Model Context Protocol (MCP)
Unizo offers an MCP server that integrates key management and secrets management platforms with any LLM provider supporting the MCP protocol. This enables your AI agent to manage secrets, API keys, certificates, encryption keys, and vault configurations across AWS Secrets Manager, Azure Key Vault, Google Cloud Secret Manager, HashiCorp Vault, CyberArk, and Thycotic via a single MCP server.
Supported Tools & Use Cases
The following tools are available in the Key Management MCP Server:
| Tool Name | Description |
|---|---|
key_management_list_connectors | Get list of available key management services |
key_management_list_integrations | Get integrations for a specific key management service |
key_management_list_vaults | Browse vault configurations with filtering and pagination |
key_management_get_vault_details | Retrieve detailed vault configuration information |
key_management_list_secrets | Browse secrets within a vault with filtering |
key_management_get_secret_details | Retrieve detailed secret information including versions and metadata |
key_management_create_secret | Create a new secret in a vault |
key_management_update_secret | Update an existing secret value or metadata |
key_management_rotate_secret | Rotate a secret and create a new version |
Tool Reference
Service Discovery Tools
key_management_list_connectors
Get list of available key management services
Parameters: None
Returns: List of available key management services (e.g., HashiCorp Vault, Azure Key Vault, AWS Secrets Manager)
Example Response:
[
{"name": "hashicorp"},
{"name": "azure"},
{"name": "aws"},
{"name": "gcp"},
{"name": "cyberark"},
{"name": "thycotic"}
]
key_management_list_integrations
Get integrations for a specific key management service
Parameters:
connector(string, required): Name of the service (e.g., "hashicorp", "azure", "aws")
Returns: List of integrations available for the specified service
Example Response:
[
{
"id": "integration-123",
"name": "Production Vault"
},
{
"id": "integration-456",
"name": "Development Key Store"
}
]
Vault Management Tools
key_management_list_vaults
Browse vault configurations with filtering and pagination
Parameters:
integration_id(string, required): Unique identifier for the integration
Returns: Paginated list of vault configurations
Example Response:
{
"status": "success",
"message": "Retrieved 5 vault configurations",
"data": {
"vaults": [
{
"id": "vault-prod-001",
"name": "production-secrets",
"path": "secret/data/production",
"type": "kv-v2",
"description": "Production environment secrets and API keys",
"metadata": {
"environment": "production",
"region": "us-east-1",
"encryption": "AES-256-GCM",
"autoRotationEnabled": true,
"rotationPeriodDays": 90,
"accessPolicies": [
"production-apps",
"admin-team"
]
},
"changeLog": {
"createdDateTime": "2024-01-15T09:30:00Z",
"lastUpdatedDateTime": "2024-11-01T14:20:00Z",
"createdBy": {
"id": "user-123",
"firstName": "Alice",
"lastName": "Johnson"
},
"lastUpdatedBy": {
"id": "user-456",
"firstName": "Bob",
"lastName": "Smith"
}
}
},
{
"id": "vault-dev-002",
"name": "development-keys",
"path": "secret/data/development",
"type": "kv-v2",
"description": "Development environment API keys and credentials",
"metadata": {
"environment": "development",
"region": "us-west-2",
"encryption": "AES-256-GCM",
"autoRotationEnabled": false,
"accessPolicies": [
"dev-team"
]
},
"changeLog": {
"createdDateTime": "2024-02-20T11:00:00Z",
"lastUpdatedDateTime": "2024-10-28T16:45:00Z",
"createdBy": {
"id": "user-789",
"firstName": "Carol",
"lastName": "Wilson"
}
}
},
{
"id": "vault-cert-003",
"name": "ssl-certificates",
"path": "pki/data/certificates",
"type": "pki",
"description": "SSL/TLS certificates for all services",
"metadata": {
"environment": "production",
