// MCP TOOL REFERENCE

KEYMASTER TOOLS

5 tools from the Keymaster MCP Server, categorised by risk level.

View the Keymaster policy →

READ TOOLS

5
get_secret Retrieve an API key from Vault via Keymaster. Returns the secret value for the given service and key name. healthcheck Check Keymaster connectivity and validate all known API keys against their service endpoints. Returns a full status report. list_secrets List all available secret paths (service + key_name combinations) that can be retrieved via get_secret. Returns whether each key is verifiable agai... list_services List all known services and their key names that can be used with get_secret. rotate_secret Rotate (replace) a secret in Vault. For security, this operation is not available through the read-only Keymaster proxy.
// FAQ
How many tools does the Keymaster MCP server have? +

The Keymaster MCP server exposes 5 tools across 1 categories: Read.

How do I enforce policies on Keymaster tools? +

Use Intercept, the open-source MCP proxy. Write YAML rules for each tool — rate limits, argument validation, or deny rules — then run Intercept in front of the Keymaster server.

What risk categories do Keymaster tools fall into? +

Keymaster tools are categorised as Read (5). Each category has a recommended default policy.

Enforce policies on Keymaster

Open source. One binary. Zero dependencies.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.