// MCP TOOL REFERENCE

HASHICORP VAULT TOOLS

16 tools from the HashiCorp Vault MCP Server, categorised by risk level.

View the HashiCorp Vault policy →

READ TOOLS

7
list_mounts List all secret engine mounts in Vault 2/5 list_pki_issuers List all PKI certificate issuers 2/5 list_pki_roles List all PKI roles in a mount 2/5 list_secrets List secrets in a KV mount at a given path 3/5 read_pki_issuer Read details about a PKI issuer 2/5 read_pki_role Read a PKI role configuration 2/5 read_secret Read a secret value from a KV mount 3/5

WRITE TOOLS

6
create_mount Create a new secret engine mount in Vault 5/5 create_pki_issuer Create a new PKI certificate issuer 5/5 create_pki_role Create a PKI role for issuing certificates 5/5 enable_pki Enable and configure a PKI secrets engine 5/5 issue_pki_certificate Issue a new certificate using a PKI role 5/5 write_secret Write a secret to a KV mount 5/5

DESTRUCTIVE TOOLS

3
delete_mount Delete a secret engine mount and all its data 5/5 delete_pki_role Delete a PKI role 5/5 delete_secret Delete secrets or keys from a KV mount 5/5
// FAQ
How many tools does the HashiCorp Vault MCP server have? +

The HashiCorp Vault MCP server exposes 16 tools across 3 categories: Read, Write, Destructive.

How do I enforce policies on HashiCorp Vault tools? +

Use Intercept, the open-source MCP proxy. Write YAML rules for each tool — rate limits, argument validation, or deny rules — then run Intercept in front of the HashiCorp Vault server.

What risk categories do HashiCorp Vault tools fall into? +

HashiCorp Vault tools are categorised as Read (7), Write (6), Destructive (3). Each category has a recommended default policy.

Enforce policies on HashiCorp Vault

Open source. One binary. Zero dependencies.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.