Credential Vault MCP
Enables secure credential storage for AI agents by encrypting secrets and providing agent-invisible references, ensuring sensitive data never leaks to the model.
README
🔐 Credential Vault MCP
Secure credential storage for AI agents. Keep your passwords, API keys, and secrets encrypted and invisible to AI models. When agents need credentials, they get a secure reference—never the actual value.
Why Credential Vault?
AI agents are incredibly powerful, but they shouldn't have access to your sensitive credentials. Credential Vault solves this with a security-first architecture:
- 🔒 End-to-End Encryption: ChaCha20-Poly1305 encryption with Argon2i key derivation
- 👻 Agent-Invisible: Agents see only credential IDs, never actual values
- 🛡️ Zero Trust: Credentials stored separately from AI context
- 📊 Full Audit Trail: Track every credential access and modification
- 🔄 Conflict Detection: Automatically detect credential changes and duplicates
- 🎯 Easy Setup: One-command initialization, MCP integration ready
Security Architecture
┌─────────────────────────────────────────┐
│ AI Agent / Claude │
│ (Cannot see credential values) │
└────────────┬────────────────────────────┘
│
│ Requests: "Get stripe_api_key"
│ Receives: {credential_id: "cred_xxx", name: "stripe_api_key"}
│
┌────────────▼────────────────────────────┐
│ MCP Tool Interface │
│ • store_credential │
│ • get_credential_reference │
│ • list_credentials │
└────────────┬────────────────────────────┘
│
┌────────────▼────────────────────────────┐
│ Credential Storage (Encrypted) │
│ ~/.credential-vault-mcp/vault.json │
│ │
│ ChaCha20-Poly1305 Encryption │
│ Argon2i Key Derivation │
│ 600 File Permissions (User Only) │
└──────────────────────────────────────────┘
Quick Start
1. Installation
npm install -g credential-vault-mcp
2. Initialize Vault
credential-vault init
You'll be prompted to set a master password. This password:
- Never leaves your machine
- Is never sent to any server
- Is used to derive an encryption key (not stored directly)
- Must be at least 8 characters
3. Add Your First Credential
credential-vault add stripe_api_key --type api_key
4. Configure MCP in Claude Code / Claude Desktop
Add this to your claude_desktop_config.json:
{
"mcpServers": {
"credential-vault": {
"command": "credential-vault-mcp",
"args": []
}
}
}
Or for development:
{
"mcpServers": {
"credential-vault": {
"command": "npx",
"args": ["credential-vault-mcp"]
}
}
}
5. Use in Claude
Tell Claude:
I have credentials stored in Credential Vault MCP. Can you initialize the vault with my master password, then retrieve my stripe_api_key?
Claude will:
- Call
initialize_vaulttool with your master password - Call
get_credential_referenceto get credential ID - Never see the actual API key value
CLI Commands
List all credentials
credential-vault list
Get a credential value
credential-vault get stripe_api_key
Delete a credential
credential-vault delete stripe_api_key
View audit log
credential-vault audit 100
Verify vault integrity
credential-vault verify
Available MCP Tools
initialize_vault
Initialize the vault with master password. Call this first.
{
"master_password": "your-secure-password-8+chars"
}
store_credential
Store a new credential (encrypted).
{
"name": "stripe_api_key",
"value": "sk_live_...",
"type": "api_key"
}
Types: api_key, password, token, connection_string, ssh_key, custom
get_credential_reference
Get a credential reference (safe for agents).
{
"credential_name": "stripe_api_key"
}
Returns: { credential_id: "cred_xxx", name: "...", type: "..." }
list_credentials
List all stored credentials (no values).
delete_credential
Permanently delete a credential.
get_audit_log
View access and modification history.
Security Best Practices
✅ DO
- ✅ Use a strong, unique master password (20+ characters recommended)
- ✅ Store your master password in a password manager
- ✅ Review audit logs regularly
- ✅ Rotate sensitive credentials periodically
- ✅ Run
credential-vault verifyto check vault integrity - ✅ Keep your system and dependencies updated
❌ DON'T
- ❌ Share your master password
- ❌ Store master password in plaintext
- ❌ Use the same master password as other services
- ❌ Store credentials in public/shared environments without encryption
- ❌ Ignore audit log warnings about conflicts
- ❌ Commit
.credential-vault-mcp/to version control
File Structure
~/.credential-vault-mcp/
├── vault.json # Encrypted credential storage (mode: 600)
└── [secure directory] # Stored in user home, readable only by user
Permissions: Vault directory and file are created with 0700 / 0600 permissions (user read/write only).
