Build secure, AI-driven workflows with Terraform and Vault MCP servers

This week at AWS Summit New York City, HashiCorp introduced new capabilities designed to help platform teams explore the future of AI-driven infrastructure. As organizations evaluate how to scale AI and modern workloads securely, HashiCorp is offering composable, trusted integrations that extend existing workflows and lay the foundation for intelligent automation. At the Summit, AWS and HashiCorp shared three exciting updates that push this vision forward:

• The launch of the Vault and HCP Vault Radar MCP servers via AWS marketplace, enabling secure, AI-assisted discovery and remediation of unmanaged secrets.
• Enhancements to the Terraform MCP server, delivering greater flexibility and usability for agent-based provisioning.
• The launch of Amazon Bedrock AgentCore, with HashiCorp Terraform MCP server leading the launch as a key partner for infrastructure-aware AI agent capabilities.

HashiCorp MCP servers represent a step toward a more intelligent, automated cloud operating model — where infrastructure is provisioned, secured, and managed through trusted systems of record like Terraform and Vault, and enhanced by generative AI.

In this post, we’ll explore what these announcements mean for developers, platform teams, and security leaders building the next generation of cloud-native infrastructure.

NOTE: All the HashiCorp MCP servers are considered experimental in nature. Please refer to the terms of use section below.

»HashiCorp’s vision for MCP servers

At HashiCorp, we see Model Context Protocol (MCP) servers as a critical new interface layer between trusted automation systems and emerging AI ecosystems. The use of standard protocols such as MCP enable safe, auditable interactions between AI agents and enterprise infrastructure, ensuring that automation is based on reliable and context-rich data — not just probabilistic inference.

As AI agents become more capable, organizations will want the agents to take meaningful actions such as provisioning infrastructure, scanning for misconfigurations, or rotating secrets. Such actions however must occur within a secure and governed framework that enterprises already trust. That’s where Terraform, Vault, and Vault Radar MCP servers come in: Together, these MCP servers aim to enable enterprise developers and platform teams to interact with Terraform, Vault, and Vault Radar using natural language and generative AI to efficiently accomplish their tasks in a secure and compliant manner.

HashCorp MCP servers are LLM-agnostic, allowing organizations to use the LLMs that they’ve invested in, while solo engineers can use the ones that they prefer.

»Introducing the HCP Vault Radar MCP server

Today, we’re introducing the Vault Radar MCP server, now exclusively available in the AWS marketplace. With security teams managing thousands of daily alerts and risk events, manual investigation and complex queries create bottlenecks in threat response.

Acting as an interface between your Vault Radar instance and the AI agent of your choice, the Vault Radar MCP server enables security teams to query their risk landscape using natural language. For example, teams can ask the following instead of navigating multiple interfaces:

“which leaked secret events are of critical severity and present in Vault?”

With this query, the AI agent will use Vault Radar to query your environment and render output securely within the chat interface. Secrets are never shared through Vault MCP servers, and AI agent access is only activated during a user’s prompt, so there is no persistent connection or background data exchange.

Stay tuned for more updates as we gather insights from this release and work to make it easier and safer for organizations to integrate trusted AI workflows into their security lifecycle.

To get started, check out the Vault Radar MCP server on the AWS Marketplace and watch the demo below.

»Introducing Vault MCP server

Today, we’re excited to introduce the Vault MCP server, now exclusively available in the AWS marketplace. The Vault MCP server enables users to trigger basic Vault queries and operations using natural language, instead of needing to directly call Vault APIs using traditional methods.

The Vault MCP server supports several Vault API commands for managing key-value mounts and their secrets. This includes creating, listing, and deleting mounts, as well as writing, reading, listing, and other interactions with secrets within those mounts.

The goal of this release is to gauge interest in the MCP server’s capabilities and seek feedback on their usefulness. Depending on customer feedback and feature requests, we will consider supporting additional queries and operations using Vault APIs and Vault ecosystem plugins. We are also considering support for remote MCP servers and advanced enterprise-ready security features.

To get started, check out the Vault MCP server at AWS Marketplace and watch the demo below demonstrating how to quickly create and maintain a secure application with the Vault MCP server.

»Enhancements to the Terraform MCP server

Today, the Terraform MCP server is available on AWS Marketplace where you can download it for free. Customers can also launch the Terraform MCP server in the AWS AI Agent Platform. The Terraform MCP server allows an AI agent to query the Terraform Registry for provider, module, and policy information and request recommendations.

Today’s release includes an update that implements MCP resources, allowing servers to expose data and content that clients can read and use as context for LLM interactions. AI clients may automatically choose resources based on certain criteria, and some advanced systems might even allow the AI model to decide which resources to use.

There are also two resource guides currently available in the MCP server: the Terraform style guide and module development guide. You can also find them on the HashiCorp Developer site. Having these guides within the MCP server enables the AI model to generate Terraform code that adheres to official standards.

To learn more, check out the Terraform MCP server user guide and download the Terraform MCP server at AWS Marketplace.

»HashiCorp joins AWS Marketplace launch for AI Agents

At HashiCorp, we believe in enabling infrastructure automation that is secure, scalable, and developer-friendly. As the industry shifts toward agentic AI — autonomous systems that can reason, act, and adapt — we’re excited to announce our participation in the launch of the new AI Agents and Tools category in AWS Marketplace along with the availability of our Terraform MCP server in Amazon Bedrock AgentCore. Bedrock AgentCore (preview) enables developers to deploy and operate highly capable agents securely at scale in the AWS Marketplace.

This launch marks a pivotal moment in how organizations build and deploy intelligent systems. And we’re proud to contribute our Terraform MCP server as a new offering designed to accelerate secure, scalable AI workflows.

Agentic AI is transforming how enterprises operate. From automating compliance workflows to powering intelligent research assistants, AI agents are becoming integral to modern business infrastructure.

But building these systems is complex. It requires specialized AI capabilities, secure and compliant deployment, and seamless integration with existing infrastructure

That’s where AWS Marketplace — and HashiCorp — come in.

The new AI Agents and Tools category in AWS Marketplace is a curated storefront for pre-built AI agents, modular tools, and professional services. It’s designed to help teams move faster, integrate smarter, and scale securely.

By combining AWS’s agentic AI platform with HashiCorp’s infrastructure automation and security tools, organizations can:

• Accelerate time-to-value for AI initiatives
• Ensure secure, compliant agent operations
• Integrate AI agents into existing Terraform and Vault workflows

Whether you're building intelligent DevOps agents, secure data pipelines, or dynamic infrastructure provisioning bots, these tools provide the foundation for scalable, secure automation.

»Access and use of beta technology

All the HashiCorp MCP servers are considered experimental in nature and intended for development, testing, and evaluation purposes. Use of these MCP servers in production settings is not recommended at this time. Please review the terms of use before using.

The outputs and recommendations provided by these MCP servers are generated dynamically and may vary based on the query, model, and the connected MCP server. Users should thoroughly review all outputs/recommendations to ensure they align with their organization's security best practices, cost-efficiency goals, and compliance requirements before implementation.

»AWS and HashiCorp monthly webinar series

Join AWS and HashiCorp for a monthly webinar series exploring key strategies to build, automate, and secure cloud infrastructure. Each month, we’ll dive into a different topic — from policy as code to secrets management, infrastructure provisioning, and zero trust security — offering hands-on guidance and real-world insights. Don’t miss these upcoming sessions designed to help you do more with AWS and HashiCorp tools:

• Strengthen AWS Infrastructure Security with Sentinel in Terraform
• Securing Cloud Secrets at Scale: Vault & AWS Best Practices