MCP Secrets
A secure secrets management MCP server for AI assistants. Enables LLM-powered CLI tools to safely handle credentials with user approval, automatic redaction, and secret capture from command output.
Features
- Secret Injection - Use
{{SECRET_NAME}}placeholders in commands to inject secrets - Session-Based Permissions - User approves secret access per-session with time-based expiry
- Output Redaction - Automatically redacts known secrets and common patterns from output
- Secret Capture - Extract secrets from command output (e.g., AWS session tokens) and store for future use
- LLM-Friendly Metadata - Descriptions help future LLMs discover and use the right secrets
- macOS Menu Bar App - Native notifications and dialogs for secret requests
- Encrypted Vault - Secrets stored with Fernet encryption, key in system keychain
Installation
pip install mcp-secrets
Or install from source:
git clone https://github.com/henghonglee/mcp-secrets.git
cd mcp-secrets
pip install -e .
Quick Start
# Initialize the vault
mcp-secrets init
# Add a secret with description (helps LLMs understand what it's for)
mcp-secrets add AWS_ACCESS_KEY
# Start the MCP server
mcp-secrets serve
# Or run the menu bar app (macOS)
mcp-secrets-menubar
MCP Configuration
Add to your MCP client configuration:
{
"mcpServers": {
"secrets": {
"command": "mcp-secrets",
"args": ["serve"]
}
}
}
MCP Tools
run_command
Execute a CLI command with secret injection and output redaction.
{
"command": "aws s3 ls --profile {{AWS_PROFILE}}",
"timeout": 60,
"capture": [
{
"path": "$.Credentials.SecretAccessKey",
"name": "AWS_SESSION_SECRET",
"description": "Temporary AWS secret key from STS. Use with AWS_SESSION_KEY_ID and AWS_SESSION_TOKEN.",
"expires_at": "2024-01-24T12:00:00Z"
}
]
}
Parameters:
command- Command with{{SECRET_NAME}}placeholderstimeout- Timeout in seconds (default: 60)capture- Extract secrets from JSON output:path- JSONPath expression (e.g.,$.Credentials.SecretAccessKey)name- Name for the captured secretdescription- LLM-friendly descriptionexpires_at- ISO 8601 expiration timestamp
redact_patterns- Additional regex patterns to redactskip_builtin_patterns- Skip built-in redaction patterns
list_secrets
List available secrets with their descriptions.
{
"tag": "aws"
}
Returns:
{
"secrets": [
{
"name": "AWS_ACCESS_KEY",
"description": "AWS access key for production account",
"expires_at": null
}
]
}
request_secret
Request the user to add a missing secret via the menu bar app.
{
"name": "GITHUB_TOKEN",
"description": "Personal access token for GitHub API. Needs repo and workflow scopes."
}
The menu bar app will show a native macOS dialog prompting the user to enter the secret value.
get_permissions
Get current session permission status for secrets.
How It Works
- Client LLM calls
list_secretsto discover available secrets - LLM constructs command with
{{SECRET_NAME}}placeholders - User approves secret access when prompted (cached for session)
- Server injects secrets and executes command
- Output is redacted before returning to LLM
- Captured secrets are stored with LLM-provided descriptions for future use
Menu Bar App (macOS)
The menu bar app provides:
- Server status indicator (🔐 running / 🔓 stopped)
- List of stored secrets with expiry times
- Native dialogs for secret requests
- Notifications when secrets are captured or expiring
Start with:
mcp-secrets-menubar
Security Model
- Encrypted storage - Vault encrypted with Fernet, key stored in system keychain
- Permission prompts - User must approve each secret's use
- Session expiry - Permissions auto-expire (default: 1 hour)
- Output redaction - Secrets automatically removed from command output
- Audit logging - All secret access logged to
~/.mcp-secrets/audit.log
Configuration
Configuration stored at ~/.mcp-secrets/config.json:
{
"session_timeout": 3600
}
Set values with:
mcp-secrets config set session_timeout 7200
Development
# Install dev dependencies
pip install -e ".[dev]"
# Run tests
pytest
# Run with coverage
pytest --cov=mcp_secrets
License
MIT