Vault MCP Server exposes 20 tools across 3 categories: Read, Write, Destructive. Each tool can be individually controlled with Intercept policies.

How do I enforce policies on HashiCorp Vault?

Download the policy scaffold, add rules (rate limits, argument validation, deny rules), then run Intercept as a proxy in front of the HashiCorp Vault MCP server. Every tool call is evaluated against your YAML policy before execution.

Is the HashiCorp Vault policy free to use?

Yes. All Intercept policies are open source under the Apache 2.0 licence. Download, modify, and deploy without restrictions.

ENFORCE POLICIES ON HASHICORP VAULT

Open source. One binary. Zero dependencies.

VIEW ON GITHUB Browse all policies →

HASHICORP VAULT MCP POLICY

GET STARTED

READ TOOLS

list_mounts

list_secrets

read_secret

list_pki_issuers

read_pki_issuer

read_pki_role

list_pki_roles

WRITE TOOLS

create_mount

write_secret

enable_pki

create_pki_issuer

create_pki_role

issue_pki_certificate

DESTRUCTIVE TOOLS

delete_mount

delete_secret

delete_pki_role