Can I use HashiCorp Vault as a CLI?

Yes. KosmoKrator exposes a HashiCorp Vault CLI through kosmo integrations:call and the provider shortcut command. Commands can return JSON for scripts, CI, and coding agents.

Can I expose HashiCorp Vault through MCP?

Yes. The KosmoKrator MCP gateway can expose selected HashiCorp Vault tools to clients such as Claude Code, Cursor, Codex, and other MCP-compatible tools.

Where are HashiCorp Vault credentials stored?

HashiCorp Vault credentials are configured in KosmoKrator's local integration settings and reused by CLI, Lua, and MCP gateway surfaces.

Can I deny write access for HashiCorp Vault MCP tools?

Yes. Start the gateway with --write=deny for read-only clients, or use ask/allow only for trusted workspaces.

productivity

HashiCorp Vault MCP Integration for CrewAI

Connect HashiCorp Vault to CrewAI through the local KosmoKrator MCP gateway with scoped tools, credentials, and write policy.

7 functions 5 read 2 write API token auth

Submit HashiCorp Vault feedback View package source

Connect HashiCorp Vault to CrewAI

Expose KosmoKrator integrations to CrewAI workers as scoped local tools.

Wrap kosmo integrations:call for specific tasks or connect workers to a local MCP gateway. The gateway is local, scoped to this integration, and starts with --write=deny so CrewAI can inspect read-capable tools without receiving write access by default.

HashiCorp Vault MCP Config for CrewAI

Use per-worker integration scopes to avoid giving every worker every tool.

{
  "mcpServers": {
    "kosmokrator-vault": {
      "type": "stdio",
      "command": "kosmo",
      "args": [
        "mcp:serve",
        "--integration=vault",
        "--write=deny"
      ]
    }
  }
}

Run the Gateway Manually

kosmokrator mcp:serve --integration=vault --write=deny

Why Use KosmoKrator Here

Scoped tools

Expose only HashiCorp Vault instead of a broad multi-service tool list.

Local credentials

Reuse credentials already configured for the KosmoKrator CLI and Lua runtime.

Write policy

Start read-only, then opt into ask or allow for trusted workspaces.

HashiCorp Vault Tools Visible to CrewAI

CrewAI sees stable MCP tool names generated from the HashiCorp Vault integration catalog.

MCP tool	Source function	Type	Description
`integration__vault__vault_list_secrets`	`vault.vault_list_secrets`	Read	List secrets at a given path in a HashiCorp Vault KV v2 secrets engine. Returns the keys (directory entries) at the specified path.
`integration__vault__vault_get_secret`	`vault.vault_get_secret`	Read	Get the latest version of a secret from a HashiCorp Vault KV v2 secrets engine. Optionally specify a version number to retrieve a specific version.
`integration__vault__vault_create_secret`	`vault.vault_create_secret`	Write	Create or update a secret in a HashiCorp Vault KV v2 secrets engine. Provide the secret path and a key-value data object.
`integration__vault__vault_delete_secret`	`vault.vault_delete_secret`	Write	Permanently delete all versions and metadata of a secret from a HashiCorp Vault KV v2 secrets engine. This action is irreversible.
`integration__vault__vault_list_policies`	`vault.vault_list_policies`	Read	List all ACL policies configured in HashiCorp Vault. Returns an array of policy names.
`integration__vault__vault_get_policy`	`vault.vault_get_policy`	Read	Get details of a specific ACL policy in HashiCorp Vault, including its name and HCL rules.
`integration__vault__vault_get_current_user`	`vault.vault_get_current_user`	Read	Look up the current Vault token's information, including display name, policies, TTL, and metadata.

Related HashiCorp Vault Pages

HashiCorp Vault CLIUse direct JSON commands instead of MCP discovery. HashiCorp Vault MCPFull gateway reference and MCP tool names. KosmoKrator for CrewAIClient-level gateway setup.