Keymaster Mcp

Name: Keymaster Mcp
Author: AInoAKARI

AInoAKARI/keymaster-mcp

Let coding agents fetch runtime secrets from HashiCorp Vault through a read-only Keymaster proxy without pasting keys into chat.

Overview

Keymaster MCP is a MCP server for the Build phase that provides read-only runtime secret retrieval from HashiCorp Vault via Keymaster for agents.

What is this MCP server?

Read-only secret retrieval from HashiCorp Vault via Keymaster proxy (npm @akari-os/keymaster-mcp 1.0.2).
Bearer USER_KEYMASTER_TOKEN authentication to USER_KEYMASTER_URL.
stdio transport for local agent hosts.
Scoped for autonomous agents that need runtime credentials without write access to Vault.
GitHub source: AInoAKARI/keymaster-mcp.
Server version 1.0.2
npm package identifier: @akari-os/keymaster-mcp
Two required env vars: USER_KEYMASTER_URL, USER_KEYMASTER_TOKEN

Compatible agents: Claude Code, Cursor, Codex, Windsurf

Community signal: 1 GitHub stars.

What problem does it solve?

Autonomous coding agents need API keys during integration work, but dropping Vault secrets into prompts or repos creates leak and blast-radius risk.

Who is it for?

Indie devs with Vault plus Keymaster already running who want MCP-gated secret reads for agent-driven integration tasks.

Skip if: Builders without Vault/Keymaster infra, or teams that need agents to write or rotate secrets rather than read them.

What do I get? / Deliverables

After configuration, agents fetch allowed secrets through Keymaster at runtime with read-only MCP access instead of embedding credentials in code or chat.

Agent-callable read-only secret fetch from Vault via Keymaster
Reduced secret exposure in chat and committed config files
stdio MCP wiring documented in server.json and GitHub repo

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

BuildIntegrations & version control

Secret retrieval MCP is wired during Build when you connect agents to staging APIs, deploy pipelines, and third-party services. Integrations is the canonical shelf for MCP bridges to external infra like Vault proxies, distinct from running production monitoring.

How it compares

Read-only Vault proxy MCP, not a secrets scanner skill or broad cloud IAM admin plugin.

Common Questions / FAQ

Who is Keymaster MCP for?

Solo builders and small teams using HashiCorp Vault with a Keymaster proxy who want MCP agents to load secrets safely during development workflows.

When should I use Keymaster MCP?

Use it when integrating services or running agent-led deploy tasks that need short-lived or path-scoped secrets without copying them into the IDE.

How do I add Keymaster MCP to my agent?

Install npm package @akari-os/keymaster-mcp 1.0.2, configure stdio MCP, and set USER_KEYMASTER_URL and USER_KEYMASTER_TOKEN as required environment variables.

Keymaster Mcp

AInoAKARI/keymaster-mcp

Let coding agents fetch runtime secrets from HashiCorp Vault through a read-only Keymaster proxy without pasting keys into chat.

Overview

Keymaster MCP is a MCP server for the Build phase that provides read-only runtime secret retrieval from HashiCorp Vault via Keymaster for agents.

What is this MCP server?

Read-only secret retrieval from HashiCorp Vault via Keymaster proxy (npm @akari-os/keymaster-mcp 1.0.2).
Bearer USER_KEYMASTER_TOKEN authentication to USER_KEYMASTER_URL.
stdio transport for local agent hosts.
Scoped for autonomous agents that need runtime credentials without write access to Vault.
GitHub source: AInoAKARI/keymaster-mcp.
Server version 1.0.2
npm package identifier: @akari-os/keymaster-mcp
Two required env vars: USER_KEYMASTER_URL, USER_KEYMASTER_TOKEN

Compatible agents: Claude Code, Cursor, Codex, Windsurf

Community signal: 1 GitHub stars.

What problem does it solve?

Autonomous coding agents need API keys during integration work, but dropping Vault secrets into prompts or repos creates leak and blast-radius risk.

Who is it for?

Indie devs with Vault plus Keymaster already running who want MCP-gated secret reads for agent-driven integration tasks.

Skip if: Builders without Vault/Keymaster infra, or teams that need agents to write or rotate secrets rather than read them.

What do I get? / Deliverables

After configuration, agents fetch allowed secrets through Keymaster at runtime with read-only MCP access instead of embedding credentials in code or chat.

Agent-callable read-only secret fetch from Vault via Keymaster
Reduced secret exposure in chat and committed config files
stdio MCP wiring documented in server.json and GitHub repo

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

BuildIntegrations & version control

How it compares

Read-only Vault proxy MCP, not a secrets scanner skill or broad cloud IAM admin plugin.

Common Questions / FAQ

Who is Keymaster MCP for?

Solo builders and small teams using HashiCorp Vault with a Keymaster proxy who want MCP agents to load secrets safely during development workflows.

When should I use Keymaster MCP?

Use it when integrating services or running agent-led deploy tasks that need short-lived or path-scoped secrets without copying them into the IDE.

How do I add Keymaster MCP to my agent?

Install npm package @akari-os/keymaster-mcp 1.0.2, configure stdio MCP, and set USER_KEYMASTER_URL and USER_KEYMASTER_TOKEN as required environment variables.

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is Keymaster MCP for?

When should I use Keymaster MCP?

How do I add Keymaster MCP to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is Keymaster MCP for?

When should I use Keymaster MCP?

How do I add Keymaster MCP to my agent?