"certificateAuthority": "Internal PKI",
"maxTTL": "8760h",
"autoRotationEnabled": true,
"rotationPeriodDays": 365,
"accessPolicies": [
"infrastructure-team",
"security-team"
]
},
"changeLog": {
"createdDateTime": "2024-03-10T14:00:00Z",
"lastUpdatedDateTime": "2024-11-05T10:15:00Z",
"createdBy": {
"id": "user-456",
"firstName": "Bob",
"lastName": "Smith"
}
}
}
],
"pagination": {
"total": 5,
"offset": 0,
"limit": 20,
"next": null,
"previous": null
},
"total_count": 5
}
}
key_management_get_vault_details
Retrieve detailed vault configuration information
Parameters:
integration_id(string, required): Unique identifier for the integrationvault_id(string, required): Unique identifier of the vault
Returns: Comprehensive vault configuration information
Example Response:
{
"status": "success",
"message": "Retrieved vault details for vault-prod-001",
"data": {
"vault": {
"id": "vault-prod-001",
"name": "production-secrets",
"path": "secret/data/production",
"type": "kv-v2",
"description": "Production environment secrets and API keys",
"metadata": {
"environment": "production",
"region": "us-east-1",
"encryption": "AES-256-GCM",
"autoRotationEnabled": true,
"rotationPeriodDays": 90,
"lastRotationDate": "2024-09-15T10:00:00Z",
"nextRotationDate": "2024-12-14T10:00:00Z",
"accessPolicies": [
"production-apps",
"admin-team"
],
"auditEnabled": true,
"versioningEnabled": true,
"maxVersions": 10,
"deleteProtection": true
},
"statistics": {
"totalSecrets": 127,
"activeSecrets": 115,
"expiredSecrets": 12,
"lastAccessedDateTime": "2024-11-06T14:30:00Z",
"accessCount30Days": 4523
},
"changeLog": {
"createdDateTime": "2024-01-15T09:30:00Z",
"lastUpdatedDateTime": "2024-11-01T14:20:00Z",
"createdBy": {
"href": "https://api.unizo.ai/api/v1/users/user-123",
"id": "user-123",
"firstName": "Alice",
"lastName": "Johnson",
"avatar": {
"original": "/avatars/user-123-original.png",
"small": "/avatars/user-123-small.png"
}
},
"lastUpdatedBy": {
"href": "https://api.unizo.ai/api/v1/users/user-456",
"id": "user-456",
"firstName": "Bob",
"lastName": "Smith",
"avatar": {
"small": "/avatars/user-456-small.png"
}
}
}
}
}
}
Secret Management Tools
key_management_list_secrets
Browse secrets within a vault with filtering and pagination
Parameters:
integration_id(string, required): Unique identifier for the integrationvault_id(string, required): Unique identifier of the vault
Returns: Paginated list of secrets
Example Response:
{
"status": "success",
"message": "Retrieved 15 secrets from vault vault-prod-001",
"data": {
"secrets": [
{
"id": "secret-api-key-001",
"name": "stripe-api-key",
"path": "secret/data/production/stripe-api-key",
"type": "api_key",
"description": "Stripe payment gateway API key for production",
"version": 3,
"metadata": {
"service": "payment-gateway",
"owner": "payments-team@acme-corp.com",
"expiresAt": "2025-06-15T00:00:00Z",
"rotationEnabled": true,
"lastRotatedAt": "2024-09-15T10:00:00Z",
"tags": [
"payment",
"api-key",
"production"
]
},
"changeLog": {
"createdDateTime": "2024-03-15T10:00:00Z",
"lastUpdatedDateTime": "2024-09-15T10:00:00Z",
"createdBy": {
"id": "user-123",
"firstName": "Alice",
"lastName": "Johnson"
},
"lastUpdatedBy": {
"id": "user-789",
"firstName": "Carol",
"lastName": "Wilson"
}
}
},
{
"id": "secret-db-cred-002",
"name": "postgres-master-password",
"path": "secret/data/production/postgres-master",
"type": "database_credential",
"description": "PostgreSQL master database password",
"version": 8,
"metadata": {
"service": "database",
"owner": "infrastructure-team@acme-corp.com",
"expiresAt": "2025-03-01T00:00:00Z",
"rotationEnabled": true,
"lastRotatedAt": "2024-11-01T02:00:00Z",
"complexityScore": "high",
"tags": [
"database",
"postgres",
"production",
"critical"
]
},
"changeLog": {
"createdDateTime": "2024-01-20T08:00:00Z",
"lastUpdatedDateTime": "2024-11-01T02:00:00Z",
