Skip to content

hyperpolymath/poly-secret-mcp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
.claude
.claude
 
 
.github
.github
 
 
.well-known
.well-known
 
 
docs
docs
 
 
lib
lib
 
 
src
src
 
 
.editorconfig
.editorconfig
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
.gitlab-ci.yml
.gitlab-ci.yml
 
 
.guix-channel
.guix-channel
 
 
.nojekyll
.nojekyll
 
 
.tool-versions
.tool-versions
 
 
CITATION.cff
CITATION.cff
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
CONVERSION_NEEDED.md
CONVERSION_NEEDED.md
 
 
Containerfile
Containerfile
 
 
ECOSYSTEM.scm
ECOSYSTEM.scm
 
 
LICENSE.txt
LICENSE.txt
 
 
META.scm
META.scm
 
 
README.adoc
README.adoc
 
 
ROADMAP.adoc
ROADMAP.adoc
 
 
RSR_COMPLIANCE.adoc
RSR_COMPLIANCE.adoc
 
 
SECURITY.md
SECURITY.md
 
 
STATE.adoc
STATE.adoc
 
 
STATE.scm
STATE.scm
 
 
codemeta.json
codemeta.json
 
 
deno.json
deno.json
 
 
deno.lock
deno.lock
 
 
guix.scm
guix.scm
 
 
index.js
index.js
 
 
justfile
justfile
 
 
main.js
main.js
 
 
package.json
package.json
 
 
rescript.json
rescript.json
 
 
server.json
server.json
 
 

Repository files navigation

poly-secret-mcp

RSR Compliant MCP Server License

Unified MCP server for secrets management. Provides Model Context Protocol tools for managing secrets through HashiCorp Vault and Mozilla SOPS.

Table of Contents

Overview

poly-secret-mcp exposes secrets management capabilities through the Model Context Protocol (MCP), enabling AI assistants and other MCP clients to securely manage secrets, encryption, and key rotation.

Adapters

HashiCorp Vault (11 tools)

Enterprise secrets management:

  • vault_status - Check Vault server status

  • vault_read - Read secrets from path

  • vault_write - Write secrets to path

  • vault_delete - Delete secrets

  • vault_list - List secrets at path

  • vault_token_lookup - Look up current token info

  • vault_secrets_enable - Enable secrets engine

  • vault_secrets_list - List enabled secrets engines

  • vault_auth_list - List auth methods

  • vault_policy_list - List policies

  • vault_policy_read - Read policy details

Mozilla SOPS (7 tools)

File-based secrets encryption:

  • sops_decrypt - Decrypt a file

  • sops_encrypt - Encrypt a file

  • sops_set - Set a value in encrypted file

  • sops_rotate - Rotate data encryption keys

  • sops_metadata - Show file metadata

  • sops_updatekeys - Update keys in file

  • sops_version - Show SOPS version

Requirements

Configuration

Vault

export VAULT_ADDR=http://127.0.0.1:8200
export VAULT_TOKEN=your-token

SOPS

Configure .sops.yaml in your project root for encryption keys (age, AWS KMS, GCP KMS, Azure Key Vault, or PGP).

Installation

git clone https://github.com/hyperpolymath/poly-secret-mcp
cd poly-secret-mcp
npm install
npm run build

Usage

Run as MCP server:

deno run --allow-run --allow-read --allow-env main.js

Or use the systemd service:

systemctl --user enable poly-secret-mcp
systemctl --user start poly-secret-mcp

Security Considerations

  • Never log or expose secret values in error messages

  • Use short-lived tokens when possible

  • Audit all secrets access

  • Rotate keys regularly

License

MIT

About

Unified MCP server for secrets management. Tools for HashiCorp Vault and Mozilla SOPS.

Topics

encryption vault mcp secrets sops deno model-context-protocol mcp-server poly-mcp

Resources

Readme

License

View license

Code of conduct

Code of conduct

Security policy

Security policy
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v1.0.0 - Initial Release Latest
Dec 17, 2025

Sponsor this project

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages