MCP Secrets
A secure secrets management server that enables LLMs to execute CLI commands using injected credentials while protecting sensitive data through output redaction and user-approved session permissions. It features an encrypted vault, secret capture from command outputs, and a macOS menu bar app for native notifications and dialogs.
README
MCP Secrets
A secure secrets management plugin for Claude Code and MCP clients. Enables AI assistants to safely handle credentials with user approval, automatic redaction, and secret capture from command output.
Features
- Secret Injection - Use
{{SECRET_NAME}}placeholders in commands to inject secrets - Session-Based Permissions - User approves secret access per-session with time-based expiry
- Output Redaction - Automatically redacts known secrets and common patterns from output
- Secret Capture - Extract secrets from command output (e.g., AWS session tokens) and store for future use
- LLM-Friendly Metadata - Descriptions help future LLMs discover and use the right secrets
- macOS Menu Bar App - Native notifications and dialogs for secret requests
- Encrypted Vault - Secrets stored with Fernet encryption
Installation
One-Line Install (Recommended)
curl -sSL https://raw.githubusercontent.com/henghonglee/mcp-secrets/main/install.sh | bash
This automatically:
- Installs the package via pipx
- Creates the encrypted vault
- Installs the Claude Code plugin
- Starts the menu bar app
- Enables auto-start on login
Manual Installation
pipx install git+https://github.com/henghonglee/mcp-secrets.git
mcp-secrets init
From Source
git clone https://github.com/henghonglee/mcp-secrets.git
cd mcp-secrets
pip install -e .
mcp-secrets init
Quick Start
# Initialize vault + start menubar + enable auto-start on login
mcp-secrets init
# Add a secret with description (helps LLMs understand what it's for)
mcp-secrets add AWS_ACCESS_KEY
# Check status
mcp-secrets status
The init command automatically:
- Creates the encrypted vault
- Installs the Claude Code plugin (via marketplace)
- Starts the menu bar app
- Enables auto-start on login (macOS)
Plugin-Only Install (if mcp-secrets is already installed)
claude plugin marketplace add henghonglee/mcp-secrets
claude plugin install mcp-secrets@henghonglee-mcp-secrets
Claude Code Commands
When installed as a plugin:
| Command | Description |
|---|---|
/mcp-secrets:list |
List all available secrets |
/mcp-secrets:add [NAME] |
Add a new secret |
/mcp-secrets:run <command> |
Run a command with secret injection |
MCP Configuration (Non-Plugin)
For Claude Desktop or other MCP clients, add to your configuration:
{
"mcpServers": {
"secrets": {
"command": "mcp-secrets",
"args": ["serve"]
}
}
}
MCP Tools
run_command
Execute a CLI command with secret injection and output redaction.
{
"command": "aws s3 ls --profile {{AWS_PROFILE}}",
"timeout": 60,
"capture": [
{
"path": "$.Credentials.SecretAccessKey",
"name": "AWS_SESSION_SECRET",
"description": "Temporary AWS secret key from STS. Use with AWS_SESSION_KEY_ID and AWS_SESSION_TOKEN.",
"expires_at": "2024-01-24T12:00:00Z"
}
]
}
Parameters:
command- Command with{{SECRET_NAME}}placeholderstimeout- Timeout in seconds (default: 60)capture- Extract secrets from JSON output:path- JSONPath expression (e.g.,$.Credentials.SecretAccessKey)name- Name for the captured secretdescription- LLM-friendly descriptionexpires_at- ISO 8601 expiration timestamp
redact_patterns- Additional regex patterns to redactskip_builtin_patterns- Skip built-in redaction patterns
list_secrets
List available secrets with their descriptions.
{
"tag": "aws"
}
Returns:
{
"secrets": [
{
"name": "AWS_ACCESS_KEY",
"description": "AWS access key for production account",
"expires_at": null
}
]
}
request_secret
Request the user to add a missing secret via the menu bar app.
{
"name": "GITHUB_TOKEN",
"description": "Personal access token for GitHub API. Needs repo and workflow scopes."
}
The menu bar app will show a native macOS dialog prompting the user to enter the secret value.
get_permissions
Get current session permission status for secrets.
How It Works
- Client LLM calls
list_secretsto discover available secrets - LLM constructs command with
{{SECRET_NAME}}placeholders - User approves secret access when prompted (cached for session)
- Server injects secrets and executes command
- Output is redacted before returning to LLM
- Captured secrets are stored with LLM-provided descriptions for future use
Menu Bar App (macOS)
The menu bar app provides:
- Server status indicator (š running / š stopped)
- List of stored secrets with expiry times
- Native dialogs for secret requests
- Notifications when secrets are captured or expiring
Start with:
mcp-secrets-menubar
Security Model
- Encrypted storage - Vault encrypted with Fernet (AES-128-CBC)
- Permission prompts - User must approve each secret's use
- Session expiry - Permissions auto-expire (default: 1 hour)
- Output redaction - Secrets automatically removed from command output
- Audit logging - All secret access logged to
~/.mcp-secrets/audit.log
Uninstalling
One-Line Uninstall
curl -sSL https://raw.githubusercontent.com/henghonglee/mcp-secrets/main/uninstall.sh | bash
Manual Uninstall
mcp-secrets uninstall # Stops menubar, removes plugin, keeps secrets
pipx uninstall mcp-secrets
Delete Everything (including secrets)
mcp-secrets uninstall --delete-vault
pipx uninstall mcp-secrets
Your secrets are preserved by default in ~/.mcp-secrets/ so you can reinstall later without losing them.
Plugin Structure
mcp-secrets/
āāā .claude-plugin/
ā āāā plugin.json # Plugin manifest
ā āāā marketplace.json # Marketplace manifest (for plugin distribution)
āāā .mcp.json # MCP server configuration
āāā skills/
ā āāā secrets/
ā āāā SKILL.md # Teaches Claude when/how to use secrets
āāā commands/
ā āāā list.md # /mcp-secrets:list command
ā āāā add.md # /mcp-secrets:add command
ā āāā run.md # /mcp-secrets:run command
āāā src/
āāā mcp_secrets/ # Python package
Configuration
Configuration stored at ~/.mcp-secrets/config.json:
{
"session_timeout": 3600
}
Set values with:
mcp-secrets config set session_timeout 7200
Development
# Install dev dependencies
pip install -e ".[dev]"
# Run tests
pytest
# Run with coverage
pytest --cov=mcp_secrets
# Test plugin locally
claude --plugin-dir ./
License
MIT
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.