Free for 1 AI agent · MCP server

Credentials for AI coding agents, via MCP

@secr/mcp is a drop-in Model Context Protocol server. It brokers secrets from a remote secr account to your AI coding agent — Claude Code, Cursor, Continue, Copilot — replacing plaintext .env files with scoped, allowlisted, audited credentials.

Get a free agent token npm: @secr/mcp Source (MIT)

What it does

Resolves secrets at runtime

The agent calls secr.get via MCP. The server hits your secr account, enforces the per-agent allowlist, returns the value. Nothing on disk.

Per-agent secret allowlist

Each agent token has a server-side allowlist. Even if the agent gets compromised, it only sees the keys you whitelisted.

Conditional access

Pin tokens to IP ranges, business hours, required user-agent patterns. Stolen tokens fail outside their authorised envelope.

Full audit trail

Every secret read is recorded with agent identity, tool name, and timestamp. Tamper-evident, exportable, queryable.

Install in your client

Pick your editor. Same agent token works across all of them — sign up, create one agent identity, paste the token below.

Claude Code

claude mcp add secr -e SECR_TOKEN=secr_agent_xxx -- npx @secr/mcp

Anthropic's official CLI. Add once and every Claude Code session has scoped access.

Cursor

// ~/.cursor/mcp.json
{
  "mcpServers": {
    "secr": {
      "command": "npx",
      "args": ["@secr/mcp"],
      "env": { "SECR_TOKEN": "secr_agent_xxx" }
    }
  }
}

Settings → MCP → add server, or edit ~/.cursor/mcp.json directly. Restart Cursor to pick up the server.

Continue

// ~/.continue/config.json — under "experimental.modelContextProtocolServers"
{
  "name": "secr",
  "command": "npx",
  "args": ["@secr/mcp"],
  "env": { "SECR_TOKEN": "secr_agent_xxx" }
}

Continue's MCP support is in experimental — pin to the latest Continue release.

Windsurf / Copilot / custom

// Any MCP-compatible client — use the same env var, point command at: npx @secr/mcp

If your client speaks MCP, secr works with it. The server is a vanilla MCP stdio server.

Tools the agent can call

secr.list— list keys the agent has access to (no values)

secr.get— resolve a single secret value (allowlist enforced server-side)

secr.materialize— resolve all allowed secrets at once for the current session

Why MCP for credentials

The Model Context Protocol is the standard wire format for giving AI agents access to tools and data. Until now, the typical setup for credentials has been: paste API keys into the agent's config file as plaintext environment variables. That works on day one and breaks the day the agent goes rogue, the laptop gets stolen, or someone commits the config file by accident.

@secr/mcp moves credentials behind a network call the server can see and gate. The agent still gets what it needs. You get an audit trail, an allowlist, and a kill switch.

Stop putting API keys in your agent's config file

Create your account Why agents need this