"createdBy": {
"id": "user-456",
"firstName": "Bob",
"lastName": "Smith"
},
"lastUpdatedBy": {
"id": "system-rotation",
"firstName": "System",
"lastName": "Rotation"
}
}
},
{
"id": "secret-cert-003",
"name": "api-acme-corp-com-cert",
"path": "pki/data/certificates/api.acme-corp.com",
"type": "certificate",
"description": "SSL certificate for api.acme-corp.com",
"version": 2,
"metadata": {
"service": "api-gateway",
"owner": "security-team@acme-corp.com",
"commonName": "api.acme-corp.com",
"subjectAlternativeNames": [
"api.acme-corp.com",
"*.api.acme-corp.com"
],
"issuer": "Acme Corp Internal CA",
"serialNumber": "5D:A8:F1:2C:3E:9B:7F:4A",
"validFrom": "2024-05-01T00:00:00Z",
"expiresAt": "2025-05-01T00:00:00Z",
"keyAlgorithm": "RSA-2048",
"rotationEnabled": true,
"lastRotatedAt": "2024-05-01T00:00:00Z",
"tags": [
"certificate",
"ssl",
"api-gateway"
]
},
"changeLog": {
"createdDateTime": "2024-05-01T00:00:00Z",
"lastUpdatedDateTime": "2024-05-01T00:00:00Z",
"createdBy": {
"id": "user-456",
"firstName": "Bob",
"lastName": "Smith"
}
}
},
{
"id": "secret-token-004",
"name": "github-oauth-token",
"path": "secret/data/production/github-oauth",
"type": "oauth_token",
"description": "GitHub OAuth token for CI/CD integration",
"version": 1,
"metadata": {
"service": "ci-cd",
"owner": "devops-team@acme-corp.com",
"scopes": [
"repo",
"workflow",
"read:org"
],
"expiresAt": "2025-11-06T00:00:00Z",
"rotationEnabled": false,
"tags": [
"oauth",
"github",
"ci-cd"
]
},
"changeLog": {
"createdDateTime": "2024-11-06T10:00:00Z",
"lastUpdatedDateTime": "2024-11-06T10:00:00Z",
"createdBy": {
"id": "user-789",
"firstName": "Carol",
"lastName": "Wilson"
}
}
},
{
"id": "secret-enc-key-005",
"name": "data-encryption-key",
"path": "secret/data/production/encryption-keys/data-key",
"type": "encryption_key",
"description": "Master encryption key for data at rest",
"version": 1,
"metadata": {
"service": "encryption",
"owner": "security-team@acme-corp.com",
"algorithm": "AES-256-GCM",
"keyLength": 256,
"expiresAt": null,
"rotationEnabled": true,
"rotationPeriodDays": 365,
"lastRotatedAt": "2024-01-15T00:00:00Z",
"nextRotationDate": "2025-01-15T00:00:00Z",
"usage": "data-at-rest-encryption",
"hsm": true,
"tags": [
"encryption",
"master-key",
"hsm",
"critical"
]
},
"changeLog": {
"createdDateTime": "2024-01-15T00:00:00Z",
"lastUpdatedDateTime": "2024-01-15T00:00:00Z",
"createdBy": {
"id": "user-456",
"firstName": "Bob",
"lastName": "Smith"
}
}
}
],
"pagination": {
"total": 127,
"offset": 0,
"limit": 20,
"next": 20,
"previous": null
},
"vault_id": "vault-prod-001",
"total_count": 127
}
}
key_management_get_secret_details
Retrieve detailed secret information including versions and metadata
Parameters:
integration_id(string, required): Unique identifier for the integrationvault_id(string, required): Unique identifier of the vaultsecret_id(string, required): Unique identifier of the secret
Returns: Comprehensive secret information including all versions
Example Response:
{
"status": "success",
"message": "Retrieved secret details for secret-api-key-001",
"data": {
"secret": {
"id": "secret-api-key-001",
"name": "stripe-api-key",
"path": "secret/data/production/stripe-api-key",
"type": "api_key",
"description": "Stripe payment gateway API key for production environment",
"currentVersion": 3,
"value": "sk_live_51JxP2qLkHj2MnO9v8yXzA3B7cD1eF2gH3iJ4kL5mN6oP7qR8sT9uV0wX1yZ2",
"metadata": {
"service": "payment-gateway",
"environment": "production",
"owner": "payments-team@acme-corp.com",
"createdBy": "alice.johnson@acme-corp.com",
"expiresAt": "2025-06-15T00:00:00Z",
"daysUntilExpiration": 221,
"rotationEnabled": true,
"rotationPeriodDays": 90,
"lastRotatedAt": "2024-09-15T10:00:00Z",
"nextRotationDate": "2024-12-14T10:00:00Z",
"accessPolicy": "production-apps",
