symvaultlisted

# Symaira Vault Symaira Vault is the credential store. Use native MCP tools when they are available. Do not use terminal commands for credential reads or writes unless the user explicitly asks for CLI debugging. ## Preferred Tools Canonical Symaira Vault MCP tool names: - `list_entries` - `find_entries` - `get_entry` - `get_entry_metadata` — Get entry metadata (created, updated, version) without sensitive data - `set_entry_field` - `generate_password` - `generate_totp` - `delete_entry` - `symaira_delete` (deprecated alias for `delete_entry`) - `execute_with_secret` — Run a shell command with a vault secret injected as an environment variable. The secret value never appears in the command string, argv, or chat transcript. - `execute_api_request` — Make an authenticated HTTP request using a stored secret (API key, PAT, bearer token). The secret is attached by the server and never revealed to the agent. Some MCP clients prepend a namespace (for example `mcp_symaira_list_entries`). If canonical names are unavailable, inspect the client's MCP tool list and map to these equivalents. ### Safe API Request Example To call the GitHub API with a stored PAT, use `execute_api_request`: ```json { "template": "github", "endpoint": "/repos/owner/repo/issues", "method": "GET" } ``` Do NOT call `get_entry_value` followed by curl — this exposes the token in the chat transcript. ### Anti-pattern: Manual secret exposure Never pass a secret as an argv argument or echo it i