Secret MCP
Enables AI assistants to write .env files with secrets stored locally, allowing search by name/description while keeping actual secret values private and never exposed to the AI.
README
Secret MCP
A desktop app for managing secrets with an MCP server that lets AI coding assistants write .env files without ever seeing the secret values.
Why?
Generating .env file is a pain, especially because there is no vibing out of it. But its an even stronger pain to leak secrets to AI coding assistants run on the cloud.
Features
- Desktop App: Simple window for managing secrets (name, description, value)
- MCP Server: Two tools for AI assistants:
search_secrets: Find secrets by name/description (never exposes values)write_env: Write secrets to.envfiles (values go straight to file, never to AI)
- Local Storage: All secrets stored locally in SQLite
- npm Package: Just
npx secret-mcp- no build required
Installation
Desktop App
Download from Releases or build from source:
npm install
npm run tauri build
MCP Server Setup
Add to your MCP client config:
"secret-mcp": {
"command": "npx",
"args": ["secret-mcp"]
}
Usage
- Open Secret MCP app
- Add your secrets (API keys, tokens, etc.)
- When coding with AI, it will automatically use
search_secretsandwrite_envto set up your.envfiles (Note: the name of the secret is the variable name in the.envfile)
MCP Tools
search_secrets
Search for secrets by name or description. Returns names and descriptions only - values are never exposed.
// Input
{ query: "openai" }
// Output
[
{ name: "OPENAI_API_KEY", description: "OpenAI API key" }
]
write_env
Write secrets to a .env file. Values go directly from your local database to the file - never passed through the AI.
// Input
{
keys: ["OPENAI_API_KEY", "DATABASE_URL"],
path: "/Users/you/project/.env"
}
// Output
"Successfully wrote 2 secret(s) to /Users/you/project/.env"
Data Storage
Secrets are stored locally:
- macOS:
~/Library/Application Support/secret-mcp/secrets.db - Linux:
~/.local/share/secret-mcp/secrets.db - Windows:
%APPDATA%/secret-mcp/secrets.db
Security
- Secret values never leave your machine (except to
.envfiles you specify) - MCP server only returns secret names and descriptions to the AI
.envfiles written with600permissions (owner read/write only)
Tech Stack
- Desktop: Tauri 2.0 + Svelte 5 + TypeScript
- MCP Server: Node.js + @modelcontextprotocol/sdk + better-sqlite3
License
MIT
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.