Navigation
get-mcp-keys: Secure API Access & Repo Safety - MCP Implementation

get-mcp-keys: Secure API Access & Repo Safety

🔐 get-mcp-keys: Securely load Cursor MCP API keys from your home directory—keep secrets out of repos! Safeguard credentials while maintaining seamless AI coding tool integration.

Developer Tools
4.5(11 reviews)
16 saves
7 comments

Users create an average of 42 projects per month with this tool

About get-mcp-keys

What is get-mcp-keys: Secure API Access & Repo Safety?

get-mcp-keys is a utility designed to eliminate the risk of exposing sensitive API keys in version control systems. Traditional workflows store credentials directly in project files like ./cursor/mcp.json, leaving them vulnerable to accidental commits. This tool shifts security responsibility to a dedicated, encrypted configuration file in your home directory, ensuring repositories remain free of secrets while maintaining seamless access during development.

How to use get-mcp-keys: Secure API Access & Repo Safety?

  1. Create a secured configuration file: touch ~/.mcprc followed by chmod 600 ~/.mcprp ensures only your user account can access it.
  2. Populate credentials: Add environment variables like FIRECRAWL_API_KEY="your_actual_key" to the file, organizing multiple services in one centralized location.
  3. Modify MCP server configurations: Inject @masonator/get-mcp-keys at the start of your mcpServers command chain to trigger credential injection before executing the original command.

get-mcp-keys Features

Key Features of get-mcp-keys: Secure API Access & Repo Safety?

  • Automated credential injection: Environment variables are loaded dynamically without manual intervention
  • Path agnostic security: Credentials remain isolated in user-specific directories, never exposed through repository commits
  • Partial redaction: Debug outputs mask sensitive data while retaining enough context for troubleshooting
  • Universal compatibility: Works with any MCP server requiring environment variables, including FireCrawl, Brave Search, and custom solutions

Use cases of get-mcp-keys: Secure API Access & Repo Safety?

Developers working with AI coding assistants like Cursor AI benefit from:

  • Collaborative development environments where multiple contributors work with shared MCP servers
  • CI/CD pipelines where sensitive credentials must remain segregated from build artifacts
  • Multi-service projects using diverse APIs (e.g., combining Supabase databases with Brave Search integration)
  • Team onboarding/offboarding processes requiring centralized credential management

get-mcp-keys FAQ

FAQ from get-mcp-keys: Secure API Access & Repo Safety?

Is this secure against local access?
Yes - file permissions (600) restrict access to the user account, and credentials are only loaded into memory during execution.
Can I manage multiple environments?
Use separate .mcprc files and symbolic links to switch between development/staging/production configurations.
What happens if the file is missing?
Execution halts with an error message, preventing accidental use of default credentials or placeholder values.
Does it work with Docker?
Yes - mount ~/.mcprc into containers and ensure proper permissions within the runtime environment.

Content

🔐 get-mcp-keys

Stop accidentally committing API keys to your repos!

The Problem

When using Cursor AI (and other AI coding assistants) with MCP servers, you need API keys in your ./cursor/mcp.json file:

{
  "mcpServers": {
    "firecrawl": {
      "command": "npx",
      "args": [
        "-y",
        "firecrawl-mcp"
      ],
      "env": {
        "FIRECRAWL_API_KEY": "sk_live_ohno-this-should-NOT-be-in-git" // 💀
      }
    }
  }
}

This is a security nightmare waiting to happen. One accidental commit and your keys are exposed in your Git history.

💯 The Solution

get-mcp-keys loads your API keys from a secure file in your home directory, keeping them out of your repositories entirely.

⚡ Quick Start

1. Create a .mcprc file in your home directory

touch ~/.mcprc
chmod 600 ~/.mcprc  # Make it readable only by you

3. Add your API keys to the file

# ~/.mcprc
FIRECRAWL_API_KEY="your_actual_api_key_here"
BRAVE_API_KEY="another_secret_key_here"
# Add any other MCP server keys you use

4. Update your MCP configuration to use get-mcp-keys

{
  "mcpServers": {
    "firecrawl": {
      "command": "npx",
      "args": [
        "@masonator/get-mcp-keys", // 🔐
        "npx",
        "-y",
        "firecrawl-mcp"
      ]
    }
  }
}

That's it! The get-mcp-keys utility will:

  • Load your API keys from ~/.mcprc
  • Inject them as environment variables
  • Run your MCP server command with the keys available

🛡️ Security

  • Your API keys stay in your home directory
  • Keys are never committed to repositories
  • Keys are loaded only when needed
  • Debug output shows only first/last few characters of keys

🧰 Supported MCP Servers

Works with any MCP server that needs environment variables, including:

  • FireCrawl
  • Brave Search
  • Supabase
  • And any other MCP servers you configure!

🔍 How It Works

get-mcp-keys reads your .mcprc file, adds those environment variables to the current environment, and then executes whatever command you specify after it in the args list. It's simple yet effective!

get-mcp-keys in action

📋 License

MIT


⭐ If this saved you from committing your keys, star the repo!

Related MCP Servers & Clients