// MCP TOOL REFERENCE

CLAUDE SECRETS TOOLS

6 tools from the Claude Secrets MCP Server, categorised by risk level.

// ALL 6 CLAUDE SECRETS TOOLS

READ 3 tools

Read get_secret Read a secret value by name. Requires name to be whitelisted in project .claude/secrets.yml. Read list_secrets List secret names visible to current project (filtered by .claude/secrets.yml allowlist). Read search_secrets Search secret names by regex pattern (case insensitive). Filtered by allowlist.

WRITE 2 tools

Write input_secret Prompt the user for a secret value via a native macOS dialog (hidden input), then store it. The value never... Write set_secret Store a secret value. Creates or overwrites. Requires name to be whitelisted in project .claude/secrets.yml.

DESTRUCTIVE 1 tools

Destructive delete_secret Delete a secret by name. Requires allowlist.

// FAQ

How many tools does the Claude Secrets MCP server have? +

The Claude Secrets MCP server exposes 6 tools across 3 categories: Read, Write, Destructive.

How do I enforce policies on Claude Secrets tools? +

Route the Claude Secrets server through the PolicyLayer gateway. Define allow, deny, or approval rules per tool in the dashboard; they are enforced on every call before it reaches the server.

What risk categories do Claude Secrets tools fall into? +

Claude Secrets tools are categorised as Read (3), Write (2), Destructive (1). Each category has a recommended default policy.

Enforce policy on every Claude Secrets tool call.

Start from Claude Secrets, add the rest of your stack, and see everything your agents can call. Then put policy on all of it.

CHECK YOUR STACK →

Free to start. No card required.

43,000+ MCP servers and 220,000+ tools scanned and risk-classified.