npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@dinanathdash/envault-mcp-server

v1.12.0

Published

MCP server for Envault CLI operations

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

dinanathdashdinanathdash

Keywords

mcpmcp-servermodel-context-protocolclaudesecrets-managementenvault

Readme

Envault MCP Server

This MCP server exposes Envault read + mutation tooling for MCP clients (Claude Desktop, VS Code, etc).

0) Generate an ENVAULT_TOKEN (do this first)

The MCP registry is a static phonebook. There is no onboarding UX and no safety net. If you skip this step, the server will start but every tool call will fail with 401 Unauthorized.

  1. Sign in to Envault.
  2. Open Account SettingsSecurity.
  3. Create a new MCP Token.
  4. Copy the full unmasked token value (you won’t be able to see it again).
  5. Use it as ENVAULT_TOKEN in your MCP client config (examples below).

Notes:

  • Cloud ENVAULT_BASE_URL is https://www.envault.tech (recommended default).
  • If you rotate/revoke the token, you must update the MCP config and fully restart your MCP client.

1) Configure your MCP client (copy/paste)

Claude Desktop (claude_desktop_config.json)

Use npx -y @dinanathdash/envault-mcp-server@latest:

{
  "mcpServers": {
    "envault": {
      "command": "npx",
      "args": ["-y", "@dinanathdash/envault-mcp-server@latest"],
      "env": {
        "ENVAULT_TOKEN": "envault_at_REPLACE_ME",
        "ENVAULT_BASE_URL": "https://www.envault.tech"
      }
    }
  }
}

VS Code (.vscode/mcp.json)

{
  "servers": {
    "envault": {
      "type": "stdio",
      "command": "npx",
      "args": ["-y", "@dinanathdash/envault-mcp-server@latest"],
      "env": {
        "ENVAULT_TOKEN": "envault_at_REPLACE_ME",
        "ENVAULT_BASE_URL": "https://www.envault.tech"
      }
    }
  },
  "inputs": []
}

Troubleshooting:

  • spawn npx ENOENT in GUI apps usually means your GUI PATH is incomplete. Use an absolute npx path (or npx.cmd on Windows).
  • 401 Unauthorized almost always means ENVAULT_TOKEN is missing/expired/revoked/masked or ENVAULT_BASE_URL doesn’t match where the token was issued.

Security model (HITL is non-bypassable)

  • ENVAULT_TOKEN is only used to mint a short-lived delegated envault_agt_... agent token.
  • All mutation tools (envault_push, envault_deploy, and autoPush flows) go through the HITL pipeline (/api/sdk/secrets) and return a pending approval (202 with approval_id/approval_url).
  • No secrets are written until a human approves via envault_approve (or the dashboard approval UI).

Tools

  • envault_status
  • envault_context
  • envault_pull
  • envault_push
  • envault_deploy
  • envault_approve
  • envault_diff
  • envault_run
  • envault_login
  • envault_init
  • envault_generate_hooks
  • envault_audit
  • envault_env_map
  • envault_env_unmap
  • envault_env_default
  • envault_mcp_install
  • envault_mcp_update
  • envault_sdk_install
  • envault_sdk_update
  • envault_doctor
  • envault_version
  • envault_set_local_key
  • envault_remove_local_key

Local setup

  1. Install dependencies:
cd mcp-server
npm install
  1. Configure standalone MCP auth:
export ENVAULT_TOKEN=envault_at_xxx
export ENVAULT_BASE_URL=https://www.envault.tech
  1. Optional: install/authenticate Envault CLI if you want CLI-dependent tools (envault_run, envault_login, envault_init, envault_generate_hooks, envault_audit, envault_env_*, envault_mcp_*, envault_sdk_*, envault_doctor, envault_version):
envault login
envault status
  1. Start server:
npm start

Core tools work without CLI when ENVAULT_TOKEN is set: envault_status, envault_context, envault_pull, envault_push, envault_deploy, envault_approve, envault_diff, plus autoPush for local key set/remove helpers.

Version and update commands

Check installed MCP server version:

envault-mcp-server --version
# or inside this folder
npm run version

Check whether an npm update is available:

envault-mcp-server --check-update
# or inside this folder
npm run check:update

Update to latest package version:

# Preferred (updates generated MCP configs to latest runtime setup)
envault mcp update

# npm fallback for standalone global package installs
npm install -g @dinanathdash/envault-mcp-server@latest

Installation options for end users

You have 3 practical distribution models:

  1. Local path (no publish required)
  • Ship this repo (or this folder) and point MCP client to local file path.
  1. npm package (recommended for broad adoption)
  • Publish this package and let users configure MCP with npx.
  • This is the simplest install UX for most LLM clients.
  1. Source install from GitHub
  • Users clone repo and run from local checkout.

Recommended MCP config after npm publish

See the copy/paste configs at the top of this README.

If you install locally in a workspace (npm install @dinanathdash/envault-mcp-server):

{
  "mcpServers": {
    "envault": {
      "command": "node",
      "args": ["node_modules/@dinanathdash/envault-mcp-server/server.mjs"]
    }
  }
}

Using npx (Requires Shell PATH)

{
  "mcpServers": {
    "envault": {
      "command": "npx",
      "args": ["-y", "@dinanathdash/envault-mcp-server"],
      "cwd": "/absolute/path/to/your/project"
    }
  }
}

Note: Using npx directly in MCP configuration often fails on Windows (requires npx.cmd) and macOS GUI apps due to missing shell environment variables.

MCP config for local repo path

{
  "mcpServers": {
    "envault": {
      "command": "node",
      "args": ["/absolute/path/to/Envault/mcp-server/server.mjs"],
      "cwd": "/absolute/path/to/your/project"
    }
  }
}

Behavior

  • For "set key" workflows, use envault_set_local_key then envault_push (or set autoPush=true).
  • Approval workflows are fully inline using envault_approve.
  • Local env file resolution reads envault.json mappings and default environment.