Back to blog
March 2, 2026 · 7 min read

How to Use Claude, Cursor, and Windsurf with
Your Encrypted Vault

VS
Varinder Singh
Founder, Claspt
Woman working with artificial intelligence on laptop

AI coding tools are powerful, but they cannot access your credentials. You end up copy-pasting API keys from one app into another. Claspt's built-in MCP Server fixes this — your AI assistant can search, read, and write your vault directly, without ever exposing your master password.

What Is the MCP Server?

MCP (Model Context Protocol) is a standard that lets AI tools connect to external data sources. Think of it as a bridge: Claude Desktop, Cursor, Windsurf, or any MCP-compatible tool can ask Claspt questions like "find the AWS production credentials" or "create a new page for this project's secrets."

Claspt's MCP Server runs locally inside the desktop app. It is not a cloud service. It is not a plugin you install. When you open Claspt and unlock your vault, the MCP Server is available on localhost. When you lock your vault, the MCP Server shuts down instantly. No exceptions.

Setting It Up

The MCP Server is enabled by default in Claspt. No configuration needed on the Claspt side. You just need to point your AI tool to it.

Claude Desktop

Open Claude Desktop's settings and add Claspt as an MCP server. Claude can then search your vault, read page contents, and even create new pages when you ask it to document something.

claude_desktop_config.json 
{
  "mcpServers": {
    "claspt": {
      "command": "claspt",
      "args": ["mcp-server"]
    }
  }
}

Cursor

Cursor supports MCP servers natively. Add the same configuration to Cursor's MCP settings. Now when you are coding and need a database connection string or API key, ask Cursor to pull it from your vault.

Windsurf

Windsurf's MCP integration works the same way. Point it at Claspt's MCP server, and your AI coding assistant can reference your credentials without you switching windows.

What Can AI Tools Do with Your Vault?

Once connected, your AI assistant has three capabilities:

  • Search. "Find my Stripe API keys" — the AI searches your vault using Claspt's tantivy-powered full-text search and returns matching pages.
  • Read. "Show me the production database credentials" — the AI reads the page contents, including decrypted secret blocks (only while the vault is unlocked).
  • Write. "Create a new page for this project with these environment variables" — the AI creates a new page in your vault with markdown notes and encrypted secret blocks.

Real-World Use Cases

Deploying with AI Assistance

You are deploying a new service. You tell Claude: "Set up the Docker Compose file for the staging environment. The database credentials are in my vault under 'Staging DB'." Claude reads the credentials from Claspt, generates the docker-compose.yml, and inserts the correct values — without you copy-pasting anything.

Onboarding Documentation

You tell Cursor: "Create a new vault page documenting the API keys and service accounts for the payment microservice." Cursor generates a well-structured markdown page with secret blocks for each credential, saves it to your vault, and it is immediately version-tracked by Git.

Credential Rotation

After rotating an API key, tell your AI assistant: "Update the OpenAI API key in my vault — the new key is sk-proj-abc123." The AI finds the right page, updates the secret block, and Claspt auto-commits the change with a diff you can review later.

Security — The Part That Matters Most

Giving AI tools access to your vault sounds dangerous. Here is why it is not:

  • Localhost only. The MCP Server binds to 127.0.0.1. It is not accessible from the network or internet. Only tools running on your machine can connect.
  • Vault lock = API lock. The moment you lock your vault, every endpoint shuts down. There is no "background access" while you are away.
  • Same encryption engine. The MCP Server uses the exact same AES-256-GCM + Argon2id pipeline as the editor. There is no weaker "API mode."
  • Bearer token auth. The token is 256 bits of cryptographic randomness. Compromising the token does not compromise vault encryption — the token only grants API access while the vault is unlocked.
  • Git-tracked. Every change made via the MCP Server is auto-committed. You can see exactly what your AI assistant modified and revert if needed.

Integrations Are Free

The MCP Server, along with the Local HTTP API, CLI tool, and Inbox folder, is included in the free tier. No Pro subscription required. We believe developer tooling should not be paywalled.

If you are already using Claude, Cursor, or Windsurf for coding, connecting them to your encrypted vault takes under a minute. Your credentials stay local, encrypted, and version-tracked — the AI just gets a secure window into them.

Try Claspt Free

Free on desktop. No account required. MCP Server included out of the box.

Download Free
Previous: Self-Hosted Password Management with Git Sync Next: Automate Your Vault — Local HTTP API and CLI