Create a new vault collection for storing encrypted secrets. Returns { id, name, type } - use the “id” field as collectionId for subsequent operations like creating secrets.
List secrets from a vault collection with optional filtering and decryption. Returns array of secrets with secretId, key, content (encrypted unless decryptSecrets=true), metadata, secretType, and timestamps. Use secretId from response for vault_get_item/vault_update_item/vault_delete_item.
Retrieve a specific secret from a vault collection by its ID. IMPORTANT: Use the secretId from vault_create_item response (field name is “docId” in create response, but use that value as “secretId” parameter here). Response includes secretId, key, content (encrypted unless decryptSecrets=true), metadata, secretType, and timestamps.
Create a new secret in a vault collection with optional metadata and type. Response includes “docId” (use this as “secretId” for vault_get_item/vault_update_item/vault_delete_item), “key”, “message”, and collection info. IMPORTANT: Save the “docId” from response to use in subsequent operations.
Update an existing secret in a vault collection with new content and metadata. Use secretId from vault_create_item response (“docId” field) or vault_list_items. Only provided fields are updated; others remain unchanged.
Create a new vault collection for storing encrypted secrets. Returns { id, name, type } - use the “id” field as collectionId for subsequent operations like creating secrets.Parameters:
Parameter
Type
Required
Default
Description
name
string
Yes
—
Display name for the vault collection
description
string
No
—
Optional description of the collection purpose
createdBy
string
Yes
—
User ID creating the collection - use the current user ID or a service identifier
createdByName
string
Yes
—
Display name shown as creator - use the current user name or service name
Show inputSchema
{ "type": "object", "properties": { "name": { "type": "string", "description": "Display name for the vault collection" }, "description": { "type": "string", "description": "Optional description of the collection purpose" }, "createdBy": { "type": "string", "description": "User ID creating the collection - use the current user ID or a service identifier" }, "createdByName": { "type": "string", "description": "Display name shown as creator - use the current user name or service name" } }, "required": [ "name", "createdBy", "createdByName" ]}
List secrets from a vault collection with optional filtering and decryption. Returns array of secrets with secretId, key, content (encrypted unless decryptSecrets=true), metadata, secretType, and timestamps. Use secretId from response for vault_get_item/vault_update_item/vault_delete_item.Parameters:
Parameter
Type
Required
Default
Description
collectionId
string
Yes
—
Collection ID (not name) to list secrets from - e.g. “KCny7nGXpBzWNYpJzC0b”. Get from vault_list_collections.
limit
number
No
50
Maximum number of secrets to return (default: 50, max: 1000)
orderedBy
string
No
"createdAt:desc"
Field and direction to order by. Format: “field:direction”. Options: “createdAt:desc”, “createdAt:asc”, “updatedAt:desc”, “updatedAt:asc”, “key:asc”, “key:desc”
decryptSecrets
boolean
No
false
Whether to decrypt secret content. Set to true to get readable content. Response includes decrypted “content” field when true.
Show inputSchema
{ "type": "object", "properties": { "collectionId": { "type": "string", "description": "Collection ID (not name) to list secrets from - e.g. \"KCny7nGXpBzWNYpJzC0b\". Get from vault_list_collections." }, "limit": { "type": "number", "default": 50, "description": "Maximum number of secrets to return (default: 50, max: 1000)" }, "orderedBy": { "type": "string", "default": "createdAt:desc", "description": "Field and direction to order by. Format: \"field:direction\". Options: \"createdAt:desc\", \"createdAt:asc\", \"updatedAt:desc\", \"updatedAt:asc\", \"key:asc\", \"key:desc\"" }, "decryptSecrets": { "type": "boolean", "default": false, "description": "Whether to decrypt secret content. Set to true to get readable content. Response includes decrypted \"content\" field when true." } }, "required": [ "collectionId" ]}
Retrieve a specific secret from a vault collection by its ID. IMPORTANT: Use the secretId from vault_create_item response (field name is “docId” in create response, but use that value as “secretId” parameter here). Response includes secretId, key, content (encrypted unless decryptSecrets=true), metadata, secretType, and timestamps.Parameters:
Parameter
Type
Required
Default
Description
collectionId
string
Yes
—
Collection ID (not name) the secret belongs to - e.g. “KCny7nGXpBzWNYpJzC0b”. Get from vault_list_collections.
secretId
string
Yes
—
Secret ID to retrieve. When creating a secret, the response contains “docId” - use that value here as “secretId”. Also available from vault_list_items.
