wrap-mcp
CommunityKeep MCP secrets out of configs
Software Engineering#mcp#secrets management#token rotation#pass#stdio server#wrapper script#gpg pinentry
Authorcometjc
Version1.0.0
Installs0
System Documentation
What problem does it solve?
It prevents sensitive MCP credentials (tokens, API keys, passwords, client secrets) from being stored in MCP JSON/YAML configuration files by forcing all secrets to live in a secure secret store and only exposing them at runtime through a wrapper.
Core Features & Use Cases
- Pass-backed secret retrieval: Store credentials in
passand fetch them on-demand for the MCP server process. - Wrapper-only MCP configuration: Point the MCP
commandto a local wrapper script so the config never contains secret env vars, header values, or token arguments. - Safer token rotation flow: Update stored tokens in
passwithout editing MCP configs, using amcp-update-tokenworkflow. - Pinentry-aware unlocking: Use curses pinentry and gpg-agent caching so decryption happens interactively when needed, not during chat or static config writing.
- Wrapper rename/move synchronization: Keep an explicit comment list inside the wrapper so related MCP config paths stay consistent when the wrapper changes.
Quick Start
Create a mcp-<server> wrapper that pulls the token from pass and update your Cursor/Claude/Hermes MCP configuration so its command points only to that wrapper.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: wrap-mcp Download link: https://github.com/cometjc/dev-skills/archive/main.zip#wrap-mcp Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.