mcp.json lets me define a github mcp like this:
{
"mcpServers": {
"github-mcp": {
"command": "npx",
"args": [
"-y",
"@modelcontextprotocol/server-github"
],
"env": {
"GITHUB_TOKEN": "<MySecretTokenHere>"
}
}
}
}
a recent cursor update has added the possibility to define an mcp.json scoped to a project, which is great.
However, I want to commit this mcp file to the project’s repo … but I don’t want to commit my secret token (I would want all of my colleagues to input theirs instead).
Is there a way to get this server definition to actually lookup an environment variable??
I have tried a lot of variations of $TOKEN / ${TOKEN} / etc and nothing seems to take (I did source the token value in my local environment).
alternatively, if I could at least refer to a file (e.g. ~/.my_secret), that would work too, that would still be scaleable to a team.
I’m in the same situation as you. Not sure how to solve this, been going through a lot of topics in this forum and can’t find anything. Would highly appreciate a solution for this.
I know that vscode solves this by allowing an “inputs” fields in the mcp configuration which prompts for manual inputs for these sensitive values.
I’ve seen this, and I don’t think it really solves the issue described here if I understood the tool correctly.
The issue is that we don’t want environment variables in git, so having a custom script for each MCP server which exports these ENV vars feels like a solution that isn’t really scalable for a team, because each team member will need to have his own copy of this script with his own configuration..
@Francois code seems correct, it should work from 0.47+, try replacing “<MySecretTokenHere>”
with “value” as shown in docs
@DeanBaron that tool only outputs a string with variables that is setup inside Cursor mcp config under preferences, no edit file needed, the drawback is each member should add the mcp tool with their variable
other solution found: mcp governance tool (complex, Enterprise-level)
1 Like