MCP Servers

模型上下文协议服务器、框架、SDK 和模板的综合目录。

S
Secret MCP
作者 @AKarenin
GitHub 仓库(1 星标)

Allow AI to generate env files without leaking secrets.

创建于 12/24/2025
更新于 1 day ago
README
View Source
Repository documentation and setup instructions

Secret MCP

A desktop app for managing secrets with an MCP server that lets AI coding assistants write .env files without ever seeing the secret values.

Why?

Generating .env file is a pain, especially because there is no vibing out of it. But its an even stronger pain to leak secrets to AI coding assistants run on the cloud.

Features

  • Desktop App: Simple window for managing secrets (name, description, value)
  • MCP Server: Two tools for AI assistants:
    • search_secrets: Find secrets by name/description (never exposes values)
    • write_env: Write secrets to .env files (values go straight to file, never to AI)
  • Local Storage: All secrets stored locally in SQLite
  • npm Package: Just npx secret-mcp - no build required

Installation

Desktop App

Download from Releases or build from source:

npm install
npm run tauri build

MCP Server Setup

Add to your MCP client config:

"secret-mcp": {
  "command": "npx",
  "args": ["secret-mcp"]
}

Usage

  1. Open Secret MCP app
  2. Add your secrets (API keys, tokens, etc.)
  3. When coding with AI, it will automatically use search_secrets and write_env to set up your .env files (Note: the name of the secret is the variable name in the .env file)

MCP Tools

search_secrets

Search for secrets by name or description. Returns names and descriptions only - values are never exposed.

// Input
{ query: "openai" }

// Output
[
  { name: "OPENAI_API_KEY", description: "OpenAI API key" }
]

write_env

Write secrets to a .env file. Values go directly from your local database to the file - never passed through the AI.

// Input
{
  keys: ["OPENAI_API_KEY", "DATABASE_URL"],
  path: "/Users/you/project/.env"
}

// Output
"Successfully wrote 2 secret(s) to /Users/you/project/.env"

Data Storage

Secrets are stored locally:

  • macOS: ~/Library/Application Support/secret-mcp/secrets.db
  • Linux: ~/.local/share/secret-mcp/secrets.db
  • Windows: %APPDATA%/secret-mcp/secrets.db

Security

  • Secret values never leave your machine (except to .env files you specify)
  • MCP server only returns secret names and descriptions to the AI
  • .env files written with 600 permissions (owner read/write only)

Tech Stack

  • Desktop: Tauri 2.0 + Svelte 5 + TypeScript
  • MCP Server: Node.js + @modelcontextprotocol/sdk + better-sqlite3

License

MIT

快速设置
此服务器的安装指南

安装命令 (包未发布)

git clone https://github.com/AKarenin/Secret-mcp
手动安装: 请查看 README 获取详细的设置说明和所需的其他依赖项。

Cursor 配置 (mcp.json)

{ "mcpServers": { "akarenin-secret-mcp": { "command": "git", "args": [ "clone", "https://github.com/AKarenin/Secret-mcp" ] } } }