Skip to main content
mcpSource-backed

Terraform MCP Server for Claude

Connect Claude to Terraform Registry, HCP Terraform, and Terraform Enterprise context through HashiCorp's MCP server.

by HashiCorp · submitted by oktofeesh1·added 2026-06-03·
Review first review before installing

Open the source and read safety notes before installing.

Citation facts

Source-backed facts for citing this resource, derived directly from the registry — also available as plain text for AI assistants.

Source URLs
https://developer.hashicorp.com/terraform/mcp-server, https://github.com/hashicorp/terraform-mcp-server
Safety notes
The default toolset is public Terraform Registry access for providers, modules, and policies. Keep that default when Claude only needs current IaC reference material for code generation or review., HCP Terraform and Terraform Enterprise tools require token-backed configuration and can expose or modify real organization, project, workspace, run, variable, stack, private registry, and policy-set state., Mutating tools can create or update workspaces, variables, variable sets, workspace tags, policy-set attachments, and runs when their toolsets are enabled and the token has permission., HashiCorp disables destructive Terraform operations by default. Setting `ENABLE_TF_OPERATIONS=true` enables additional capabilities such as applying or destroying infrastructure and deleting workspaces., Keep manual approval enabled for `create_run`, `action_run`, workspace changes, variable changes, policy-set changes, and any operation that can trigger a Terraform plan, apply, destroy, or delete., HashiCorp labels the Terraform MCP server as beta in its developer docs. Do not rely on beta behavior for production change control without your own review, testing, and approval gates., If using streamable HTTP mode, keep it local by default and configure allowed origins, TLS, and rate limits before exposing it beyond a trusted local client.
Privacy notes
Registry queries can reveal provider, module, policy, and infrastructure design interests to the connected MCP client and model session., HCP Terraform or Terraform Enterprise tools can return organization names, project names, workspace names, variable names, run history, plan output, apply logs, Sentinel mocks, stack details, private provider details, and private module metadata., Terraform plan JSON and logs may contain resource names, cloud regions, account identifiers, network topology, state-derived values, policy findings, and other infrastructure-sensitive data., Store `TFE_TOKEN` and related credentials in your MCP client's secret or environment configuration, not in prompts, chat transcripts, checked-in MCP config files, or shared examples., Centralized HTTP deployments can accept per-user Terraform tokens through headers. Use TLS and avoid query parameters so tokens are not leaked through URLs, logs, browser history, or intermediary systems.
Author
HashiCorp
Submitted by
oktofeesh1
Claim status
unclaimed
Last verified
2026-06-03

Decision playbook

Review trust signals before you adopt

Signals are present but mixed. Use the checklist below to confirm the source and operational safety for your environment.

Compare context
Selected

0

Current score

78

Baseline

Delta

No baseline selected

No major trust-signal divergence detected in the current selection.

Source and provenance checks

Complete

Confirm ownership and provenance before trusting install instructions.

  • Source link availableRequired

    Open the canonical repository and verify ownership.

    Done
  • Source provenance statusRequired

    Marked as source-backed.

    Done
  • Metadata reviewed

    Registry metadata indicates a reviewed listing.

    Done

Safety and privacy checks

Complete

Validate risk disclosures before installation or API wiring.

  • Safety notes presentRequired

    Review the listed safety guidance before running commands.

    Done
  • Privacy notes presentRequired

    Review data handling notes before connecting accounts or secrets.

    Done
  • Trust level risk gateRequired

    Trust level does not block evaluation.

    Done

Package and install checks

Needs review

Check package metadata and artifact integrity signals.

  • Install payload available

    Install or copy payload is available for review.

    Done
  • Package verification flag

    No package verification flag provided.

    Pending
  • Checksum metadata

    No checksum provided for downloaded artifact.

    Pending

Compare-driven decision checks

Needs review

Use compare context to validate trade-offs before adoption.

  • Compare tray has multiple entries

    Add at least one more entry to compare trust differences.

    Pending
  • Baseline comparison available

    No baseline peer selected yet.

    Pending
  • Diverging trust signals identified

    No major trust-signal divergence found.

    Pending

Setup at a glance

CLI install

Copy-ready — paste the snippet to get started.

10 minutes

Adoption plan

Balanced adoption plan

Current risk score 16/100. Use staged verification before broader rollout.

Risk 16

Pre-adoption checks

Validate source and review signals before any execution.

  • Confirm source provenanceRequired

    Source URL/provenance metadata is present.

