MCP Tool Reference Low Risk

keyvault

List and create keys, secrets, certificates in Azure Key Vault

Part of the Azure MCP server. Enforce policies on this tool with Intercept, the open-source MCP proxy.

Azure/azure-mcp Other

WHEN AI AGENTS USE THIS TOOL

AI agents call keyvault to perform operations in Azure. While the risk category is not fully classified, applying a rate limit gives you visibility into how often the tool is called and prevents unexpected bursts of activity from autonomous agents.

WHY ENFORCE A POLICY ON KEYVAULT

Applying a policy to keyvault gives you an audit trail of every call an AI agent makes. Even for low-risk tools, visibility into agent behaviour helps you debug issues, optimise workflows, and maintain compliance with your organisation's security requirements.

RECOMMENDED POLICY

Apply a rate limit to control usage and monitor for unexpected behaviour.

azure.yaml 
tools:
  keyvault:
    rules:
      - action: allow
        rate_limit:
          max: 60
          window: 60

See the full Azure policy for all 49 tools.

DETAILS

Tool Name

keyvault

Category

Other

MCP Server

Azure MCP Server

Risk Level

Low

MORE AZURE TOOLS

acr Other
List Azure Container Registry instances
advisor Other
Get recommendations to optimise Azure resources
aks Other
List Azure Kubernetes Service clusters
appconfig Other
Manage centralized application settings and feature flags
applens Other
Diagnose and analyze application performance issues
applicationinsights Other
List Application Insights resources
appservice Other
Manage Azure App Service instances
azuremigrate Other
Get step-by-step guidance for Platform Landing Zone changes

View all 49 tools →

SIMILAR OTHER TOOLS ON OTHER SERVERS

analytics Algolia
Access Algolia analytics data
monitoring Algolia
Monitor Algolia service status
recommend Algolia
Access Algolia recommendation features
abtesting Algolia
Manage A/B tests
collections Algolia
Manage query suggestions collections
usage Algolia
Access Algolia usage data

RELATED READING

FREQUENTLY ASKED QUESTIONS

What does the keyvault tool do?

List and create keys, secrets, certificates in Azure Key Vault. It is categorised as a Other tool in the Azure MCP Server, which means it performs auxiliary operations.

How do I enforce a policy on keyvault?

Add a rule in your Intercept YAML policy under the tools section for keyvault. You can allow, deny, rate-limit, or validate arguments. Then run Intercept as a proxy in front of the Azure MCP server.

What risk level is keyvault?

keyvault is a Other tool with low risk. Read-only tools are generally safe to allow by default.

Can I rate-limit keyvault?

Yes. Add a rate_limit block to the keyvault rule in your Intercept policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block keyvault completely?

Set action: deny in the Intercept policy for keyvault. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides keyvault?

keyvault is provided by the Azure MCP server (Azure/azure-mcp). Intercept sits as a proxy in front of this server to enforce policies before tool calls reach the server.

ENFORCE POLICIES ON AZURE

Open source. One binary. Zero dependencies.

VIEW ON GITHUB Full Azure policy →