Secrets in MCP servers — API keys, database credentials, OAuth tokens — need the same care as in any service. The discipline is non-optional.
The secret discipline
Secrets:
- Live in environment variables or a secrets manager.
- Never in code.
- Never in logs.
- Never in error messages.
- Rotated regularly.
- Revoked when compromised.
These are baseline expectations. MCP doesn't change them.
Reviewer ritual
PR review:
- No secrets in committed code.
- No secrets in test fixtures.
- Logs sanitised for secrets.
- Errors don't leak secrets.
A real setup
A team's MCP server for a third-party API:
- API key in env var (set at deploy time).
- Secrets manager rotates the key monthly.
- Logs redacted for the key pattern.
- CI scans for hardcoded secrets.
Six months in: zero secret-leak incidents.
Tooling
- Secrets managers: AWS Secrets Manager, HashiCorp Vault, Doppler.
- Secret scanning: gitleaks, GitHub secret scanning.
- Log redaction: regex-based or structured-log filtering.
Trade-offs
Secret discipline adds:
- Setup work.
- Per-deploy complexity.
- Operational responsibility.
The trade-off is real. The cost of a leak is much higher.
What we won't ship
MCP servers with hardcoded secrets.
Secrets without rotation.
Logs that include unredacted secrets.
Skipping the secret-scanning in CI.
Close
MCP secrets need the same discipline as any service's secrets. Secrets manager. Rotation. Redaction. CI scanning. Skip these and the next leak is when, not if.
Related reading
- MCP authentication — surrounding discipline.
- PII in test fixtures — same security discipline.
- Agents in finance: compliance audit trail — surrounding pattern.
We build AI-enabled software and help businesses put AI to work. If you're tightening secret discipline, we'd love to hear about it. Get in touch.