### Run Infisical MCP Server with npx Source: https://github.com/infisical/infisical-mcp-server/blob/main/README.md Use this command to start the Infisical MCP server. Ensure environment variables are set for authentication. ```bash npx -y @infisical/mcp ``` -------------------------------- ### Start MCP Inspector and Infisical MCP Server Source: https://github.com/infisical/infisical-mcp-server/blob/main/README.md Use this command to start the MCP Inspector and the Infisical MCP server for debugging. Ensure environment variables are set and the server has been built. ```bash # Start MCP Inspector and server npx @modelcontextprotocol/inspector node dist/index.js ``` -------------------------------- ### Infisical MCP Server Configuration Source: https://context7.com/infisical/infisical-mcp-server/llms.txt Configuration examples for integrating the Infisical MCP server with Claude Desktop using Universal Auth or Access Token authentication. ```APIDOC ## Infisical MCP Server Configuration ### Claude Desktop Configuration with Universal Auth Configure the MCP server in your Claude Desktop client using machine identity credentials for production environments. ```json { "mcpServers": { "infisical": { "command": "npx", "args": ["-y", "@infisical/mcp"], "env": { "INFISICAL_HOST_URL": "https://app.infisical.com", "INFISICAL_UNIVERSAL_AUTH_CLIENT_ID": "your-client-id-here", "INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET": "your-client-secret-here" } } } } ``` ### Claude Desktop Configuration with Access Token Configure the MCP server using a personal or machine identity access token for simpler authentication scenarios. ```json { "mcpServers": { "infisical": { "command": "npx", "args": ["-y", "@infisical/mcp"], "env": { "INFISICAL_HOST_URL": "https://app.infisical.com", "INFISICAL_AUTH_METHOD": "access-token", "INFISICAL_TOKEN": "your-access-token-here" } } } } ``` ``` -------------------------------- ### Run MCP Server with npx Source: https://context7.com/infisical/infisical-mcp-server/llms.txt Execute the MCP server directly using npx without installation. Ensure environment variables for authentication and host URL are set beforehand. ```bash # Set authentication environment variables export INFISICAL_UNIVERSAL_AUTH_CLIENT_ID="your-client-id" export INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET="your-client-secret" export INFISICAL_HOST_URL="https://app.infisical.com" # Run the MCP server npx -y @infisical/mcp ``` -------------------------------- ### Debug MCP Server with Inspector Source: https://context7.com/infisical/infisical-mcp-server/llms.txt Use the MCP Inspector to test and debug individual tools interactively. Build the server first using 'npm run build', then start the inspector. ```bash # Build the server first npm run build # Start MCP Inspector with the built server npx @modelcontextprotocol/inspector node dist/index.js ``` -------------------------------- ### GET /api/projects Source: https://context7.com/infisical/infisical-mcp-server/llms.txt Lists all projects accessible by the authenticated machine identity, with optional filtering by project type. ```APIDOC ## GET /api/projects ### Description Lists all projects accessible by the authenticated machine identity. Can filter by project type or retrieve all projects across different types. ### Method GET ### Endpoint /api/projects ### Query Parameters - **type** (string) - Optional - Filters projects by type (e.g., "secret-manager", "all"). Defaults to "all". ### Response #### Success Response (200) - **content** (array of objects) - A list of projects accessible by the authenticated identity. #### Response Example ```json { "content": [ { "id": "proj_abc123", "name": "My App", "type": "secret-manager", "environments": [{"name": "Development", "slug": "dev"}, {"name": "Production", "slug": "prod"}] } ] } ``` ``` -------------------------------- ### Get a single secret Source: https://context7.com/infisical/infisical-mcp-server/llms.txt Use the 'get-secret' tool to retrieve a specific secret by name from a project and environment. The tool can expand secret references and search through imports if the secret is not found directly. ```json { "name": "get-secret", "arguments": { "secretName": "DATABASE_URL", "projectId": "proj_abc123", "environmentSlug": "production", "secretPath": "/", "expandSecretReferences": true, "includeImports": true } } ``` ```json { "content": [ { "type": "text", "text": "Secret retrieved successfully: { \"secretKey\": \"DATABASE_URL\", \"secretValue\": \"postgresql://user:pass@localhost:5432/mydb\", ... }" } ] } ``` -------------------------------- ### Build Infisical MCP Server Source: https://github.com/infisical/infisical-mcp-server/blob/main/README.md Run this command to build the Infisical MCP server before debugging. This prepares the server for execution. ```bash npm run build ``` -------------------------------- ### Configure Claude Desktop for Infisical MCP (Access Token) Source: https://github.com/infisical/infisical-mcp-server/blob/main/README.md Add this configuration to your `claude_desktop_config.json` to use the Infisical MCP server with an Access Token. Set `INFISICAL_HOST_URL`, `INFISICAL_AUTH_METHOD` to 'access-token', and `INFISICAL_TOKEN`. ```json { "mcpServers": { "infisical": { "command": "npx", "args": ["-y", "@infisical/mcp"], "env": { "INFISICAL_HOST_URL": "https://.com", "INFISICAL_AUTH_METHOD": "access-token", "INFISICAL_TOKEN": "" } } } } ``` -------------------------------- ### Create Infisical Project Source: https://context7.com/infisical/infisical-mcp-server/llms.txt Use this to create a new Infisical project. Specify the project name, type (e.g., secret-manager), and an optional slug and description. ```json { "name": "create-project", "arguments": { "projectName": "My Application", "type": "secret-manager", "description": "Secrets for the main application", "slug": "my-application" } } ``` -------------------------------- ### Configure Claude Desktop for Infisical MCP (Universal Auth) Source: https://github.com/infisical/infisical-mcp-server/blob/main/README.md Add this configuration to your `claude_desktop_config.json` to use the Infisical MCP server with Universal Authentication. Set `INFISICAL_HOST_URL`, `INFISICAL_UNIVERSAL_AUTH_CLIENT_ID`, and `INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET`. ```json { "mcpServers": { "infisical": { "command": "npx", "args": ["-y", "@infisical/mcp"], "env": { "INFISICAL_HOST_URL": "https://.com", "INFISICAL_UNIVERSAL_AUTH_CLIENT_ID": "", "INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET": "" } } } } ``` -------------------------------- ### Create Infisical Environment Source: https://context7.com/infisical/infisical-mcp-server/llms.txt Creates a new environment within an existing project. Provide the project ID, environment name, slug, and its position. ```json { "name": "create-environment", "arguments": { "projectId": "proj_abc123", "name": "Staging", "slug": "staging", "position": 2 } } ``` -------------------------------- ### Create Infisical Folder Source: https://context7.com/infisical/infisical-mcp-server/llms.txt Organize secrets by creating a new folder within a project environment. Specify the project ID, environment, folder name, path, and an optional description. ```json { "name": "create-folder", "arguments": { "projectId": "proj_abc123", "environment": "production", "name": "database", "path": "/", "description": "Database connection secrets" } } ``` -------------------------------- ### Invite Members to Infisical Project Source: https://context7.com/infisical/infisical-mcp-server/llms.txt Invite users to a project by providing their emails and desired roles. Roles can be specified using role slugs; defaults to 'member' if not provided. ```json { "name": "invite-members-to-project", "arguments": { "projectId": "proj_abc123", "emails": ["developer@example.com", "admin@example.com"], "roleSlugs": ["developer", "admin"] } } ``` -------------------------------- ### List secrets in a project and environment Source: https://context7.com/infisical/infisical-mcp-server/llms.txt Use the 'list-secrets' tool to retrieve all secrets within a specified project, environment, and path. Set 'expandSecretReferences' and 'includeImports' to true to fetch referenced and imported secrets. ```json { "name": "list-secrets", "arguments": { "projectId": "proj_abc123", "environmentSlug": "production", "secretPath": "/", "expandSecretReferences": true, "includeImports": true } } ``` ```json { "content": [ { "type": "text", "text": "{\"secrets\":[{\"secretKey\":\"DATABASE_URL\",\"secretValue\":\"postgresql://...\"},{\"secretKey\":\"API_KEY\",\"secretValue\":\"sk-...\"}],\"imports\":[...]}" } ] } ``` -------------------------------- ### POST /api/projects Source: https://context7.com/infisical/infisical-mcp-server/llms.txt Creates a new Infisical project. Supports different project types like secret-manager, cert-manager, kms, and ssh, with options for templates and custom KMS keys. ```APIDOC ## POST /api/projects ### Description Creates a new Infisical project of a specified type. Supports secret-manager, cert-manager, kms, and ssh project types with optional templates and custom KMS keys. ### Method POST ### Endpoint /api/projects ### Request Body - **projectName** (string) - Required - The name of the project. - **type** (string) - Required - The type of the project (e.g., "secret-manager", "cert-manager"). - **description** (string) - Optional - A description for the project. - **slug** (string) - Optional - A unique slug for the project. ### Request Example ```json { "projectName": "My Application", "type": "secret-manager", "description": "Secrets for the main