encrypted-vault-mcp

encrypted-vault-mcp

Local-first encrypted key-value vault for securely storing and retrieving secrets like API keys using AES-GCM 256-bit encryption and a PIN.

Category
Visit Server

README

encrypted-vault-mcp

MCP server providing a local-first encrypted key-value vault. Store API keys, secrets, notes, or any string data under a PIN. AES-GCM 256-bit cipher, PBKDF2 (600k iterations, SHA-256) derived key. Zero cloud. Zero telemetry. Zero network.

MIT License Node ≥ 18 MCP AES-GCM

Why

Storing secrets in plain text in chat history is bad. Pasting API keys into prompts is worse. This MCP gives the agent a vault: it can store a value once under a name, then later fetch it by name without you re-typing the secret.

  • AI agent can hold long-lived secrets safely between chats
  • You unlock once per session with a PIN
  • All data stays on the machine as encrypted bytes
  • Wrong PIN = wrong key = nothing decrypts (AES-GCM auth tag fails)

Install

npm install -g encrypted-vault-mcp

Or npx:

npx encrypted-vault-mcp

Use with Claude Desktop

Add to claude_desktop_config.json (Windows: %APPDATA%\Claude\claude_desktop_config.json):

{
  "mcpServers": {
    "vault": {
      "command": "npx",
      "args": ["-y", "encrypted-vault-mcp"]
    }
  }
}

Restart Claude Desktop. First time:

"Use vault to init with pin 1234"

Then any time:

"Unlock vault with pin 1234, then store my-openai-key as sk-..."

"Fetch my-openai-key"

"List vault keys"

Tools

Tool Args Description
init pin Create a new vault file with this PIN. Fails if one already exists.
unlock pin Derive key from PIN. Required before store/fetch/list/remove.
lock Clear key from memory.
store key, value Encrypt + save under name.
fetch key Decrypt + return value.
list List all key names. Values stay encrypted on disk.
remove key Delete an item.
change_pin old_pin, new_pin Rotate PIN. Re-encrypts everything with new key.
status Show whether vault exists / is unlocked / path / item count.

Crypto

  • Cipher: AES-256-GCM (authenticated encryption — wrong PIN = decryption fails cleanly)
  • Key derivation: PBKDF2-HMAC-SHA256, 600,000 iterations (OWASP 2023), 16-byte salt
  • IV: 96-bit random per encryption (NIST SP 800-38D)
  • PIN verification: separate PBKDF2 hash with its own salt; the PIN itself is never persisted
  • File permissions: vault file is written with mode 0o600 (owner read/write only)

Storage location

Default: ~/.encrypted-vault-mcp/vault.json

Override:

{
  "mcpServers": {
    "vault": {
      "command": "npx",
      "args": ["-y", "encrypted-vault-mcp"],
      "env": { "VAULT_PATH": "/secure/drive/my-vault.json" }
    }
  }
}

Threat model

Threat Protected?
Disk read by attacker without PIN ✅ items unrecoverable without PIN
Wrong PIN ✅ AES-GCM auth fails, no data leaked
PIN brute-force ⚠️ 600k PBKDF2 iterations slow it; use a real password for high-value secrets
Process memory dump while unlocked ❌ key sits in memory between unlock and lock — lock when done
Malicious MCP client ❌ if the agent itself is hostile, it can call fetch on whatever it wants — only run trusted agents

Local development

git clone https://github.com/KhushalB25/encrypted-vault-mcp.git
cd encrypted-vault-mcp
npm install
npm run build
npm start

Inspect:

npx @modelcontextprotocol/inspector node dist/index.js

Author

Khushal Bhandari · GitHub

License

MIT

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured