This is a secrets management server that gives Claude secure access to credentials without exposing them directly. It stores sensitive data encrypted at rest and uses time-limited leases so credentials automatically expire after use. The CRP (Credential Rotation Protocol) support means it can handle rotating secrets, which is critical for production environments. You'd reach for this when your AI workflows need to authenticate against APIs or databases but you don't want to hardcode credentials in prompts or configuration files. Think of it as a vault layer between Claude and your actual secrets, similar to how you might use HashiCorp Vault in a traditional application stack.
claude mcp add --transport stdio sanctumsec-sanctum -- npx -y @sanctumai/mcp-server