    Done
  • Confirm metadata review state

    Listing has review metadata.

    Done
  • Verify install payload

    Install/config payload exists and can be inspected.

    Done

Security checks

Confirm safety, privacy, and package integrity signals.

  • Review safety notesRequired

    Safety notes are present.

    Done
  • Review privacy notesRequired

    Privacy notes are present.

    Done
  • Verify package integrity metadata

    No package verification/checksum metadata.

    Pending

Rollout

Adopt in controlled steps based on the selected plan.

  • Run in isolated sandbox firstRequired

    Use a constrained sandbox and observe behavior across multiple tasks.

    Pending
  • Roll out graduallyRequired

    Roll out to a small cohort before wider usage.

    Pending
  • Set monitoring and fallback

    Define rollback path and monitor errors after adoption.

    Pending

Evidence readiness

Evidence readiness matrix · balanced

Required evidence gates are covered (5/6 signals complete).

Risk 15

Source provenance

Present

Source repository/provenance is listed.

Required in this preset

Metadata review

Present

Review metadata is present.

Required in this preset

Safety notes

Present

Safety notes are present.

Required in this preset

Privacy notes

Present

Privacy notes are present.

Optional in this preset

Package integrity

Missing

Package integrity metadata is missing.

Optional in this preset

Install payload

Present

Install payload is available.

Required in this preset

Required evidence gates are covered for this preset.

Decision timeline

Decision timeline · balanced

5/6 steps complete with no blocking gaps for this preset.

Risk 14

triage

Confirm source provenanceRequired

Source/provenance metadata is available.

Done

triage

Check metadata review statusRequired

Review metadata is available.

Done

verify

Review safety notesRequired

Safety notes are available.

Done

verify

Review privacy notes

Privacy notes are available.

Done

verify

Validate package integrity metadata

Package integrity metadata is missing.

Pending

rollout

Verify install payload and commandsRequired

Install payload is available.

Done

No required blockers for this timeline preset.

Prerequisite readiness

Prerequisite readiness

6 prerequisites to line up before setup. Have accounts and credentials ready first.

0/6 ready
Account & credentials3Install & runtime2Network & hosting110 minutes

Safety & privacy surface

Safety & privacy surface

7 safety and 5 privacy notes across 5 risk areas. Review closely: credentials & tokens, network access, third-party handling.

5 areas
  • SafetyThird-party handlingThe default toolset is public Terraform Registry access for providers, modules, and policies. Keep that default when Claude only needs current IaC reference material for code generation or review.
  • SafetyCredentials & tokensHCP Terraform and Terraform Enterprise tools require token-backed configuration and can expose or modify real organization, project, workspace, run, variable, stack, private registry, and policy-set state.
  • SafetyCredentials & tokensMutating tools can create or update workspaces, variables, variable sets, workspace tags, policy-set attachments, and runs when their toolsets are enabled and the token has permission.
  • SafetyExecution & processesHashiCorp disables destructive Terraform operations by default. Setting `ENABLE_TF_OPERATIONS=true` enables additional capabilities such as applying or destroying infrastructure and deleting workspaces.
  • SafetyExecution & processesKeep manual approval enabled for `create_run`, `action_run`, workspace changes, variable changes, policy-set changes, and any operation that can trigger a Terraform plan, apply, destroy, or delete.
  • SafetyGeneralHashiCorp labels the Terraform MCP server as beta in its developer docs. Do not rely on beta behavior for production change control without your own review, testing, and approval gates.
  • SafetyNetwork accessIf using streamable HTTP mode, keep it local by default and configure allowed origins, TLS, and rate limits before exposing it beyond a trusted local client.
  • PrivacyCredentials & tokensRegistry queries can reveal provider, module, policy, and infrastructure design interests to the connected MCP client and model session.
  • PrivacyThird-party handlingHCP Terraform or Terraform Enterprise tools can return organization names, project names, workspace names, variable names, run history, plan output, apply logs, Sentinel mocks, stack details, private provider details, and private module metadata.
  • PrivacyNetwork accessTerraform plan JSON and logs may contain resource names, cloud regions, account identifiers, network topology, state-derived values, policy findings, and other infrastructure-sensitive data.
  • PrivacyCredentials & tokensStore `TFE_TOKEN` and related credentials in your MCP client's secret or environment configuration, not in prompts, chat transcripts, checked-in MCP config files, or shared examples.
  • PrivacyCredentials & tokensCentralized HTTP deployments can accept per-user Terraform tokens through headers. Use TLS and avoid query parameters so tokens are not leaked through URLs, logs, browser history, or intermediary systems.