"lastAccessedAt": "2024-11-06T14:30:00Z",
"accessCount30Days": 3456,
"tags": [
"payment",
"api-key",
"production",
"stripe"
]
},
"versions": [
{
"version": 3,
"createdDateTime": "2024-09-15T10:00:00Z",
"createdBy": {
"id": "user-789",
"firstName": "Carol",
"lastName": "Wilson",
"email": "carol.wilson@acme-corp.com"
},
"status": "active",
"description": "Rotated key - Q3 2024 rotation cycle"
},
{
"version": 2,
"createdDateTime": "2024-06-15T10:00:00Z",
"createdBy": {
"id": "user-123",
"firstName": "Alice",
"lastName": "Johnson",
"email": "alice.johnson@acme-corp.com"
},
"status": "deprecated",
"description": "Rotated key - Q2 2024 rotation cycle",
"deprecatedAt": "2024-09-15T10:00:00Z"
},
{
"version": 1,
"createdDateTime": "2024-03-15T10:00:00Z",
"createdBy": {
"id": "user-123",
"firstName": "Alice",
"lastName": "Johnson",
"email": "alice.johnson@acme-corp.com"
},
"status": "deleted",
"description": "Initial Stripe API key",
"deprecatedAt": "2024-06-15T10:00:00Z",
"deletedAt": "2024-07-15T10:00:00Z"
}
],
"auditLog": [
{
"timestamp": "2024-11-06T14:30:00Z",
"action": "secret_accessed",
"user": {
"id": "service-account-payment",
"name": "Payment Service"
},
"ipAddress": "10.0.5.123",
"userAgent": "PaymentService/1.5.0"
},
{
"timestamp": "2024-09-15T10:00:00Z",
"action": "secret_rotated",
"user": {
"id": "user-789",
"firstName": "Carol",
"lastName": "Wilson"
},
"ipAddress": "192.168.1.45",
"details": "Automatic rotation - 90 day cycle"
},
{
"timestamp": "2024-06-15T10:00:00Z",
"action": "secret_rotated",
"user": {
"id": "user-123",
"firstName": "Alice",
"lastName": "Johnson"
},
"ipAddress": "192.168.1.23",
"details": "Manual rotation - security policy update"
}
],
"changeLog": {
"createdDateTime": "2024-03-15T10:00:00Z",
"lastUpdatedDateTime": "2024-09-15T10:00:00Z",
"createdBy": {
"href": "https://api.unizo.ai/api/v1/users/user-123",
"id": "user-123",
"firstName": "Alice",
"lastName": "Johnson",
"avatar": {
"original": "/avatars/user-123-original.png",
"small": "/avatars/user-123-small.png"
}
},
"lastUpdatedBy": {
"href": "https://api.unizo.ai/api/v1/users/user-789",
"id": "user-789",
"firstName": "Carol",
"lastName": "Wilson",
"avatar": {
"small": "/avatars/user-789-small.png"
}
}
}
},
"vault_id": "vault-prod-001"
}
}
key_management_create_secret
Create a new secret in a vault
Parameters:
integration_id(string, required): Unique identifier for the integrationvault_id(string, required): Unique identifier of the vaultname(string, required): Name of the secretvalue(string, required): Secret value to storetype(string, required): Type of secret (api_key, database_credential, certificate, oauth_token, encryption_key, generic)description(string, optional): Description of the secretmetadata(object, optional): Additional metadata for the secret
Returns: Details of the newly created secret
Example Response:
{
"status": "success",
"message": "Created secret: sendgrid-api-key in vault vault-prod-001",
"data": {
"secret": {
"id": "secret-api-key-006",
"name": "sendgrid-api-key",
"path": "secret/data/production/sendgrid-api-key",
"type": "api_key",
"description": "SendGrid email service API key",
"version": 1,
"metadata": {
"service": "email-service",
"owner": "platform-team@acme-corp.com",
"environment": "production",
"rotationEnabled": false,
"tags": [
"email",
"api-key",
"sendgrid"
]
},
"changeLog": {
"createdDateTime": "2024-11-06T15:30:00Z",
"lastUpdatedDateTime": "2024-11-06T15:30:00Z",
"createdBy": {
"id": "user-current",
"firstName": "Current",
"lastName": "User"
}
}
},
"vault_id": "vault-prod-001"
}
}
key_management_update_secret
Update an existing secret value or metadata
Parameters:
integration_id(string, required): Unique identifier for the integrationvault_id(string, required): Unique identifier of the vaultsecret_id(string, required): Unique identifier of the secretvalue(string, optional): New secret valuedescription(string, optional): Updated descriptionmetadata(object, optional): Updated metadata
