MCP Container

mcp-secrets-plugin

Secure credential management for MCP servers leveraging system-native keychain storage across macOS, Windows, and Linux platforms

GitHub

GitHub Stars

46

User Rating

Not Rated

Favorites

0

Views

50

Forks

4

Issues

0

README
Secrets Manager for MCP Server
Overview

secrets_manager.py is a Python utility that enables MCP servers to securely store and retrieve sensitive information using the system's native keychain/credential manager instead of relying on .env files. This approach significantly improves security by leveraging the operating system's built-in secure storage mechanisms.

Key Features
  • Cross-Platform Support: Works on macOS (Keychain), Windows (Credential Locker), and other platforms (using appropriate keyring backends)
  • Secure Storage: Stores sensitive data like API keys in the system's secure credential storage
  • Simple API: Provides straightforward functions for storing and retrieving secrets
  • Command-Line Interface: Includes a CLI for managing secrets directly
Core Functionality
Secret Storage

The script uses the keyring library to store secrets in the system's native credential manager:

  • On macOS: Stores secrets in the macOS Keychain
  • On Windows: Uses the Windows Credential Locker
  • On other platforms: Uses the best available keyring backend
Main Functions
  1. get_secret(service_name, secret_key): Retrieves a secret from the system keyring
  2. set_secret(service_name, secret_key, secret_value): Stores a secret in the system keyring
  3. setup_secrets(): Interactive function to collect and store initial secrets
  4. test_get_secret(): Tests the retrieval of stored secrets
  5. get_keyring_name(): Returns the name of the current keyring backend based on the platform
Command-Line Interface

The script can be run directly with the following options:

  • --store: Initiates the interactive secret storage process
  • --test: Tests retrieving stored secrets
  • --info: Displays information about the current keyring backend
Usage Example

Instead of storing API keys in .env files:

# Old approach with .env files
API_KEY = os.getenv("API_KEY")  # Insecure, stored in plaintext

# New approach with secrets_manager
from secrets_manager import get_secret
API_KEY = get_secret("MyMCPServer", "api_key")  # Secure, stored in system keychain
Benefits for MCP Servers
  1. Enhanced Security: Secrets are stored in the operating system's secure storage rather than in plaintext files
  2. Simplified Management: No need to manage .env files or worry about them being accidentally committed to version control
  3. User-Friendly: Provides an interactive interface for setting up secrets
  4. Reliable Access: Consistent API for accessing secrets across different platforms
Implementation Note

The script includes a commented example of how to access the stored secret directly from the macOS terminal:

security find-generic-password -l "MyMCPServer" -a "api_key" -g
Author Information
Amir Shaked
Amir Shaked
GitHub

3

Followers

5

Repositories

0

Gists

0

Total Contributions

Tags
セキュリティプラグインPython機密情報管理自動化開発者ツールリスク管理コード分析セキュリティチェックAPI統合mcpmcp-server
Related MCPs
binaryninja-mcp logo
binaryninja-mcp
29

Another™ MCP Server for Binary Ninja with superpower 🥵

Python
mcp-velociraptor logo
mcp-velociraptor
49

VelociraptorMCP is a Model Context Protocol bridge for exposing LLMs to MCP clients.

Python
mcp-osint-server logo
mcp-osint-server
32

mcp-osint-server is an open-source intelligence gathering tool that provides functionalities to collect and analyze information from various data sources. Implemented in Python, it allows users to easily customize the tool. It is particularly useful for security professionals as it enables efficient retrieval of information relevant to security analysis and research.

Python