mcp.json lets me define a github mcp like this:
{
"mcpServers": {
"github-mcp": {
"command": "npx",
"args": [
"-y",
"@modelcontextprotocol/server-github"
],
"env": {
"GITHUB_TOKEN": "<MySecretTokenHere>"
}
}
}
}
a recent cursor update has added the possibility to define an mcp.json scoped to a project, which is great.
However, I want to commit this mcp file to the project’s repo … but I don’t want to commit my secret token (I would want all of my colleagues to input theirs instead).
Is there a way to get this server definition to actually lookup an environment variable??
I have tried a lot of variations of $TOKEN / ${TOKEN} / etc and nothing seems to take (I did source the token value in my local environment).
alternatively, if I could at least refer to a file (e.g. ~/.my_secret), that would work too, that would still be scaleable to a team.
I’m in the same situation as you. Not sure how to solve this, been going through a lot of topics in this forum and can’t find anything. Would highly appreciate a solution for this.
I know that vscode solves this by allowing an “inputs” fields in the mcp configuration which prompts for manual inputs for these sensitive values.
I’ve seen this, and I don’t think it really solves the issue described here if I understood the tool correctly.
The issue is that we don’t want environment variables in git, so having a custom script for each MCP server which exports these ENV vars feels like a solution that isn’t really scalable for a team, because each team member will need to have his own copy of this script with his own configuration..
@Francois code seems correct, it should work from 0.47+, try replacing “<MySecretTokenHere>”
with “value” as shown in docs
@DeanBaron that tool only outputs a string with variables that is setup inside Cursor mcp config under preferences, no edit file needed, the drawback is each member should add the mcp tool with their variable
other solution found: mcp governance tool (complex, Enterprise-level)
1 Like
Hi all!
This problem is called “Tool Authorization” and right now MCP is limited to single tenant usage because of this problem
However, this won’t be a problem for long. Anthropic, Arcade, and many other companies are working on making MCP servers “multi-tenent” if you will. Multi-user Authorization · modelcontextprotocol/modelcontextprotocol · Discussion #234 · GitHub
there are solutions to this.
Arcade will do the auth flow (for secrets and OAuth) at runtime and store/refresh/hold tokens, and if not auth’d, the user gets a link to auth the agent actions. this enables multi-tenancy. Sadly this isn’t currently possible with the MCP protocol as it stands. Only supported in the Arcade native protocol. Despite Arcade supporting MCP HTTP stream (new web standard over deprecated http+sse) the tool auth component is lacking. This is why you’re forced to deal with env vars. Specifically MCP hasn’t had methods for specifying the scopes/claims/perms etc of each action an agent takes so server devs are forced to endure this problem.
creds: I’m the founder of Arcade.dev
I made this little package that provides a convenient solution for stdio MCP server definitions: envmcp - npm
You just need to prefix the command with npx envmcp in order to load your environment variables from an env file.
For your example, you could use it like this:
{
"mcpServers": {
"github-mcp": {
"command": "npx",
"args": [
"envmcp",
"npx",
"-y",
"@modelcontextprotocol/server-github"
],
}
}
}
1 Like