Obsidian Mcp Secure
Let your coding agent read and update Obsidian notes through a hardened MCP bridge with audit trails instead of pasting vault content by hand.
Overview
obsidian-mcp-secure is a Build-phase MCP server that lets coding agents interact with Obsidian through a security-hardened Local REST API bridge with audit logging.
What is this MCP server?
- Stdio MCP server (npm: obsidian-mcp-secure v1.0.4) for Obsidian Local REST API
- OWASP Top 10–aligned controls for safer agent access to your vault
- Full audit logging with configurable LOG_DIR (default ./logs)
- Env-driven setup: OBSIDIAN_API_KEY, OBSIDIAN_HOST, OBSIDIAN_PORT
- Local-first default host http://127.0.0.1:27123—no cloud vault required
- Server version 1.0.4 (npm package obsidian-mcp-secure)
- Advertises OWASP Top 10 controls and full audit logging
- Default Local REST endpoint http://127.0.0.1:27123
What problem does it solve?
Agents cannot reliably use your Obsidian knowledge base, and giving them broad file access feels risky without controls or an audit trail.
Who is it for?
Indie builders who document everything in Obsidian and want Claude Code or Cursor to pull specs, update checklists, and sync notes during Build and Operate work.
Skip if: Teams that do not use Obsidian, builders who need browser-only note tools, or anyone unwilling to run a local REST plugin and manage API keys.
What do I get? / Deliverables
After you install the Local REST API plugin, set OBSIDIAN_API_KEY, and add the MCP server, agents can work against named vault operations with logged, OWASP-oriented guardrails.
- Registered stdio MCP server the agent can call for Obsidian operations
- Configurable audit log directory for agent-driven vault actions
- Documented env-based connection to your local vault
Recommended MCP Servers
Journey fit
Canonical shelf is Build because wiring Obsidian into the agent stack is an integration task you do while shaping docs, specs, and runbooks—not a one-off launch tactic. Integrations is the right subphase: it connects Claude Code or Cursor to Obsidian’s Local REST API as external knowledge infrastructure.
How it compares
MCP integration to Obsidian, not a markdown skill or a hosted note SaaS connector.
Common Questions / FAQ
Who is obsidian-mcp-secure for?
Solo and small-team builders who keep product and research notes in Obsidian and want their AI coding agent to read and write vault content through MCP with security controls and audit logs.
When should I use obsidian-mcp-secure?
Use it during Build when you integrate agent tooling with your docs stack, or during Operate when agents need to update runbooks—any time Obsidian should be live context for the agent.
How do I add obsidian-mcp-secure to my agent?
Enable Obsidian’s Local REST API plugin, set OBSIDIAN_API_KEY (and host/port if non-default), install obsidian-mcp-secure from npm, register the stdio MCP server in Claude Code or Cursor, and confirm LOG_DIR for audits.