Safety notes

  • The default toolset is public Terraform Registry access for providers, modules, and policies. Keep that default when Claude only needs current IaC reference material for code generation or review.
  • HCP Terraform and Terraform Enterprise tools require token-backed configuration and can expose or modify real organization, project, workspace, run, variable, stack, private registry, and policy-set state.
  • Mutating tools can create or update workspaces, variables, variable sets, workspace tags, policy-set attachments, and runs when their toolsets are enabled and the token has permission.
  • HashiCorp disables destructive Terraform operations by default. Setting `ENABLE_TF_OPERATIONS=true` enables additional capabilities such as applying or destroying infrastructure and deleting workspaces.
  • Keep manual approval enabled for `create_run`, `action_run`, workspace changes, variable changes, policy-set changes, and any operation that can trigger a Terraform plan, apply, destroy, or delete.
  • HashiCorp labels the Terraform MCP server as beta in its developer docs. Do not rely on beta behavior for production change control without your own review, testing, and approval gates.
  • If using streamable HTTP mode, keep it local by default and configure allowed origins, TLS, and rate limits before exposing it beyond a trusted local client.

Privacy notes

  • Registry queries can reveal provider, module, policy, and infrastructure design interests to the connected MCP client and model session.
  • HCP Terraform or Terraform Enterprise tools can return organization names, project names, workspace names, variable names, run history, plan output, apply logs, Sentinel mocks, stack details, private provider details, and private module metadata.
  • Terraform plan JSON and logs may contain resource names, cloud regions, account identifiers, network topology, state-derived values, policy findings, and other infrastructure-sensitive data.
  • Store `TFE_TOKEN` and related credentials in your MCP client's secret or environment configuration, not in prompts, chat transcripts, checked-in MCP config files, or shared examples.
  • Centralized HTTP deployments can accept per-user Terraform tokens through headers. Use TLS and avoid query parameters so tokens are not leaked through URLs, logs, browser history, or intermediary systems.

Prerequisites

  • Docker installed and running for the documented container-based setup, or Go installed for building/running the binary from source
  • Claude Code, Claude Desktop, VS Code, Cursor, Kiro, Gemini, Bob, or another MCP-capable client
  • Network access to Terraform Registry for the default public registry toolset
  • HCP Terraform or Terraform Enterprise account only if enabling workspace, private registry, run, variable, stack, or policy-set tools
  • Terraform API token with the minimum organization, project, workspace, registry, run, and variable permissions needed for the selected toolsets
  • Approval policy for any workflow that can create workspaces, change variables, start runs, apply runs, or delete resources

Schema details

Install type
cli
Troubleshooting
Yes
Source repository stats
Scope
Source repo
Collection metadata
Estimated setup
10 minutes
Difficulty
intermediate
Full copyable content
{
  "mcpServers": {
    "terraform": {
      "command": "docker",
      "args": ["run", "-i", "--rm", "hashicorp/terraform-mcp-server"]
    }
  }
}

About this resource

Content

The Terraform MCP Server is HashiCorp's MCP server for Terraform development workflows. It gives Claude and other MCP-capable clients current Terraform Registry context for providers, modules, and policies, and it can optionally connect to HCP Terraform or Terraform Enterprise for workspace, run, private registry, variable, stack, and policy-set workflows.

The safest default is registry-only mode. In that configuration, Claude can look up current provider versions, resource documentation, module inputs and outputs, and policy information before generating or reviewing Terraform code, without receiving a Terraform API token or managing live workspaces.

For organizations that want AI-assisted HCP Terraform or Terraform Enterprise operations, the server supports additional toolsets. Those tools should be enabled deliberately, backed by least-privilege tokens, and kept behind normal infrastructure review and approval gates.

Features

  • Official HashiCorp Terraform MCP server with source code in the hashicorp/terraform-mcp-server repository.
  • Public Terraform Registry tools for searching providers, modules, and policies.
  • Provider tools for latest versions, provider details, and provider capabilities.
  • Module tools for module search, latest module versions, and module details.
  • Policy tools for Sentinel policy search and policy details.
  • Optional private registry tools for HCP Terraform or Terraform Enterprise private providers and modules.
  • Optional HCP Terraform and Terraform Enterprise tools for organizations, projects, workspaces, runs, plan details, plan logs, apply details, apply logs, workspace variables, variable sets, workspace tags, stacks, and policy sets.
  • Stdio transport for local MCP clients.
  • Streamable HTTP transport with host, port, endpoint, CORS, TLS, session, and rate-limit configuration for controlled deployments.
  • Toolset and individual-tool filtering with --toolsets and --tools.
  • OpenTelemetry metrics for HTTP server and MCP tool calls when metrics are enabled.