Encryption Details
- Algorithm: ChaCha20-Poly1305 (AEAD)
- Key Derivation: Argon2i (OPSLIMIT_MODERATE, MEMLIMIT_MODERATE)
- Nonce: Random 24-byte nonce per credential
- Integrity: Poly1305 MAC prevents tampering
- Library: libsodium.js (audited crypto library)
Each credential is encrypted independently with a random nonce. Even if one credential is compromised, others remain secure.
Advanced Usage
Using with different Claude interfaces
Claude.ai Code
Add to MCP settings in Code interface
Claude Desktop App
Edit claude_desktop_config.json:
{
"mcpServers": {
"credential-vault": {
"command": "npx",
"args": ["credential-vault-mcp"]
}
}
}
VS Code Extension
Configure in extension settings for Claude extension
Backing up credentials
Important: Your master password is required to decrypt credentials.
# Backup encrypted vault (safe - encrypted)
cp ~/.credential-vault-mcp/vault.json ~/backup/vault.json.backup
# Never do this:
# ❌ cp ~/.credential-vault-mcp/vault.json /public/location
# ❌ git add vault.json
Handling master password changes
Currently: Delete old vault and create new one
rm ~/.credential-vault-mcp/vault.json
credential-vault init
Then re-add credentials with new master password.
Troubleshooting
"Vault not initialized" error
# Initialize first
credential-vault init
"Permission denied" error
Check file permissions:
ls -la ~/.credential-vault-mcp/vault.json
# Should show: -rw------- (600)
Fix permissions:
chmod 600 ~/.credential-vault-mcp/vault.json
Forgotten master password?
Unfortunately, there's no recovery. The password is required to decrypt credentials.
Prevention: Store master password in a password manager with recovery codes.
"Conflict detected" warning
This means a credential with the same value exists under a different name. This could indicate:
- Password reuse (audit the old credential)
- Accidental duplicate entry
- Shared secret across services
Check audit log:
credential-vault audit
Development
Clone & Install
git clone https://github.com/CipherSatoru/credential-vault-mcp.git
cd credential-vault-mcp
npm install
Build
npm run build
Run in development
npm run dev
Test CLI
npm run cli -- init
Contributing
Contributions welcome! This is security-sensitive software, so:
- Security first: Test all encryption paths
- No plaintext logging: Credentials must never be logged
- Audit trail: Track what happens
- Documentation: Update SECURITY.md for significant changes
License
MIT License - See LICENSE file for details
Support
- 📖 Read SECURITY.md for security details
- 🐛 Report issues
- 💬 Discussions
Disclaimer
This tool encrypts credentials locally on your machine. However:
- The MCP interface is only as secure as its integration
- Running on a compromised machine still exposes credentials
- Master password security is your responsibility
- No encryption is perfect - use defense in depth
Always follow your organization's security policies when handling credentials.
Made with 🔒 for secure AI agent workflows
推荐服务器
Baidu Map
百度地图核心API现已全面兼容MCP协议,是国内首家兼容MCP协议的地图服务商。
Playwright MCP Server
一个模型上下文协议服务器,它使大型语言模型能够通过结构化的可访问性快照与网页进行交互,而无需视觉模型或屏幕截图。
Magic Component Platform (MCP)
一个由人工智能驱动的工具,可以从自然语言描述生成现代化的用户界面组件,并与流行的集成开发环境(IDE)集成,从而简化用户界面开发流程。
Audiense Insights MCP Server
通过模型上下文协议启用与 Audiense Insights 账户的交互,从而促进营销洞察和受众数据的提取和分析,包括人口统计信息、行为和影响者互动。
VeyraX
一个单一的 MCP 工具,连接你所有喜爱的工具:Gmail、日历以及其他 40 多个工具。
graphlit-mcp-server
模型上下文协议 (MCP) 服务器实现了 MCP 客户端与 Graphlit 服务之间的集成。 除了网络爬取之外,还可以将任何内容(从 Slack 到 Gmail 再到播客订阅源)导入到 Graphlit 项目中,然后从 MCP 客户端检索相关内容。
Kagi MCP Server
一个 MCP 服务器,集成了 Kagi 搜索功能和 Claude AI,使 Claude 能够在回答需要最新信息的问题时执行实时网络搜索。
e2b-mcp-server
使用 MCP 通过 e2b 运行代码。
Neon MCP Server
用于与 Neon 管理 API 和数据库交互的 MCP 服务器
Exa MCP Server
模型上下文协议(MCP)服务器允许像 Claude 这样的 AI 助手使用 Exa AI 搜索 API 进行网络搜索。这种设置允许 AI 模型以安全和受控的方式获取实时的网络信息。