application", "slug": "my-application" } ``` ### Response #### Success Response (200) - **content** (object) - Contains the result of the operation, typically a success message with project details. #### Response Example ```json { "content": [ { "type": "text", "text": "Project created successfully: { \"id\": \"proj_xyz789\", \"name\": \"My Application\", \"slug\": \"my-application\", ... }" } ] } ``` ``` -------------------------------- ### POST /api/environments Source: https://context7.com/infisical/infisical-mcp-server/llms.txt Creates a new environment within an existing project. Environments are used to separate secrets across different deployment stages. ```APIDOC ## POST /api/environments ### Description Creates a new environment within an existing project. Environments are used to separate secrets across different deployment stages like development, staging, and production. ### Method POST ### Endpoint /api/environments ### Request Body - **projectId** (string) - Required - The ID of the project to which the environment will be added. - **name** (string) - Required - The name of the environment (e.g., "Staging"). - **slug** (string) - Required - A unique slug for the environment. - **position** (integer) - Optional - The position of the environment in the list. ### Request Example ```json { "projectId": "proj_abc123", "name": "Staging", "slug": "staging", "position": 2 } ``` ### Response #### Success Response (200) - **content** (object) - Contains the result of the operation, typically a success message with environment details. #### Response Example ```json { "content": [ { "type": "text", "text": "Environment created successfully: { \"id\": \"env_abc123\", \"name\": \"Staging\", \"slug\": \"staging\", ... }" } ] } ``` ``` -------------------------------- ### Create a new secret Source: https://context7.com/infisical/infisical-mcp-server/llms.txt Use the 'create-secret' tool to add a new secret to a specified Infisical project and environment. You can optionally define a 'secretPath' to store the secret in a specific folder. ```json { "name": "create-secret", "arguments": { "projectId": "proj_abc123", "environmentSlug": "production", "secretName": "DATABASE_URL", "secretValue": "postgresql://user:pass@localhost:5432/mydb", "secretPath": "/backend" } } ``` ```json { "content": [ { "type": "text", "text": "Secret created successfully: { \"secretKey\": \"DATABASE_URL\", \"secretValue\": \"postgresql://user:pass@localhost:5432/mydb\", ... }" } ] } ``` -------------------------------- ### List Infisical Projects Source: https://context7.com/infisical/infisical-mcp-server/llms.txt Retrieve a list of all accessible projects. You can filter by project type or retrieve all projects. ```json { "name": "list-projects", "arguments": { "type": "all" } } ``` -------------------------------- ### POST /api/folders Source: https://context7.com/infisical/infisical-mcp-server/llms.txt Creates a new folder within a project environment to organize secrets hierarchically. ```APIDOC ## POST /api/folders ### Description Creates a new folder within a project environment to organize secrets hierarchically. Folders help structure secrets by service, component, or any logical grouping. ### Method POST ### Endpoint /api/folders ### Request Body - **projectId** (string) - Required - The ID of the project. - **environment** (string) - Required - The name of the environment (e.g., "production"). - **name** (string) - Required - The name of the folder. - **path** (string) - Optional - The parent path for the folder. Defaults to "/". - **description** (string) - Optional - A description for the folder. ### Request Example ```json { "projectId": "proj_abc123", "environment": "production", "name": "database", "path": "/", "description": "Database connection secrets" } ``` ### Response #### Success Response (200) - **content** (object) - Contains the result of the operation, typically a success message with folder details. #### Response Example ```json { "content": [ { "type": "text", "text": "Folder created successfully: { \"id\": \"folder_123\", \"name\": \"database\", ... }" } ] } ``` ``` -------------------------------- ### list-secrets Tool Source: https://context7.com/infisical/infisical-mcp-server/llms.txt Retrieves all secrets from a specified project, environment, and path. Supports expanding secret references and including imported secrets from other paths or projects. ```APIDOC ## GET /tools/list-secrets ### Description Retrieves all secrets from a specified project, environment, and path. Supports expanding secret references and including imported secrets from other paths or projects. ### Method GET ### Endpoint /tools/list-secrets ### Query Parameters - **projectId** (string) - Required - The ID of the project. - **environmentSlug** (string) - Required - The slug of the environment. - **secretPath** (string) - Optional - The path to list secrets from. Defaults to the root path. - **expandSecretReferences** (boolean) - Optional - Whether to expand secret references. - **includeImports** (boolean) - Optional - Whether to include imported secrets. ### Request Example ```json { "name": "list-secrets", "arguments": { "projectId": "proj_abc123", "environmentSlug": "production", "secretPath": "/", "expandSecretReferences": true, "includeImports": true } } ``` ### Response #### Success Response (200) - **content** (array) - An array containing the result of the operation, typically a JSON string representing the secrets and imports. #### Response Example ```json { "content": [ { "type": "text", "text": "{\"secrets\":[{\"secretKey\":\"DATABASE_URL\",\"secretValue\":\"postgresql://...\"},{\"secretKey\":\"API_KEY\",\"secretValue\":\"sk-...\"}],\"imports\":[...]}" } ] } ``` ``` -------------------------------- ### POST /api/members Source: https://context7.com/infisical/infisical-mcp-server/llms.txt Invites one or more users to a project by email or username, with optional role assignments. ```APIDOC ## POST /api/members ### Description Invites one or more users to a project by email or username. Supports assigning specific roles to the invited members, defaulting to the 'member' role if not specified. ### Method POST ### Endpoint /api/members ### Request Body - **projectId** (string) - Required - The ID of the project to invite members to. - **emails** (array of strings) - Required - A list of email addresses of the users to invite. - **roleSlugs** (array of strings) - Optional - A list of role slugs to assign to the invited members. ### Request Example ```json { "projectId": "proj_abc123", "emails": ["developer@example.com", "admin@example.com"], "roleSlugs": ["developer", "admin"] } ``` ### Response #### Success Response (200) - **content** (object) - Contains the result of the operation, typically a success message with details of invited members. #### Response Example ```json { "content": [ { "type": "text", "text": "Members successfully invited to project: [{ \"userId\": \"user_123\", \"projectId\": \"proj_abc123\", ... }]" } ] } ``` ``` -------------------------------- ### create-secret Tool Source: https://context7.com/infisical/infisical-mcp-server/llms.txt Creates a new secret in a specified Infisical project and environment. The secret can be stored at any path within the environment's folder structure, defaulting to the root path. ```APIDOC ## POST /tools/create-secret ### Description Creates a new secret in a specified Infisical project and environment. The secret can be stored at any path within the environment's folder structure, defaulting to the root path. ### Method POST ### Endpoint /tools/create-secret ### Request Body - **projectId** (string) - Required - The ID of the project. - **environmentSlug** (string) - Required - The slug of the environment. - **secretName** (string) - Required - The name of the secret. - **secretValue** (string) - Required - The value of the secret. - **secretPath** (string) - Optional - The path where the secret should be stored. Defaults to the root path. ### Request Example ```json { "name": "create-secret", "arguments": { "projectId": "proj_abc123", "environmentSlug": "production", "secretName": "DATABASE_URL", "secretValue": "postgresql://user:pass@localhost:5432/mydb", "secretPath": "/backend" } } ``` ### Response #### Success Response (200) - **content** (array) - An array containing the result of the operation, typically a text message confirming the creation. #### Response Example ```json { "content": [ { "type": "text", "text": "Secret created successfully: { \"secretKey\": \"DATABASE_URL\", \"secretValue\": \"postgresql://user:pass@localhost:5432/mydb\", ... }" } ] } ``` ``` -------------------------------- ### get-secret Tool Source: https://context7.com/infisical/infisical-mcp-server/llms.txt Retrieves a single secret by name from a specified project and environment. Optionally expands references and searches through imports if the secret is not found at the primary path. ```APIDOC ## GET /tools/get-secret ### Description Retrieves a single secret by name from a specified project and environment. Optionally expands references and searches through imports if the secret is not found at the primary path. ### Method GET ### Endpoint /tools/get-secret ### Query Parameters - **secretName** (string) - Required - The name of the secret to retrieve. - **projectId** (string) - Required - The ID of the project. - **environmentSlug** (string) - Required - The slug of the environment. - **secretPath** (string) - Optional - The path to search for the secret. Defaults to the root path. - **expandSecretReferences** (boolean) - Optional - Whether to expand secret references. - **includeImports** (boolean) - Optional - Whether to include imported secrets. ### Request