Use Cases

  • Ask Claude to look up current Terraform provider resources before drafting a module or resource block.
  • Search Terraform Registry modules and inspect inputs, outputs, examples, and version constraints before selecting a module.
  • Pull provider capabilities and latest versions while modernizing existing IaC.
  • Review provider or module documentation during a code review without relying only on model training data.
  • Query private registry modules or providers when a Terraform token and private-registry toolset are intentionally enabled.
  • List HCP Terraform organizations, projects, workspaces, and runs during an approved operational review.
  • Retrieve plan details, plan logs, plan JSON, apply details, and apply logs for a Terraform run already managed through HCP Terraform or Terraform Enterprise.
  • Create a plan-only run for review when workspace/run tools are enabled and your team has an explicit approval workflow.

Installation

Claude Code

  1. Confirm Docker is installed and running:
docker version
  1. Add the Terraform MCP server in local stdio mode:
claude mcp add terraform -s user -t stdio -- docker run -i --rm hashicorp/terraform-mcp-server
  1. Start with registry-only prompts, such as searching for current provider documentation.
  2. Add HCP Terraform or Terraform Enterprise credentials only when the workflow needs organization, private registry, workspace, run, variable, or stack access.

Claude Desktop

  1. Open the Claude Desktop MCP configuration file.
  2. Add the terraform server configuration shown below.
  3. Restart Claude Desktop.
  4. Verify that Claude can search public Terraform Registry documentation before enabling any token-backed toolsets.

Configuration

Default registry-only configuration:

{
  "mcpServers": {
    "terraform": {
      "command": "docker",
      "args": ["run", "-i", "--rm", "hashicorp/terraform-mcp-server"]
    }
  }
}

To enable HCP Terraform or Terraform Enterprise tools, pass credentials and explicit toolsets. Keep the token scoped to the exact organization and actions Claude should use.

{
  "mcpServers": {
    "terraform": {
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "-e",
        "TFE_ADDRESS=https://app.terraform.io",
        "-e",
        "TFE_TOKEN=${TFE_TOKEN}",
        "hashicorp/terraform-mcp-server",
        "--toolsets=registry,registry-private,terraform"
      ]
    }
  }
}

Keep destructive Terraform operations disabled unless your team has a separate review gate. The server defaults ENABLE_TF_OPERATIONS to false; leave it that way for discovery, plan review, and workspace inspection workflows.

Tool filtering can narrow the server further:

terraform-mcp-server --tools=search_providers,get_provider_details,search_modules

Toolsets

registry

The default toolset. It covers public Terraform Registry providers, modules, and policies.

Representative tools include:

  • search_providers
  • get_provider_details
  • get_latest_provider_version
  • get_provider_capabilities
  • search_modules
  • get_module_details
  • get_latest_module_version
  • search_policies
  • get_policy_details

registry-private

Private registry tools for HCP Terraform or Terraform Enterprise. These require valid Terraform credentials and can expose private provider or module metadata.

Representative tools include:

  • search_private_modules
  • get_private_module_details
  • search_private_providers
  • get_private_provider_details

terraform

HCP Terraform and Terraform Enterprise operations. These require valid Terraform credentials and should be enabled only for approved operational workflows.

Representative tools include:

  • list_terraform_orgs
  • list_terraform_projects
  • list_workspaces
  • get_workspace_details
  • create_workspace
  • update_workspace
  • list_runs
  • get_run_details
  • get_plan_details
  • get_plan_logs
  • get_plan_json_output
  • get_apply_details
  • get_apply_logs
  • create_run
  • list_workspace_variables
  • create_workspace_variable
  • update_workspace_variable
  • list_variable_sets
  • create_variable_set
  • attach_policy_set_to_workspaces
  • get_token_permissions
  • list_stacks
  • get_stack_details

Examples

Look up provider documentation

Use the default registry toolset to ground code generation in current provider documentation.

Search the Terraform Registry for the AWS provider, get the latest version, and summarize the current documentation for S3 bucket encryption resources.

Review a module before use

Ask Claude to inspect a module before writing Terraform code that depends on it.

