vaultproxy

aaronckj/vaultproxy

★ 0 stars Rust 🔒 Security Updated today

Secure credential sidecar for MCP servers — injects auth from Vaultwarden without exposing secrets to AI agents

View on GitHub →

Quick Install

Copy the config for your editor. Some servers may need additional setup — check the README.

Add to claude_desktop_config.json:

{
  "mcpServers": {
    "vaultproxy": {
      "command": "cargo",
      "args": [
        "run",
        "--",
        "vaultproxy"
      ]
    }
  }
}

README Excerpt

A secure credential sidecar for [MCP](https://modelcontextprotocol.io) servers. Most MCP servers store credentials in env vars or `.env` files — readable by any process running as the same user, present in shell history, and scattered across every server you run. `vaultproxy` solves this: it reads credentials from your self-hosted [Vaultwarden](https://github.com/dani-garcia/vaultwarden) instance, injects the right auth header for each downstream service, and **never exposes plaintext secrets to

Tools (20)

CONFIG_DIRENV_WRITE_ROOTLITELLM_URLNTFY_URLPROXY_TIMEOUTUPSTREAM_BODY_LIMIT_MBVAULT_FOLDERVAULT_REFRESH_INTERVAL_SECSbasicbearerbodyha_homeheaderheadersmethodpathqueryquery_paramservicesession

vaultproxy

Quick Install

README Excerpt

Tools (20)

Related Security Servers