Example ```json { "name": "get-secret", "arguments": { "secretName": "DATABASE_URL", "projectId": "proj_abc123", "environmentSlug": "production", "secretPath": "/", "expandSecretReferences": true, "includeImports": true } } ``` ### Response #### Success Response (200) - **content** (array) - An array containing the result of the operation, typically a text message with the retrieved secret details. #### Response Example ```json { "content": [ { "type": "text", "text": "Secret retrieved successfully: { \"secretKey\": \"DATABASE_URL\", \"secretValue\": \"postgresql://user:pass@localhost:5432/mydb\", ... }" } ] } ``` ``` -------------------------------- ### Delete an existing secret Source: https://context7.com/infisical/infisical-mcp-server/llms.txt Use the 'delete-secret' tool to remove a secret from a project and environment. Provide the exact 'secretName' and 'secretPath' to ensure the correct secret is deleted. ```json { "name": "delete-secret", "arguments": { "projectId": "proj_abc123", "environmentSlug": "development", "secretName": "OLD_API_KEY", "secretPath": "/" } } ``` ```json { "content": [ { "type": "text", "text": "Secret deleted successfully: OLD_API_KEY" } ] } ``` -------------------------------- ### delete-secret Tool Source: https://context7.com/infisical/infisical-mcp-server/llms.txt Deletes an existing secret from a specified project and environment. Requires the exact secret name and path to locate and remove the secret. ```APIDOC ## DELETE /tools/delete-secret ### Description Deletes an existing secret from a specified project and environment. Requires the exact secret name and path to locate and remove the secret. ### Method DELETE ### Endpoint /tools/delete-secret ### Request Body - **projectId** (string) - Required - The ID of the project. - **environmentSlug** (string) - Required - The slug of the environment. - **secretName** (string) - Required - The name of the secret to delete. - **secretPath** (string) - Required - The path of the secret to delete. ### Request Example ```json { "name": "delete-secret", "arguments": { "projectId": "proj_abc123", "environmentSlug": "development", "secretName": "OLD_API_KEY", "secretPath": "/" } } ``` ### Response #### Success Response (200) - **content** (array) - An array containing the result of the operation, typically a text message confirming the deletion. #### Response Example ```json { "content": [ { "type": "text", "text": "Secret deleted successfully: OLD_API_KEY" } ] } ``` ``` -------------------------------- ### Update an existing secret Source: https://context7.com/infisical/infisical-mcp-server/llms.txt Use the 'update-secret' tool to modify a secret's value or rename it. You can perform partial updates by only providing the fields you wish to change, such as 'secretValue' or 'newSecretName'. ```json { "name": "update-secret", "arguments": { "projectId": "proj_abc123", "environmentSlug": "staging", "secretName": "API_KEY", "secretValue": "new-api-key-value-12345", "newSecretName": "PRIMARY_API_KEY", "secretPath": "/" } } ``` ```json { "content": [ { "type": "text", "text": "Secret updated successfully. Updated secret: { \"secretKey\": \"PRIMARY_API_KEY\", \"secretValue\": \"new-api-key-value-12345\", ... }" } ] } ``` -------------------------------- ### update-secret Tool Source: https://context7.com/infisical/infisical-mcp-server/llms.txt Updates an existing secret's value and optionally renames it. Supports partial updates where only the value or only the name can be changed. ```APIDOC ## PUT /tools/update-secret ### Description Updates an existing secret's value and optionally renames it. Supports partial updates where only the value or only the name can be changed. ### Method PUT ### Endpoint /tools/update-secret ### Request Body - **projectId** (string) - Required - The ID of the project. - **environmentSlug** (string) - Required - The slug of the environment. - **secretName** (string) - Required - The current name of the secret. - **secretValue** (string) - Optional - The new value for the secret. - **newSecretName** (string) - Optional - The new name for the secret. - **secretPath** (string) - Required - The path of the secret. ### Request Example ```json { "name": "update-secret", "arguments": { "projectId": "proj_abc123", "environmentSlug": "staging", "secretName": "API_KEY", "secretValue": "new-api-key-value-12345", "newSecretName": "PRIMARY_API_KEY", "secretPath": "/" } } ``` ### Response #### Success Response (200) - **content** (array) - An array containing the result of the operation, typically a text message confirming the update. #### Response Example ```json { "content": [ { "type": "text", "text": "Secret updated successfully. Updated secret: { \"secretKey\": \"PRIMARY_API_KEY\", \"secretValue\": \"new-api-key-value-12345\", ... }" } ] } ``` ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.