Skip to main content
Loadout
Ranking2 min read

Best MCP servers for secrets & password management (2026)

Stop hardcoding API keys in MCP configs. The best secrets-management MCP servers — 1Password, Bitwarden, Infisical, Doppler, HashiCorp Vault — compared.

Every MCP server needs tokens — and hardcoding them in claude_desktop_config.json is how secrets leak. Secrets-management MCP servers solve this two ways: inject secrets into configs at runtime (the safe default), or let an AI manage a vault. Here are the best options in 2026 and when to use each.

The golden rule first

Any secret an AI reads is sent to your LLM provider in plaintext and lives in the conversation. So for sensitive credentials, prefer injection (resolve secrets at launch, AI never sees the vault) over giving an AI vault-read access. Keep that in mind as you pick.

  1. 1Password — reference secrets with op:// paths or wrap launches with op run, so tokens never sit in plaintext config. Mature and widely supported. See 1Password + MCP.
  2. Infisical — official MCP server aimed squarely at this: store keys in Infisical, inject at runtime instead of hardcoding in claude_desktop_config.json. Great for teams and dev environments.
  3. Doppler — official server wrapping the Doppler API; interactive login or scoped DOPPLER_TOKEN. Solid if you already run Doppler (note: less actively maintained lately).

For AI-managed vaults

  1. Bitwarden — official server, 40+ tools, open source, with a native OS unlock so your master password never reaches the LLM. Best if you want the AI to organise/manage items. See Bitwarden MCP setup.
  2. HashiCorp Vault — official server with KV and PKI support for infrastructure secrets. Beta and local-use only per HashiCorp — don't expose it in production.

How to choose

  • Keep tokens out of configs (most people) → 1Password or Infisical injection.
  • Team/dev secrets platform → Infisical or Doppler.
  • AI-assisted personal vault / open source → Bitwarden.
  • Infra secrets (KV/PKI) → HashiCorp Vault, local only.

Safe defaults for any of them

Use a dedicated, least-privilege scope (separate vault/project, read-only where possible), treat service-account tokens like master keys (rotate on exposure), never inline them in shared config, and review the server before running it — see how to vet an MCP server and MCP security best practices.

Going further

Deep dives: 1Password, Bitwarden, and 1Password vs Bitwarden. Browse the security category or curated loadouts.

Loadout

Build your AI agent loadout

The directory of MCP servers and AI agents that actually work. Pick the right loadout for Slack, Postgres, GitHub, Figma and 20+ integrations — with install commands ready to paste into Claude Desktop, Cursor or your own stack.

Contact
© 2026 Loadout. Built on Angular 21 SSR.