Infisical MCP

by Infisical

Official Infisical MCP server for secrets management. 10 tools cover the full secret lifecycle plus project, environment, folder, and member management. Two authentication methods (machine identity universal-auth and access-token), self-hostable instance support via INFISICAL_HOST_URL.

★ 45·10 tools·Released APR 2025·Apache-2.0

npx -y @infisical/mcp

“Official Infisical MCP for secrets management. The most actively maintained official server in this batch security category (8 commits in the last 30 days). 10 tools cover the full secret lifecycle plus project, environment, folder, and member management. Two releases shipped, latest two weeks ago. Apache-2.0, npm-distributed. Two authentication methods: machine identity universal-auth (recommended for production) and access-token (for personal or single-machine workflows). Self-hostable Infisical instances supported via INFISICAL_HOST_URL. Free Infisical tier available for evaluation.”
Reviewed by M. Nouriel · APR 2026

// Connect

INSTALL THIS SERVER

Requires authenticationMachine identity universal-auth (recommended for production: INFISICAL_UNIVERSAL_AUTH_CLIENT_ID + INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET) or access-token (INFISICAL_TOKEN). Self-hosted instances via INFISICAL_HOST_URL.

{
  "mcpServers": {
    "infisical": {
      "command": "npx",
      "args": [
        "-y",
        "@infisical/mcp"
      ],
      "env": {
        "INFISICAL_UNIVERSAL_AUTH_CLIENT_ID": "<machine-identity-client-id>",
        "INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET": "<machine-identity-client-secret>"
      }
    }
  }
}

PrereqRequires Node.js and an Infisical machine identity (universal-auth) or access token. For self-hosted Infisical instances set INFISICAL_HOST_URL. Universal-auth (default) recommended for production. INFISICAL_AUTH_METHOD=access-token + INFISICAL_TOKEN for personal/dev workflows. Scope machine identities to the minimum required project access. Path: ~/Library/Application Support/Claude/claude_desktop_config.json (macOS).

{
  "mcpServers": {
    "infisical": {
      "command": "npx",
      "args": [
        "-y",
        "@infisical/mcp"
      ],
      "env": {
        "INFISICAL_UNIVERSAL_AUTH_CLIENT_ID": "<machine-identity-client-id>",
        "INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET": "<machine-identity-client-secret>"
      }
    }
  }
}

{
  "mcpServers": {
    "infisical": {
      "command": "npx",
      "args": [
        "-y",
        "@infisical/mcp"
      ],
      "env": {
        "INFISICAL_UNIVERSAL_AUTH_CLIENT_ID": "<machine-identity-client-id>",
        "INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET": "<machine-identity-client-secret>"
      }
    }
  }
}

{
  "mcpServers": {
    "infisical": {
      "command": "npx",
      "args": [
        "-y",
        "@infisical/mcp"
      ],
      "env": {
        "INFISICAL_UNIVERSAL_AUTH_CLIENT_ID": "<machine-identity-client-id>",
        "INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET": "<machine-identity-client-secret>"
      }
    }
  }
}

{
  "mcpServers": {
    "infisical": {
      "command": "npx",
      "args": [
        "-y",
        "@infisical/mcp"
      ],
      "env": {
        "INFISICAL_UNIVERSAL_AUTH_CLIENT_ID": "<machine-identity-client-id>",
        "INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET": "<machine-identity-client-secret>"
      }
    }
  }
}

// Tools

10 TOOLS AVAILABLE

create-secret

Create a new secret in a project environment

Admin

delete-secret

Delete a secret

Admin

update-secret

Update an existing secret

Admin

list-secrets

List all secrets in a project environment

Read

get-secret

Get a single secret

Read

create-project

Create a new Infisical project

Admin

// Editorial Review

OUR ASSESSMENT

Strengths

Official Infisical org publication.
Apache-2.0 license.
8 commits in the last 30 days; the most actively maintained official security server in this batch.
10-tool surface covering secret lifecycle plus project/env/folder management.
Two authentication methods: machine identity (production) and access token (personal).
Self-hosted instance support via INFISICAL_HOST_URL.
npm distribution as @infisical/mcp.

Weaknesses

45 stars; community traction is modest despite the official vendor signal.
Two releases shipped (0.0.x line); API surface is still maturing.
JavaScript implementation requires Node.js on the host.

Security Notes

This server reads and writes production secrets when given universal-auth credentials. Scope machine identity client IDs to the minimum required project access; the principle of least privilege is non-negotiable here. For evaluation, use access-token mode with a personal access token tied to a sandbox Infisical project. Universal-auth client secrets are equivalent to the keys to the kingdom; rotate on any suspected exposure. Avoid embedding INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET in shared MCP configs; prefer per-host environment variables.

Best For

Teams already on Infisical for secrets management, engineers wanting agent-driven secret rotation, project provisioning, or environment setup, and self-hosted Infisical operators (INFISICAL_HOST_URL configurable).