Find Terraform Registry modules for an AWS VPC, compare the main inputs and outputs, and tell me what version constraints I should review before adoption.

Inspect a workspace

Use token-backed Terraform tools only after enabling the terraform toolset and confirming the token permissions.

List my HCP Terraform workspaces, identify the development workspace for this service, and show the most recent plan status without applying anything.

Review a run

Use read-oriented run and plan tools to inspect an existing run before a human decides whether to apply.

Get the latest run details, plan logs, and plan JSON for the selected workspace, then summarize resource changes and possible risk areas.

Best Practices

  • Start with the default registry toolset.
  • Enable registry-private and terraform only when a task needs private registry or HCP Terraform/TFE state.
  • Use a dedicated least-privilege Terraform token for MCP access.
  • Keep ENABLE_TF_OPERATIONS=false unless apply, destroy, or workspace deletion is explicitly in scope.
  • Prefer plan-only workflows and human review before any run action.
  • Filter tools with --tools when Claude only needs a small set of registry or read-only operations.
  • Keep Terraform tokens out of prompts, transcripts, and committed MCP config.
  • Treat plan logs, plan JSON, apply logs, and workspace variables as infrastructure-sensitive data.
  • Replace or supplement the default server instructions when your organization has specific Terraform module, naming, policy, cost, or compliance practices.

Troubleshooting

Docker cannot start the server

Confirm Docker is running and the client can pull the hashicorp/terraform-mcp-server image. If Docker is not allowed in the environment, install the binary from source with Go and point the MCP client at the local binary.

Terraform tools are missing

The default server configuration only enables public registry tools. Add the appropriate --toolsets value or narrow --tools list for the workflow.

HCP Terraform or TFE tools return credential errors

Confirm TFE_ADDRESS and TFE_TOKEN are available to the MCP server process. Check that the token is valid for the organization, projects, workspaces, private registry entries, and actions Claude is trying to use.

Claude tries to apply or destroy infrastructure

Keep ENABLE_TF_OPERATIONS=false and require explicit human approval for run actions. If destructive operations are intentionally enabled, use a separate least-privilege token and normal change-management controls.

HTTP transport is reachable by the wrong client

Prefer stdio for local use. If streamable HTTP is required, bind to a trusted interface, configure allowed origins, use TLS for non-local deployments, and set appropriate rate limits.

Related Links

Source citations

Add this badge to your README

Show that Terraform MCP Server for Claude is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.

Listed on HeyClaude
[![Listed on HeyClaude](https://heyclau.de/badge/mcp/terraform-mcp-server.svg)](https://heyclau.de/entry/mcp/terraform-mcp-server)

How it compares

Terraform MCP Server for Claude side by side with 2 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.

1 trust signal differ across this comparison (Submitter).

Field

Connect Claude to Terraform Registry, HCP Terraform, and Terraform Enterprise context through HashiCorp's MCP server.

Open dossier

Connect Claude to HashiCorp Vault — manage secrets engines, read and write KV secrets, and operate the PKI engine — with HashiCorp's official Model Context Protocol server.

Open dossier

Manage Fly.io applications, machines, volumes, secrets, certificates, and organizations from Claude — with the official Fly.io MCP server built into the flyctl CLI.

