Is Mcp Secrets Plugin safe to use?

Mcp Secrets Plugin has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.

How do I install Mcp Secrets Plugin?

Mcp Secrets Plugin can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with Mcp Secrets Plugin?

Mcp Secrets Plugin is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.

Is Mcp Secrets Plugin actively maintained?

Mcp Secrets Plugin is not actively maintained — last commit was 396 days ago. It has 58 GitHub stars.

Mcp Secrets Plugin

Name: Mcp Secrets Plugin
Author: amirshk

by amirshk

Secure credential management for MCP servers leveraging system-native keychain storage across macOS, Windows, and Linux platforms

58 0 tools GitHub

No known CVEs

MIT license

Stale

Last commit 396d ago

Works with most clients

Transport: stdio

0 tools

Grade F

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "mcp-secrets-plugin": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/mcp-secrets-plugin)](https://mcppedia.org/s/mcp-secrets-plugin)

Read me

What Mcp Secrets Plugin does

secrets_manager.py is a Python utility that enables MCP servers to securely store and retrieve sensitive information using the system's native keychain/credential manager instead of relying on .env files. This approach significantly improves security by leveraging the operating system's built-in secure storage mechanisms.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

27/100across 5 weighted dimensions

How we score →

0255075100

−73

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Mcp Secrets Plugin safe to use?: Mcp Secrets Plugin has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Mcp Secrets Plugin?: Mcp Secrets Plugin can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with Mcp Secrets Plugin?: Mcp Secrets Plugin is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is Mcp Secrets Plugin actively maintained?: Mcp Secrets Plugin is not actively maintained — last commit was 396 days ago. It has 58 GitHub stars.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

9.0k 3

Mcpki Server92

mcpki-server is the backend infrastructure for https://www.mcpki.org, enabling secure public key management and autonomous certificate handling for large language models (LLMs).

MCP Security Weekly

Get CVE alerts and security updates for Mcp Secrets Plugin and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "mcp-secrets-plugin": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/mcp-secrets-plugin)](https://mcppedia.org/s/mcp-secrets-plugin)

Read me

What Mcp Secrets Plugin does

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

Secrets Manager for MCP Server

Overview

secrets_manager.py is a Python utility that enables MCP servers to securely store and retrieve sensitive information using the system's native keychain/credential manager instead of relying on .env files. This approach significantly improves security by leveraging the operating system's built-in secure storage mechanisms.

Key Features

Cross-Platform Support: Works on macOS (Keychain), Windows (Credential Locker), and other platforms (using appropriate keyring backends)
Secure Storage: Stores sensitive data like API keys in the system's secure credential storage
Simple API: Provides straightforward functions for storing and retrieving secrets
Command-Line Interface: Includes a CLI for managing secrets directly

Core Functionality

Secret Storage

The script uses the keyring library to store secrets in the system's native credential manager:

On macOS: Stores secrets in the macOS Keychain
On Windows: Uses the Windows Credential Locker
On other platforms: Uses the best available keyring backend

Main Functions

get_secret(service_name, secret_key): Retrieves a secret from the system keyring
set_secret(service_name, secret_key, secret_value): Stores a secret in the system keyring
setup_secrets(): Interactive function to collect and store initial secrets
test_get_secret(): Tests the retrieval of stored secrets
get_keyring_name(): Returns the name of the current keyring backend based on the platform

Command-Line Interface

The script can be run directly with the following options:

--store: Initiates the interactive secret storage process
--test: Tests retrieving stored secrets
--info: Displays information about the current keyring backend

Usage Example

Instead of storing API keys in .env files:

# Old approach with .env files
API_KEY = os.getenv("API_KEY")  # Insecure, stored in plaintext

# New approach with secrets_manager
from secrets_manager import get_secret
API_KEY = get_secret("MyMCPServer", "api_key")  # Secure, stored in system keychain

Benefits for MCP Servers

Enhanced Security: Secrets are stored in the operating system's secure storage rather than in plaintext files
Simplified Management: No need to manage .env files or worry about them being accidentally committed to version control
User-Friendly: Provides an interactive interface for setting up secrets
Reliable Access: Consistent API for accessing secrets across different platforms

Implementation Note

The script includes a commented example of how to access the stored secret directly from the macOS terminal:

security find-generic-password -l "MyMCPServer" -a "api_key" -g

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

27/100across 5 weighted dimensions

How we score →

0255075100

−73

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Mcp Secrets Plugin safe to use?: Mcp Secrets Plugin has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Mcp Secrets Plugin?: Mcp Secrets Plugin can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with Mcp Secrets Plugin?: Mcp Secrets Plugin is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is Mcp Secrets Plugin actively maintained?: Mcp Secrets Plugin is not actively maintained — last commit was 396 days ago. It has 58 GitHub stars.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

9.0k 3

Mcpki Server92

mcpki-server is the backend infrastructure for https://www.mcpki.org, enabling secure public key management and autonomous certificate handling for large language models (LLMs).

MCP Security Weekly

Get CVE alerts and security updates for Mcp Secrets Plugin and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?