🔐 get-mcp-keys
@StuMason
A lightweight utility that securely loads API keys for Cursor MCP servers from your home directory, preventing accidental exposure of secrets in repositories. Keep your credentials safe while maintaining seamless integration with AI coding assistants.
概要
What is get-mcp-keys?
get-mcp-keys is a utility that loads API keys from a secure ~/.mcprc file and injects them as environment variables before running any MCP server command. It is designed for developers using AI coding assistants like Cursor who want to avoid accidentally committing API keys in repository configuration files.
How to use get-mcp-keys?
Create a .mcprc file in your home directory, set its permissions to 600, and add your API keys (e.g., FIRECRAWL_API_KEY="..."). Then update your MCP configuration so the command array starts with npx @masonator/get-mcp-keys followed by the original server command and arguments.
Key features of get-mcp-keys
- Loads API keys from a
~/.mcprcfile in your home directory. - Injects keys as environment variables into any MCP server command.
- Runs the specified MCP server command with the keys available.
- Keeps API keys out of repository files entirely.
- Debug output shows only first and last few characters of keys.
- Works with any MCP server that needs environment variables.
Use cases of get-mcp-keys
- Prevent accidental Git commits of API keys in MCP configuration files.
- Share team MCP configuration via dotfiles without exposing secrets.
- Centralize API key management for multiple MCP servers in a single profile.
- Use any MCP server (e.g., FireCrawl, Brave Search, Supabase) without embedding keys in the project.
FAQ from get-mcp-keys
Does this only work with specific MCP servers?
No, get-mcp-keys works with any MCP server that reads API keys or other secrets from environment variables.
Where is the secure key file stored?
The file is ~/.mcprc in your home directory. The README recommends setting its permissions to 600 (readable only by you).
How does get-mcp-keys keep my keys secure?
Keys are never written to repository files. The utility reads them from the home directory, injects them as environment variables only at runtime, and its debug output exposes only the first and last few characters of each key.
Is get-mcp-keys an MCP server itself?
No, it is a wrapper/utility that reads .mcprc, sets environment variables, and then executes whatever command you specify after it in the arguments list.
What transport or authentication does get-mcp-keys use?
—