wundervault/wundervault-mcp
🔌 MCP Serverwundervault
A zero-knowledge secret vault for AI agents, enabling secure command execution without exposing credentials to LLMs.
Wundervault-mcp addresses a critical security gap in AI agent workflows: the exposure of sensitive credentials to LLMs. By acting as an MCP server, it provides a secure bridge between AI agents and local system commands. The core innovation lies in its zero-knowledge architecture; secrets are stored locally and encrypted using AES-256-GCM. When an agent needs to perform a task, such as running a shell command or syncing files, the server injects the required credentials directly into the command's execution context. This ensures the LLM never 'sees' the raw secret, effectively mitigating the risk of credential leakage during model inference. Key features include per-agent scoping, which limits the blast radius of any individual agent, and an append-only audit log that provides transparency into how and when secrets are accessed. This tool is essential for developers building agents that require persistent access to cloud infrastructure, private repositories, or production environments without compromising security posture.
💡Highlights
- ├─Client-side AES-256-GCM encryption
- ├─Zero-knowledge secret injection
- └─Per-agent credential scoping
🎯For
- ├─AI Engineers
- ├─Security Researchers
- └─DevOps Engineers