Use this skill when the user asks to "manage secrets", "read a secret", "write a secret", "list secrets", "delete a secret", "create a KV engine", "enable secrets engine", or any task involving HashiCorp Vault secret storage.
Use the hashicorp-vault MCP server tools to manage secrets for the user's Vault instance.
vault_list_mounts to show available secrets engines.vault_kv_list (for KV v2) or vault_kv1_list (for KV v1) with the mount and optional path.vault_kv_read with mount, path, and optional version.vault_kv1_read with mount and path.vault_kv_write. Use cas for check-and-set if updating existing secrets.vault_kv1_write.vault_kv_delete (data can be recovered with vault_kv_undelete).vault_kv_metadata_delete (destroys all versions).vault_kv1_delete (permanent).vault_list_mounts — see all mounted engines.vault_enable_engine — mount a new engine (specify type and options like { version: "2" } for KV v2).vault_disable_engine — unmount an engine (destroys all data; always confirm first).vault_tune_engine — adjust TTLs and description.cas (check-and-set) when updating critical secrets to prevent overwrites.vault_enable_engine with type: "kv" and options: { version: "2" }.See references/kv-engines.md for detailed KV v1 vs v2 differences.