mcpserver.so LogoMCPFly
Submit
get-mcp-keys logo

get-mcp-keys

by StuMason

SecurityAPI keyssecurityCursor AIenvironment variables

get-mcp-keys is a utility to prevent accidental committing of API keys to your repositories when using MCP servers with AI coding assistants. It loads API keys from a secure file in your home directory, keeping them out of your Git history.

View on GitHub

Last updated: N/A

What is get-mcp-keys?

get-mcp-keys is a command-line utility designed to securely manage API keys for MCP (Meta-Control Protocol) servers used with AI coding assistants like Cursor AI. It prevents accidental exposure of sensitive API keys by storing them in a secure file outside of the project repository.

How to use get-mcp-keys?

  1. Create a .mcprc file in your home directory and set its permissions to be readable only by you. 2. Add your API keys to the .mcprc file in the format KEY_NAME="your_api_key". 3. Update your MCP configuration to use get-mcp-keys by modifying the command and args in your mcpServers configuration.

Key features of get-mcp-keys

  • Securely stores API keys in the home directory.

  • Prevents accidental committing of API keys to repositories.

  • Loads API keys as environment variables at runtime.

  • Works with any MCP server that uses environment variables.

  • Debug output shows only first/last few characters of keys for security.

Use cases of get-mcp-keys

  • Using Cursor AI with MCP servers like FireCrawl, Brave Search, or Supabase.

  • Managing API keys for any MCP server that requires environment variables.

  • Protecting sensitive credentials from being exposed in Git history.

  • Simplifying the configuration of MCP servers by centralizing API key management.

FAQ from get-mcp-keys

Where are the API keys stored?

API keys are stored in a .mcprc file in your home directory (e.g., ~/.mcprc).

How do I make the .mcprc file secure?

Use the command chmod 600 ~/.mcprc to make the file readable only by you.

Which MCP servers are supported?

get-mcp-keys works with any MCP server that uses environment variables, including FireCrawl, Brave Search, Supabase, and others.

How does get-mcp-keys prevent API key exposure?

By loading the API keys from a secure file outside of the project repository and injecting them as environment variables at runtime, the keys are never committed to Git.

Is there any debugging output?

Yes, debug output shows only the first and last few characters of the keys to help with troubleshooting while maintaining security.