Envault

Name: Envault
Author: DinanathDash

DinanathDash/Envault

Let agents fetch and rotate secrets from Envault while a human-in-the-loop gate blocks risky mutations.

Overview

io.github.DinanathDash/envault is an MCP server for the Ship phase that manages secrets through Envault with a Human-In-The-Loop interceptor for agent mutations.

What is this MCP server?

Envault-backed secret management exposed as MCP tools for coding agents
Human-In-The-Loop (HITL) interceptor on agent-driven mutations
Requires ENVAULT_TOKEN (MCP token) and ENVAULT_BASE_URL (https://www.envault.tech)
stdio npm package @dinanathdash/envault-mcp-server, version 1.12.0
Reduces .env sprawl while keeping approval on sensitive changes
Server version 1.12.0 on MCP schema 2025-12-11
npm package @dinanathdash/envault-mcp-server, stdio transport
Required env: ENVAULT_TOKEN (secret), ENVAULT_BASE_URL (https://www.envault.tech)

Compatible agents: Claude Code, Cursor, Codex, Windsurf

Community signal: 3 GitHub stars.

What problem does it solve?

Agents need API keys to ship, but handing them uncontrolled secret write access is reckless for a one-person team.

Who is it for?

Solo builders using Envault who want MCP agents to pull secrets safely and gate automated changes to vault data.

Skip if: Teams without an Envault account, offline-only .env workflows, or environments that ban cloud secret managers.

What do I get? / Deliverables

Secrets live in Envault, agents read what you allow, and risky mutations pause for human approval before they land.

Agent-accessible secret reads from Envault without copying keys into chat
HITL-gated path for vault mutations initiated by automation
Centralized credential workflow aligned with ship-phase security checks

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

Secret handling hardens right before and after you ship; security subphase is where MCP secret bridges belong in the journey. Security covers least-privilege credentials and approval paths when autonomous tools touch production config.

How it compares

Envault-backed secrets MCP with HITL, not a local-only .env editor skill.

Common Questions / FAQ

Who is envault for?

Indie developers and small teams on envault.tech who wire Claude Code, Cursor, or similar MCP clients and need governed secret access for agents.

When should I use envault?

Use it during ship and security hardening when agents need production or staging credentials and you want human approval on vault mutations.

How do I add envault to my agent?

Create an MCP token in Envault Account Settings → Security, set ENVAULT_TOKEN and ENVAULT_BASE_URL=https://www.envault.tech in your MCP server env, install @dinanathdash/envault-mcp-server over stdio, and restart your host.

Envault

DinanathDash/Envault

Let agents fetch and rotate secrets from Envault while a human-in-the-loop gate blocks risky mutations.

Overview

io.github.DinanathDash/envault is an MCP server for the Ship phase that manages secrets through Envault with a Human-In-The-Loop interceptor for agent mutations.

What is this MCP server?

Envault-backed secret management exposed as MCP tools for coding agents
Human-In-The-Loop (HITL) interceptor on agent-driven mutations
Requires ENVAULT_TOKEN (MCP token) and ENVAULT_BASE_URL (https://www.envault.tech)
stdio npm package @dinanathdash/envault-mcp-server, version 1.12.0
Reduces .env sprawl while keeping approval on sensitive changes
Server version 1.12.0 on MCP schema 2025-12-11
npm package @dinanathdash/envault-mcp-server, stdio transport
Required env: ENVAULT_TOKEN (secret), ENVAULT_BASE_URL (https://www.envault.tech)

Compatible agents: Claude Code, Cursor, Codex, Windsurf

Community signal: 3 GitHub stars.

What problem does it solve?

Agents need API keys to ship, but handing them uncontrolled secret write access is reckless for a one-person team.

Who is it for?

Solo builders using Envault who want MCP agents to pull secrets safely and gate automated changes to vault data.

Skip if: Teams without an Envault account, offline-only .env workflows, or environments that ban cloud secret managers.

What do I get? / Deliverables

Secrets live in Envault, agents read what you allow, and risky mutations pause for human approval before they land.

Agent-accessible secret reads from Envault without copying keys into chat
HITL-gated path for vault mutations initiated by automation
Centralized credential workflow aligned with ship-phase security checks

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

How it compares

Envault-backed secrets MCP with HITL, not a local-only .env editor skill.

Common Questions / FAQ

Who is envault for?

Indie developers and small teams on envault.tech who wire Claude Code, Cursor, or similar MCP clients and need governed secret access for agents.

When should I use envault?

Use it during ship and security hardening when agents need production or staging credentials and you want human approval on vault mutations.

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is envault for?

When should I use envault?

How do I add envault to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is envault for?

When should I use envault?

How do I add envault to my agent?