Returns: Details of the updated secret
Example Response:
{
"status": "success",
"message": "Updated secret: sendgrid-api-key in vault vault-prod-001",
"data": {
"secret": {
"id": "secret-api-key-006",
"name": "sendgrid-api-key",
"path": "secret/data/production/sendgrid-api-key",
"type": "api_key",
"description": "SendGrid email service API key - Updated for new account",
"version": 2,
"metadata": {
"service": "email-service",
"owner": "platform-team@acme-corp.com",
"environment": "production",
"rotationEnabled": true,
"rotationPeriodDays": 180,
"tags": [
"email",
"api-key",
"sendgrid",
"updated"
]
},
"changeLog": {
"createdDateTime": "2024-11-06T15:30:00Z",
"lastUpdatedDateTime": "2024-11-06T16:45:00Z",
"createdBy": {
"id": "user-789",
"firstName": "Carol",
"lastName": "Wilson"
},
"lastUpdatedBy": {
"id": "user-current",
"firstName": "Current",
"lastName": "User"
}
}
},
"vault_id": "vault-prod-001"
}
}
key_management_rotate_secret
Rotate a secret and create a new version
Parameters:
integration_id(string, required): Unique identifier for the integrationvault_id(string, required): Unique identifier of the vaultsecret_id(string, required): Unique identifier of the secretnew_value(string, required): New secret value for the rotated version
Returns: Details of the rotated secret with new version information
Example Response:
{
"status": "success",
"message": "Rotated secret: postgres-master-password (version 9 created)",
"data": {
"secret": {
"id": "secret-db-cred-002",
"name": "postgres-master-password",
"path": "secret/data/production/postgres-master",
"type": "database_credential",
"description": "PostgreSQL master database password",
"currentVersion": 9,
"previousVersion": 8,
"metadata": {
"service": "database",
"owner": "infrastructure-team@acme-corp.com",
"environment": "production",
"expiresAt": "2025-05-06T00:00:00Z",
"rotationEnabled": true,
"rotationPeriodDays": 90,
"lastRotatedAt": "2024-11-06T17:00:00Z",
"nextRotationDate": "2025-02-04T17:00:00Z",
"rotationMethod": "manual",
"complexityScore": "high",
"tags": [
"database",
"postgres",
"production",
"critical"
]
},
"rotation": {
"rotatedAt": "2024-11-06T17:00:00Z",
"rotatedBy": {
"id": "user-current",
"firstName": "Current",
"lastName": "User"
},
"reason": "Scheduled 90-day rotation",
"previousVersionDeprecated": true,
"previousVersionDeletionScheduled": "2024-12-06T17:00:00Z",
"affectedServices": [
"payment-service",
"order-service",
"inventory-service"
],
"notificationsSent": true
},
"changeLog": {
"createdDateTime": "2024-01-20T08:00:00Z",
"lastUpdatedDateTime": "2024-11-06T17:00:00Z",
"createdBy": {
"id": "user-456",
"firstName": "Bob",
"lastName": "Smith"
},
"lastUpdatedBy": {
"id": "user-current",
"firstName": "Current",
"lastName": "User"
}
}
},
"vault_id": "vault-prod-001"
}
}
Installation
Prerequisites
- A Unizo API key
- An active Key Management integration (HashiCorp Vault, Azure Key Vault, AWS Secrets Manager, Google Cloud Secret Manager)
- Node.js v20 or higher
MCP Configuration
Here is an example configuration for setting up the Unizo Key Management MCP server:
{
"mcpServers": {
"unizo": {
"command": "npx",
"args": [
"mcp-remote",
"https://api.unizo.ai/mcp",
"--header",
"apikey:${UNIZO_API_KEY}",
"--header",
"x-mcp-scopes:key_management"
],
"env": {
"UNIZO_API_KEY": "your_api_key"
}
}
}
}
Client Setup
For detailed setup instructions with specific AI clients:
Environment Variables
The following environment variables are required:
UNIZO_API_KEY: Your Unizo API key
Error Handling
All tools return errors in a consistent format:
{
"status": "error",
"message": "Secret 'secret-api-key-999' not found in vault 'vault-prod-001'",
"traceback": "..."
}