cisco-secure-access-mcp
A community MCP server for Cisco Secure Access that exposes the Secure Access REST API to AI clients as a curated catalog of tools for Admin, Deployments, Investigate, Policies, and Reports.
README
cisco-secure-access-mcp
A community Model Context Protocol (MCP) server for Cisco Secure Access.
It exposes the Secure Access REST API to MCP-compatible AI clients (Cursor, Claude Desktop, VS Code GitHub Copilot, etc.) as a curated catalog of tools grouped by Cisco's own resource categories: Admin, Deployments, Investigate, Policies, and Reports.
Status: v1 in development. See
install.mdfor the build journal and per-phase progress.
Why a community DevNet server
This repo is structured to be hosted as a Cisco DevNet community MCP server, following
the CiscoDevNet/devnet-template
layout. The standard template files (AGENTS.md, CODE_OF_CONDUCT.md, CONTRIBUTING.md,
LICENSE, README.md, SECURITY.md) are present and conform to that template.
In addition, install.md is a working journal that captures every step
taken to build the server, troubleshooting notes, and any tools we add as enhancements.
It is intentionally kept in-tree so future contributors can see the reasoning trail.
Quick start
# 1. Clone and install (using uv)
git clone https://github.com/sdntechforum/Secure_Access.git
cd Secure_Access
uv sync
# 2. Provide your Cisco Secure Access API credentials via environment variables
# (Admin > API Keys in the Secure Access dashboard)
export SECURE_ACCESS_API_KEY=...
export SECURE_ACCESS_API_SECRET=...
# 3. Run the server (stdio transport, default)
uv run cisco-secure-access-mcp
For client configuration (Cursor / Claude Desktop / VS Code), Docker usage, the full
list of tools, and the list of supported environment variables, see
AGENTS.md.
Authentication at a glance
- OAuth 2.0 Client Credentials Flow against
POST https://api.sse.cisco.com/auth/v2/token. - Bearer token cached in memory and refreshed shortly before its 1-hour expiry.
- Credentials read from environment variables only — never from CLI flags or committed files.
- Multi-org / MSSP supported via
SECURE_ACCESS_ORG_ID(sent asX-Umbrella-OrgId). - A separate, optional Key Admin credential pair gates the small set of tools that manage other API keys.
See Cisco Secure Access — API Authentication for how to mint API keys.
Repo layout
.
├── AGENTS.md # Install + tool catalog + env vars (read this first if you're an AI agent)
├── CODE_OF_CONDUCT.md # Cisco DevNet template (unchanged)
├── CONTRIBUTING.md # Cisco DevNet template (project name filled in)
├── LICENSE # Apache-2.0 (Cisco DevNet template)
├── README.md # this file
├── SECURITY.md # Cisco DevNet template (project name filled in)
├── install.md # Build journal — phases, troubleshooting, enhancements
├── pyproject.toml # Package metadata + entry point
├── Dockerfile # Optional secondary distribution
├── .env.example # Documented env vars; NEVER real secrets
├── src/cisco_secure_access_mcp/
│ ├── server.py # FastMCP entrypoint (stdio default)
│ ├── auth.py # OAuth2 client-credentials + token cache
│ ├── client.py # httpx-based REST client (TLS-only, retry-aware)
│ ├── config.py # Env-var loading + validation
│ ├── errors.py # SDK / HTTP errors → MCP errors
│ ├── logging.py # Structured JSON logs with secret redaction
│ ├── registry.py # Discovers and registers tools from each category
│ └── tools/
│ ├── admin/ # admin_* — Admin Resources
│ ├── deployments/ # deploy_* — Deployments Resources
│ ├── investigate/ # investigate_* — Investigate Resources (v1.1)
│ ├── policies/ # policy_* — Policies Resources
│ └── reports/ # report_* — Reports Resources (v1.1)
└── tests/
├── unit/ # Offline; mock HTTP and clock
└── integration/ # Opt-in; requires real DevNet sandbox credentials
Security
This repo follows the security rules in .cursor (parameterization, no hardcoded
credentials, structured logging with redaction, TLS 1.2+ enforcement, distroless-style
container hardening, etc.). To report a vulnerability, see SECURITY.md.
License
Apache License 2.0 — see LICENSE.
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.