{"id":28035864,"url":"https://github.com/amirshk/mcp-secrets-plugin","last_synced_at":"2025-05-11T12:02:18.198Z","repository":{"id":290643842,"uuid":"974972370","full_name":"amirshk/mcp-secrets-plugin","owner":"amirshk","description":null,"archived":false,"fork":false,"pushed_at":"2025-04-29T21:50:12.000Z","size":7,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-29T22:24:25.398Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/amirshk.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-04-29T15:25:40.000Z","updated_at":"2025-04-29T21:50:15.000Z","dependencies_parsed_at":"2025-04-29T22:24:32.548Z","dependency_job_id":"1ad444c2-57a1-47a9-8b95-49a1f7b2bacf","html_url":"https://github.com/amirshk/mcp-secrets-plugin","commit_stats":null,"previous_names":["amirshk/mcp-secrets-plugin"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amirshk%2Fmcp-secrets-plugin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amirshk%2Fmcp-secrets-plugin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amirshk%2Fmcp-secrets-plugin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amirshk%2Fmcp-secrets-plugin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/amirshk","download_url":"https://codeload.github.com/amirshk/mcp-secrets-plugin/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253561431,"owners_count":21927787,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-05-11T12:01:26.206Z","updated_at":"2025-05-11T12:02:18.190Z","avatar_url":"https://github.com/amirshk.png","language":"Python","funding_links":[],"categories":["Tutorials","Products"],"sub_categories":["Development Tools"],"readme":"# Secrets Manager for MCP Server\n\n## Overview\n\n`secrets_manager.py` is a Python utility that enables MCP servers to securely store and retrieve sensitive information using the system's native keychain/credential manager instead of relying on `.env` files. This approach significantly improves security by leveraging the operating system's built-in secure storage mechanisms.\n\n## Key Features\n\n- **Cross-Platform Support**: Works on macOS (Keychain), Windows (Credential Locker), and other platforms (using appropriate keyring backends)\n- **Secure Storage**: Stores sensitive data like API keys in the system's secure credential storage\n- **Simple API**: Provides straightforward functions for storing and retrieving secrets\n- **Command-Line Interface**: Includes a CLI for managing secrets directly\n\n## Core Functionality\n\n### Secret Storage\n\nThe script uses the `keyring` library to store secrets in the system's native credential manager:\n\n- On macOS: Stores secrets in the macOS Keychain\n- On Windows: Uses the Windows Credential Locker\n- On other platforms: Uses the best available keyring backend\n\n### Main Functions\n\n1. **`get_secret(service_name, secret_key)`**: Retrieves a secret from the system keyring\n2. **`set_secret(service_name, secret_key, secret_value)`**: Stores a secret in the system keyring\n3. **`setup_secrets()`**: Interactive function to collect and store initial secrets\n4. **`test_get_secret()`**: Tests the retrieval of stored secrets\n5. **`get_keyring_name()`**: Returns the name of the current keyring backend based on the platform\n\n### Command-Line Interface\n\nThe script can be run directly with the following options:\n\n- `--store`: Initiates the interactive secret storage process\n- `--test`: Tests retrieving stored secrets\n- `--info`: Displays information about the current keyring backend\n\n## Usage Example\n\nInstead of storing API keys in `.env` files:\n\n```python\n# Old approach with .env files\nAPI_KEY = os.getenv(\"API_KEY\")  # Insecure, stored in plaintext\n\n# New approach with secrets_manager\nfrom secrets_manager import get_secret\nAPI_KEY = get_secret(\"MyMCPServer\", \"api_key\")  # Secure, stored in system keychain\n```\n\n## Benefits for MCP Servers\n\n1. **Enhanced Security**: Secrets are stored in the operating system's secure storage rather than in plaintext files\n2. **Simplified Management**: No need to manage `.env` files or worry about them being accidentally committed to version control\n3. **User-Friendly**: Provides an interactive interface for setting up secrets\n4. **Reliable Access**: Consistent API for accessing secrets across different platforms\n\n## Implementation Note\n\nThe script includes a commented example of how to access the stored secret directly from the macOS terminal:\n\n```bash\nsecurity find-generic-password -l \"MyMCPServer\" -a \"api_key\" -g\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Famirshk%2Fmcp-secrets-plugin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Famirshk%2Fmcp-secrets-plugin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Famirshk%2Fmcp-secrets-plugin/lists"}