decryptSecrets
boolean
No
false
Whether to decrypt the secret content. Set to true to get readable content. Response structure: {“secretId”: ”…”, “key”: ”…”, “content”: “decrypted-value”, …}
Show inputSchema
{ "type": "object", "properties": { "collectionId": { "type": "string", "description": "Collection ID (not name) the secret belongs to - e.g. \"KCny7nGXpBzWNYpJzC0b\". Get from vault_list_collections." }, "secretId": { "type": "string", "description": "Secret ID to retrieve. When creating a secret, the response contains \"docId\" - use that value here as \"secretId\". Also available from vault_list_items." }, "decryptSecrets": { "type": "boolean", "default": false, "description": "Whether to decrypt the secret content. Set to true to get readable content. Response structure: {\"secretId\": \"...\", \"key\": \"...\", \"content\": \"decrypted-value\", ...}" } }, "required": [ "collectionId", "secretId" ]}
Create a new secret in a vault collection with optional metadata and type. Response includes “docId” (use this as “secretId” for vault_get_item/vault_update_item/vault_delete_item), “key”, “message”, and collection info. IMPORTANT: Save the “docId” from response to use in subsequent operations.Parameters:
Parameter
Type
Required
Default
Description
collectionId
string
Yes
—
Collection ID (not name) to add the secret to - e.g. “KCny7nGXpBzWNYpJzC0b”. Get from vault_list_collections.
key
string
Yes
—
Unique key identifier for the secret within the collection (required)
content
string
Yes
—
Content of the secret to store (string or object). Will be encrypted automatically.
metadata
object
No
—
Optional metadata object for categorization (e.g. {“category”: “api-keys”, “environment”: “production”})
secretType
string
No
"login"
Type of secret: “login” (default), “api-key”, “password”, “token”, etc.
sortField
string
No
—
Optional sort field for organizing secrets
triggerChanges
boolean
No
true
Whether to trigger webhooks on change
Show inputSchema
{ "type": "object", "properties": { "collectionId": { "type": "string", "description": "Collection ID (not name) to add the secret to - e.g. \"KCny7nGXpBzWNYpJzC0b\". Get from vault_list_collections." }, "key": { "type": "string", "description": "Unique key identifier for the secret within the collection (required)" }, "content": { "oneOf": [ { "type": "string" }, { "type": "object", "properties": {} } ], "description": "Content of the secret to store (string or object). Will be encrypted automatically." }, "metadata": { "type": "object", "properties": {}, "description": "Optional metadata object for categorization (e.g. {\"category\": \"api-keys\", \"environment\": \"production\"})" }, "secretType": { "type": "string", "default": "login", "description": "Type of secret: \"login\" (default), \"api-key\", \"password\", \"token\", etc." }, "sortField": { "type": "string", "description": "Optional sort field for organizing secrets" }, "triggerChanges": { "type": "boolean", "default": true, "description": "Whether to trigger webhooks on change" } }, "required": [ "collectionId", "key", "content" ]}
Update an existing secret in a vault collection with new content and metadata. Use secretId from vault_create_item response (“docId” field) or vault_list_items. Only provided fields are updated; others remain unchanged.Parameters:
Parameter
Type
Required
Default
Description
collectionId
string
Yes
—
Collection ID (not name) the secret belongs to - e.g. “KCny7nGXpBzWNYpJzC0b”
secretId
string
Yes
—
Secret ID to update. From vault_create_item response, use the “docId” value. Also available from vault_list_items as “secretId”.
content
string
Yes
—
Updated content of the secret (string or object). Will be re-encrypted automatically.
metadata
object
No
—
Optional updated metadata object. Only provided fields are updated; existing metadata is preserved unless explicitly changed.
triggerChanges
boolean
No
true
Whether to trigger webhooks on change
Show inputSchema
{ "type": "object", "properties": { "collectionId": { "type": "string", "description": "Collection ID (not name) the secret belongs to - e.g. \"KCny7nGXpBzWNYpJzC0b\"" }, "secretId": { "type": "string", "description": "Secret ID to update. From vault_create_item response, use the \"docId\" value. Also available from vault_list_items as \"secretId\"." }, "content": { "oneOf": [ { "type": "string" }, { "type": "object", "properties": {} } ], "description": "Updated content of the secret (string or object). Will be re-encrypted automatically." }, "metadata": { "type": "object", "properties": {}, "description": "Optional updated metadata object. Only provided fields are updated; existing metadata is preserved unless explicitly changed." }, "triggerChanges": { "type": "boolean", "default": true, "description": "Whether to trigger webhooks on change" } }, "required": [ "collectionId", "secretId", "content" ]}
