All work
A secrets-vault MCP server for AI agents (Bitwarden-backed)
A custom MCP server that safely brokers Bitwarden-stored secrets to AI agents — per-caller scoping, rate-limiting and full audit. It's the secrets layer behind Alfred and other automations.
Focus:
- MCP
- Secrets / Bitwarden
Type:
Platform / infrastructure
Discipline:
AI application engineering
Tags:
- #MCP
- #Secrets/Bitwarden
- #Auth&scoping
- #Productionservice
Note: client identities and full system architecture are withheld for confidentiality — enough is shared here to show the shape and substance of the work.
Problem
AI agents and automations need real credentials — API keys, tokens, passwords — to do useful work. Handing those out as plaintext env vars, or giving every agent the whole vault, is a breach waiting to happen. The need: let many agents use exactly the secrets they're allowed to and nothing more, with a record of who accessed what.
Approach
- Built a custom MCP (Model Context Protocol) server in TypeScript that fronts a Bitwarden secrets vault, exposing typed tools instead of raw vault access.
- Per-caller scoped access with least-privilege policies, so each agent only reaches the secrets and tools it's explicitly allowed.
- Structured audit logging of every access, plus per-caller rate limiting to contain misuse.
- Runs in production behind TLS, serving both local developer tools and remote automations. (Deeper security specifics kept private.)
Result
- Many agents and automations now pull only the credentials they're entitled to — no plaintext secrets scattered across configs.
- Per-caller scoping and rate limits contain the blast radius: a compromised caller can't reach past its policy.
- Every secret access is logged and reviewable — an invisible risk turned into an auditable system.
Architecture
