Skip to content
PassBox

MCP Tools Reference

Secret Management

Section titled “Secret Management”

passbox_get_secret

Section titled “passbox_get_secret”

Get a decrypted secret value.

ParameterTypeRequiredDescription
namestringYesSecret name (e.g., DATABASE_URL)
vaultstringNoVault name or ID
envstringNoEnvironment name

Example prompt: “Get the DATABASE_URL from the production environment”

passbox_set_secret

Section titled “passbox_set_secret”

Create or update a secret.

ParameterTypeRequiredDescription
namestringYesSecret name
valuestringYesSecret value (encrypted before storage)
vaultstringNoVault name or ID
envstringNoEnvironment name
descriptionstringNoDescription

Example prompt: “Store a new API key called OPENAI_KEY with value sk-abc123”

passbox_delete_secret

Section titled “passbox_delete_secret”

Delete a secret.

ParameterTypeRequiredDescription
namestringYesSecret name to delete
vaultstringNoVault name or ID
envstringNoEnvironment name

passbox_list_secrets

Section titled “passbox_list_secrets”

List all secret names in a vault.

ParameterTypeRequiredDescription
vaultstringNoVault name or ID
envstringNoEnvironment name

Example prompt: “What secrets do I have in the staging environment?”

Vault & Environment

Section titled “Vault & Environment”

passbox_list_vaults

Section titled “passbox_list_vaults”

List all accessible vaults with roles.

No parameters required.

Example prompt: “List my PassBox vaults”

passbox_list_environments

Section titled “passbox_list_environments”

List environments in a vault.

ParameterTypeRequiredDescription
vaultstringNoVault name or ID

passbox_get_environment

Section titled “passbox_get_environment”

Get all secrets in an environment as key-value pairs.

ParameterTypeRequiredDescription
vaultstringNoVault name or ID
envstringNoEnvironment name

Example prompt: “Show me all the config for the production environment”

.env Operations

Section titled “.env Operations”

passbox_diff_env

Section titled “passbox_diff_env”

Compare local .env content with vault secrets. Shows missing, extra, and different values.

ParameterTypeRequiredDescription
envContentstringYesContent of the local .env file
vaultstringNoVault name or ID
envstringNoEnvironment to compare against

Example prompt: “Compare my .env file with the staging vault”

Output includes:

  • Missing locally (in vault but not in .env)
  • Extra locally (in .env but not in vault)
  • Different values
  • Summary counts

passbox_import_env

Section titled “passbox_import_env”

Import .env file content into a vault.

ParameterTypeRequiredDescription
envContentstringYesContent of the .env file
vaultstringNoVault name or ID
envstringNoTarget environment

Example prompt: “Import this .env file into the staging environment”

Advanced

Section titled “Advanced”

passbox_rotate_secret

Section titled “passbox_rotate_secret”

Trigger manual rotation for a secret. Fires the secret.rotated webhook event.

ParameterTypeRequiredDescription
namestringYesSecret name
vaultstringNoVault name or ID

passbox_proxy_request

Section titled “passbox_proxy_request”

Make an HTTP request with secrets injected as placeholders. Secrets referenced as {{SECRET_NAME}} are resolved and injected — the AI agent never sees the raw values.

ParameterTypeRequiredDescription
urlstringYesURL with optional {{SECRET_NAME}} placeholders
methodstringNoGET, POST, PUT, PATCH, DELETE (default: GET)
headersobjectNoHeaders with optional placeholders
bodystringNoRequest body with optional placeholders
vaultstringNoVault name or ID
envstringNoEnvironment name

Example prompt: “Call the Stripe API to list customers, using my STRIPE_SECRET_KEY”

The agent would generate:

{
  "url": "https://api.stripe.com/v1/customers",
  "method": "GET",
  "headers": {
    "Authorization": "Bearer {{STRIPE_SECRET_KEY}}"
  }
}

The MCP server resolves {{STRIPE_SECRET_KEY}} to the actual value, makes the request, and returns only the response — the AI never sees the key.