MCP Hub
Back to servers

credential-free

An MCP server that scans code and text for 69 different types of exposed secrets, including API keys, tokens, and credentials for cloud, AI, and payment platforms.

glama
AI & MLAPIs & ServicesData & AnalyticsDatabasesDevelopment Tools
Tools
4
Updated
Dec 1, 2025
View Source
Claim this server

credential-free

MCP server that scans code for exposed secrets. Detects API keys, tokens, and credentials in 69 patterns across cloud, AI, payment, and auth services.

Quick Setup ( 2 minutes )

Install System-wide

⚠️ Requires Python 3.10+

# Clone and install
git clone <repo-url>
cd credential-free
pip install -e .

# Run server
python -m src.server

Alternative: Requirements File

pip install -r requirements.txt
python -m src.server

Add to Your IDE

Windsurf / Kiro

Edit mcp_config.json:

{
  "mcpServers": {
    "credential-free": {
      "command": "/usr/bin/python3",
      "args": ["-m", "src.server"],
      "env": {}
    }
  }
}

Find your Python path:

# Mac/Linux
which python3

# Windows
where python

Claude Desktop

Edit claude_desktop_config.json:

{
  "mcpServers": {
    "credential-free": {
      "command": "/usr/bin/python3",
      "args": ["-m", "src.server"],
      "env": {}
    }
  }
}

Test It

MCP Server Test

# Test the server
python -c "from src.server import get_patterns; print('Server works!')"

CLI Test

# Test CLI info
python -m src info

# Test CLI scan
python -m src scan file README.md

# Test CLI with exclude patterns
python -m src scan directory . --exclude-patterns '.*\.txt$'

Usage Examples

MCP Server (AI Assistant)

Ask your AI:

  • "scan this file for secrets"
  • "check my project for exposed api keys"
  • "what patterns do you detect?"
  • "find any hardcoded credentials"
  • "scan my project but exclude .txt files"

CLI (Standalone)

# Scan single file
python -m src scan file config.py

# Scan directory with exclusions
python -m src scan directory . --exclude-patterns '.*\.txt$' '.*\.md$'

# Scan text content
python -m src scan content "AKIAIOSFODNN7EXAMPLE"

# Show scanner info
python -m src info

tools

MCP ToolCLI Commanddescription
scan_filepython -m src scan filescan a file for secrets
scan_directorypython -m src scan directoryscan a folder recursively (supports exclude_patterns)
scan_contentpython -m src scan contentscan text directly
get_patternspython -m src infolist detection patterns

what it detects

69 patterns across:

  • cloud: aws, gcp, azure, vercel, heroku
  • ai: openai, anthropic, huggingface, groq
  • payment: stripe, square
  • auth: github, gitlab, slack, discord
  • database: postgresql, mongodb, redis

example output

{
  "success": true,
  "count": 2,
  "findings": [
    {
      "type": "AWS Access Key",
      "value": "AKIA****MPLE",
      "severity": "CRITICAL",
      "category": "cloud"
    }
  ]
}

docker

docker build -t credential-free .
docker run credential-free

built for aws global vibe hackathon 2025

Reviews

No reviews yet

Sign in to write a review