10 tools from the Vault MCP MCP Server, categorised by risk level.
View the Vault MCP policy →vault_api_request Make an API request with stored credentials. The API key is injected automatically — the bot never sees it. Supports header, query param, and basic... 2/5 vault_check Verify a credential is valid and ready to use. Checks existence, active status, required fields, and expiration. vault_list List all available credentials in the vault. Returns only site IDs and types — no secrets. vault_status Check the status of a specific credential: active/inactive, last used, audit count. vault_templates List available credential templates for popular services. Templates auto-fill login URLs and CSS selectors. vault_add Securely add a new credential to the vault. Opens a browser form where the user enters their password directly — the password NEVER passes through ... 2/5 vault_import Import API keys from a .env file. Each key is stored as an encrypted api_key credential. The .env values pass through memory only — never returned ... 3/5 vault_login Log into a website using stored credentials. The bot never sees the password — Vault fills the login form via Chrome DevTools Protocol. Supports TO... 2/5 vault_update Update an existing credential. Opens a browser form to enter new password/API key — the secret NEVER passes through the AI agent. 2/5 The Vault MCP MCP server exposes 10 tools across 3 categories: Read, Write, Destructive.
Use Intercept, the open-source MCP proxy. Write YAML rules for each tool — rate limits, argument validation, or deny rules — then run Intercept in front of the Vault MCP server.
Vault MCP tools are categorised as Read (5), Write (4), Destructive (1). Each category has a recommended default policy.
Open source. One binary. Zero dependencies.
npx -y @policylayer/intercept