Open dossier
Next steps
Trust
Review statusReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewed
Package trustPackage not verifiedPackage not verifiedPackage not verified
Source provenanceSource-backedSource-backedSource-backed
SubmitterDiffersoktofeesh1
Install riskReview firstReview firstReview first
Notes Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓
Brand
Categorymcpmcpmcp
SourceSource-backedSource-backedSource-backed
AuthorHashiCorpHashiCorpFly.io
Added2026-06-032026-06-172026-06-18
Platforms
Harness
Source repo
Safety notesThe default toolset is public Terraform Registry access for providers, modules, and policies. Keep that default when Claude only needs current IaC reference material for code generation or review. HCP Terraform and Terraform Enterprise tools require token-backed configuration and can expose or modify real organization, project, workspace, run, variable, stack, private registry, and policy-set state. Mutating tools can create or update workspaces, variables, variable sets, workspace tags, policy-set attachments, and runs when their toolsets are enabled and the token has permission. HashiCorp disables destructive Terraform operations by default. Setting `ENABLE_TF_OPERATIONS=true` enables additional capabilities such as applying or destroying infrastructure and deleting workspaces. Keep manual approval enabled for `create_run`, `action_run`, workspace changes, variable changes, policy-set changes, and any operation that can trigger a Terraform plan, apply, destroy, or delete. HashiCorp labels the Terraform MCP server as beta in its developer docs. Do not rely on beta behavior for production change control without your own review, testing, and approval gates. If using streamable HTTP mode, keep it local by default and configure allowed origins, TLS, and rate limits before exposing it beyond a trusted local client.Tools create and delete secrets engines and write/delete secrets and PKI material — scope the Vault token policy to least privilege. Mount and PKI operations change live Vault configuration; review before running them through Claude.The Fly.io MCP server runs locally with full access to your authenticated Fly.io account — it can create, delete, and modify apps, machines, and secrets. Fly.io warns that running the server remotely can give others access to run commands on your behalf; keep it bound to localhost unless you intend remote access. Destructive operations (machine deletion, secret updates) are available — review Claude's proposed commands before executing in production environments.
Privacy notesRegistry queries can reveal provider, module, policy, and infrastructure design interests to the connected MCP client and model session. HCP Terraform or Terraform Enterprise tools can return organization names, project names, workspace names, variable names, run history, plan output, apply logs, Sentinel mocks, stack details, private provider details, and private module metadata. Terraform plan JSON and logs may contain resource names, cloud regions, account identifiers, network topology, state-derived values, policy findings, and other infrastructure-sensitive data. Store `TFE_TOKEN` and related credentials in your MCP client's secret or environment configuration, not in prompts, chat transcripts, checked-in MCP config files, or shared examples. Centralized HTTP deployments can accept per-user Terraform tokens through headers. Use TLS and avoid query parameters so tokens are not leaked through URLs, logs, browser history, or intermediary systems.Secret values read through the server enter the MCP client context and the model's prompt — only read what is necessary. VAULT_ADDR and VAULT_TOKEN are secrets — keep them in the client config or environment, never in shared repositories.App names, machine IDs, secret names (not values unless explicitly requested), and log content may be surfaced into Claude's context. Fly.io API tokens (`FLY_ACCESS_TOKEN`) grant full account access — store them in your environment, not in repositories.
Prerequisites
  • Docker installed and running for the documented container-based setup, or Go installed for building/running the binary from source
  • Claude Code, Claude Desktop, VS Code, Cursor, Kiro, Gemini, Bob, or another MCP-capable client
  • Network access to Terraform Registry for the default public registry toolset
  • HCP Terraform or Terraform Enterprise account only if enabling workspace, private registry, run, variable, stack, or policy-set tools
  • A reachable HashiCorp Vault server address (VAULT_ADDR).
  • A Vault token (VAULT_TOKEN) whose policy grants only the paths Claude should access.
  • Docker (the server is distributed as the hashicorp/vault-mcp-server image), or build the binary.
  • An MCP client such as Claude Code or Claude Desktop.
  • flyctl installed — see fly.io/docs/flyctl/install/ (Homebrew: `brew install flyctl`)
  • Logged in to Fly.io: `fly auth login`
  • Or set `FLY_ACCESS_TOKEN` environment variable for headless/CI use.
  • An MCP client such as Claude Code or Claude Desktop.
Install
claude mcp add terraform -s user -t stdio -- docker run -i --rm hashicorp/terraform-mcp-server
claude mcp add vault -e VAULT_ADDR=<your-vault-addr> -e VAULT_TOKEN=<your-token> -- docker run -i --rm -e VAULT_ADDR -e VAULT_TOKEN hashicorp/vault-mcp-server
fly mcp server --claude
Config
{
  "mcpServers": {
    "terraform": {
      "command": "docker",
      "args": ["run", "-i", "--rm", "hashicorp/terraform-mcp-server"]
    }
  }
}
{
  "mcpServers": {
    "vault-mcp-server": {
      "command": "docker",
      "args": [
        "run", "-i", "--rm",
        "-e", "VAULT_ADDR", "-e", "VAULT_TOKEN", "-e", "VAULT_NAMESPACE",
        "hashicorp/vault-mcp-server"
      ],
      "env": {
        "VAULT_ADDR": "<your-vault-addr>",
        "VAULT_TOKEN": "<your-token>"
      }
    }
  }
}
{
  "mcpServers": {
    "fly": {
      "command": "fly",
      "args": ["mcp", "server"]
    }
  }
}
Citations
ClaimUnclaimedUnclaimedUnclaimed
Open 3 picks in the interactive comparison tool

Related guides

Signals

Loading live community signals…

More like this, weekly

A short, calm digest of reviewed Claude resources. Unsubscribe any time.