/vault | Type: Embedded | PCID required: No
Tools
| Tool | Description |
|---|---|
vault_list_collections | List all available vault collections |
vault_create_collection | Create a new vault collection for storing encrypted secrets. Returns { id, name, type } - use the “id” field as collectionId for subsequent operations like creating secrets. |
vault_list_items | List secrets from a vault collection with optional filtering and decryption. Returns array of secrets with secretId, key, content (encrypted unless decryptSecrets=true), metadata, secretType, and timestamps. Use secretId from response for vault_get_item/vault_update_item/vault_delete_item. |
vault_get_item | Retrieve a specific secret from a vault collection by its ID. IMPORTANT: Use the secretId from vault_create_item response (field name is “docId” in create response, but use that value as “secretId” parameter here). Response includes secretId, key, content (encrypted unless decryptSecrets=true), metadata, secretType, and timestamps. |
vault_create_item | Create a new secret in a vault collection with optional metadata and type. Response includes “docId” (use this as “secretId” for vault_get_item/vault_update_item/vault_delete_item), “key”, “message”, and collection info. IMPORTANT: Save the “docId” from response to use in subsequent operations. |
vault_update_item | Update an existing secret in a vault collection with new content and metadata. Use secretId from vault_create_item response (“docId” field) or vault_list_items. Only provided fields are updated; others remain unchanged. |
vault_delete_item | Delete a secret from a vault collection by ID or key. Dependency: datacollection_list_collections |
vault_list_collections
List all available vault collections Parameters: Nonevault_create_collection
Create a new vault collection for storing encrypted secrets. Returns { id, name, type } - use the “id” field as collectionId for subsequent operations like creating secrets. Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
name | string | Yes | — | Display name for the vault collection |
description | string | No | — | Optional description of the collection purpose |
createdBy | string | Yes | — | User ID creating the collection - use the current user ID or a service identifier |
createdByName | string | Yes | — | Display name shown as creator - use the current user name or service name |
vault_list_items
List secrets from a vault collection with optional filtering and decryption. Returns array of secrets with secretId, key, content (encrypted unless decryptSecrets=true), metadata, secretType, and timestamps. Use secretId from response for vault_get_item/vault_update_item/vault_delete_item. Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
collectionId | string | Yes | — | Collection ID (not name) to list secrets from - e.g. “KCny7nGXpBzWNYpJzC0b”. Get from vault_list_collections. |
limit | number | No | 50 | Maximum number of secrets to return (default: 50, max: 1000) |
orderedBy | string | No | "createdAt:desc" | Field and direction to order by. Format: “field:direction”. Options: “createdAt:desc”, “createdAt:asc”, “updatedAt:desc”, “updatedAt:asc”, “key:asc”, “key:desc” |
decryptSecrets | boolean | No | false | Whether to decrypt secret content. Set to true to get readable content. Response includes decrypted “content” field when true. |
vault_get_item
Retrieve a specific secret from a vault collection by its ID. IMPORTANT: Use the secretId from vault_create_item response (field name is “docId” in create response, but use that value as “secretId” parameter here). Response includes secretId, key, content (encrypted unless decryptSecrets=true), metadata, secretType, and timestamps. Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
collectionId | string | Yes | — | Collection ID (not name) the secret belongs to - e.g. “KCny7nGXpBzWNYpJzC0b”. Get from vault_list_collections. |
secretId | string | Yes | — | Secret ID to retrieve. When creating a secret, the response contains “docId” - use that value here as “secretId”. Also available from vault_list_items. |
decryptSecrets | boolean | No | false | Whether to decrypt the secret content. Set to true to get readable content. Response structure: {“secretId”: ”…”, “key”: ”…”, “content”: “decrypted-value”, …} |
vault_create_item
Create a new secret in a vault collection with optional metadata and type. Response includes “docId” (use this as “secretId” for vault_get_item/vault_update_item/vault_delete_item), “key”, “message”, and collection info. IMPORTANT: Save the “docId” from response to use in subsequent operations. Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
collectionId | string | Yes | — | Collection ID (not name) to add the secret to - e.g. “KCny7nGXpBzWNYpJzC0b”. Get from vault_list_collections. |
key | string | Yes | — | Unique key identifier for the secret within the collection (required) |
content | string | Yes | — | Content of the secret to store (string or object). Will be encrypted automatically. |
metadata | object | No | — | Optional metadata object for categorization (e.g. {“category”: “api-keys”, “environment”: “production”}) |
secretType | string | No | "login" | Type of secret: “login” (default), “api-key”, “password”, “token”, etc. |
sortField | string | No | — | Optional sort field for organizing secrets |
triggerChanges | boolean | No | true | Whether to trigger webhooks on change |
vault_update_item
Update an existing secret in a vault collection with new content and metadata. Use secretId from vault_create_item response (“docId” field) or vault_list_items. Only provided fields are updated; others remain unchanged. Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
collectionId | string | Yes | — | Collection ID (not name) the secret belongs to - e.g. “KCny7nGXpBzWNYpJzC0b” |
secretId | string | Yes | — | Secret ID to update. From vault_create_item response, use the “docId” value. Also available from vault_list_items as “secretId”. |
content | string | Yes | — | Updated content of the secret (string or object). Will be re-encrypted automatically. |
metadata | object | No | — | Optional updated metadata object. Only provided fields are updated; existing metadata is preserved unless explicitly changed. |
triggerChanges | boolean | No | true | Whether to trigger webhooks on change |
vault_delete_item
Delete a secret from a vault collection by ID or key. Dependency: datacollection_list_collections Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
collectionId | string | Yes | — | Collection ID the secret belongs to |
secretId | string | No | — | Secret ID to delete |
key | string | No | — | Secret key to delete |
sortField | string | No | — | Sort field of the secret to delete |