// Technical

TECHNICAL DETAILS

Language

javascript

Transport

stdio

Clients

Claude DesktopClaude CodeCursorVS CodeWindsurf

License

Apache-2.0

GitHub

Infisical/infisical-mcp-server · ★ 45

npm

@infisical/mcp

Last Release

0.0.23APR 14, 2026

First Released

APR 11, 2025

// Adoption

ADOPTION METRICS

// GitHub Stars

// Reading this45 stars and 12 forks. The Infisical org placement and active commit cadence (8 in last 30 days) carry the editorial weight.

// Popularity Rank

#18

Globally · #1 in Security

// Reading thisFirst-ranked in security category. Strongest official-vendor signal in a thin category.

// How we found this server

SOURCES & VERIFICATION

We don't take any single directory's word for it. Before scoring, we cross-reference 5 public MCP sources, install the server ourselves against the clients we cover, and record when we last re-verified.

Discovered

Manual submission

First indexed APR 29, 2026

Cross-referenced

5 directories

PulseMCP, MCP.so, Glama, Smithery, Official MCP Registry

Verified against

Claude Desktop, Cursor, VS Code, Windsurf

Installed and tested across clients

Last re-checked

APR 29, 2026

Weekly re-verification

// How other directories see it

The same server, 5 different lenses. We reconcile these signals into our editorial score, which is why our number sometimes diverges from a directory-aggregate star count.

Source	Their rating	Their star count	Their downloads	Last synced
AutomationSwitch This page	4editorial	45	—	APR 29, 2026
PulseMCP	— unrated	unavailable	unavailable	APR 29, 2026
MCP.so	— unrated	unavailable	unavailable	APR 29, 2026
Glama	— unrated	unavailable	unavailable	APR 29, 2026
Smithery	— unrated	unavailable	unavailable	APR 29, 2026
Official MCP Registry	— unrated	unavailable	unavailable	APR 29, 2026

// Counts are directory-reported; we don't adjust them. Discrepancies usually come from different snapshot times or star-caching.

// Alternatives

OTHER SECURITY MCP SERVERS

Vendor4.6

Prowler MCP

Prowler

Cloud Security Posture Management (CSPM) platform with 1000+ security checks across multiple cloud providers and 70+ compliance frameworks, exposed through MCP. Three deployment options: Prowler Cloud (recommended), local stdio, self-hosted HTTP. 13,717 stars, Apache-2.0.

8 tools★ 13,717

Official4.4

CrowdStrike Falcon MCP

CrowdStrike

Official CrowdStrike Falcon MCP server. Connect AI agents to CrowdStrike Falcon for automated security analysis and threat hunting. 148 stars and 8 commits on main in the last 30 days.

7 tools★ 148

Vendor4.3

Auth0 MCP Server

Auth0

Official Auth0 MCP server connecting Claude, Cursor, Windsurf, VS Code, and Gemini to Auth0 Management APIs. Create apps, deploy Actions, debug logs, and query users with natural-language commands. Read-only mode and tool-glob filtering supported. Beta software per Auth0.

8 tools★ 106

Official4.2

HashiCorp Vault MCP

HashiCorp

Official HashiCorp MCP for Vault: secrets, mounts, KV, and PKI management with stdio and Streamable HTTP transports. 9 commits on main in the last 30 days. MPL-2.0 with HashiCorp official-vendor signal.

9 tools★ 45

Official4.1

AWS IAM MCP

AWS Labs

Official AWS Labs MCP for IAM administration: users, roles, groups, policies, inline policies, access keys, and policy simulation. Read-only mode supported via --allow-write opt-in pattern. Apache-2.0 within awslabs/mcp monorepo.

7 tools★ 8,924

Official4

AWS CloudTrail MCP

AWS Labs

Official AWS Labs MCP for CloudTrail: 90 days of management events via lookup_events and Trino-compatible SQL queries against CloudTrail Lake Event Data Stores. 3 commits on the server path in the last 30 days. Pairs with the IAM MCP for security audit workflows.

5 tools★ 8,924

// Get in touch

DISCUSS YOUR
MCP REQUIREMENTS.

Evaluating a server, scoping an internal deployment, or working out whether MCP is the right fit at all. Start the conversation and we will point you at the right piece of the ecosystem.

Discuss Your MCP Requirements →

Infisical MCP

INSTALL THIS SERVER

10 TOOLS AVAILABLE

OUR ASSESSMENT

TECHNICAL DETAILS

ADOPTION METRICS

SOURCES & VERIFICATION

OTHER SECURITY MCP SERVERS

Prowler MCP

CrowdStrike Falcon MCP

Auth0 MCP Server

HashiCorp Vault MCP

AWS IAM MCP

AWS CloudTrail MCP

DISCUSS YOURMCP REQUIREMENTS.

DISCUSS YOUR
MCP REQUIREMENTS.