Resolve local environment variables in MCP server definitions

YuvalNeuhaus · April 15, 2025, 4:49pm

When configuring MCP servers, you often pass keys in the form of environment variables to the MCP servers like this:

{
  "mcpServers": {
    "server-name": {
      "command": "npx",
      "args": ["-y", "mcp-server"],
      "env": {
        "API_KEY": "value"
      }
    }
  }
}

I would like the API_KEY value to be a local environment variable’s value. This way I can add this MCP server definition to my team’s Git repo and everyone will be able to easily configure their MCP servers.

Discussed in How to use environment variables in mcp.json

DeanBaron · April 15, 2025, 6:16pm

Bumping this. We’re in the same situation, it’s extremely important for our team. We want to share our MCP configuration via git and without this behavior, it’s impossible. We’re considering moving to VScode AI agent for this feature.

Francois · April 15, 2025, 8:35pm

This would be the natural evolution given that cursor now supports rules scoped to a given project: these will be committed to version control but the “secret” needs to stay out.
Using an environment variable would be the standard strategy there.
The second option would be to let the caller specify a path such as ~/.mysecret. Not as elegant, but works too.

danperks · April 16, 2025, 7:30am

Thanks for the idea, have flagged to the team to see whats possible here!

msfeldstein · April 16, 2025, 4:48pm

The approach we recommend is to use a wrapper script that loads the .env variables before calling the npx script or whatever your server is. We don’t provide the full .env variables to all servers for security reasons, and there is a very easy workaround

Does VSCode actually do this?

msfeldstein · April 16, 2025, 5:11pm

I just tested Copilot agent and they dont put your .env in your servers by default either. Best bet is to use the wrapper script

msfeldstein · April 16, 2025, 5:12pm

Actually you can do this

npx dotenv -- npx your-command

BitSnack · April 18, 2025, 1:19am

thanks for the suggestion @msfeldstein !
Maybe I am somehow doing this wrong, but dotenv does not seem to work on my end

this works just fine but exposes my token in the script:

#!/bin/bash
GITHUB_PERSONAL_ACCESS_TOKEN=MyToken npx -y @modelcontextprotocol/server-github

this hides my token in the env .. but the mcp always fails the auth

#!/bin/bash
npx dotenv -e ~/.env -- npx -y @modelcontextprotocol/server-github

I have tried many permutations of the dotenv command at this point (as well as many emplacements for the .env file) , even though it is possible I am missing something obvious

msfeldstein · April 18, 2025, 4:08am

Hmm try this?

set -a
source ~/.env
set +a

npx -y @modelcontextprotocol/server-github

VanAndell · April 20, 2025, 5:14pm

Hey, saw this problem and built a small tool, mcp-safe-run, to handle exactly this. It lets you use placeholders like file:./secret.txt or keyring:svc:acc in your mcp.json args, keeping secrets out of Git.

kvokka · April 22, 2025, 11:02pm

I was struggling with it in Roo and Cline, but in there i can use

    "brave-search": {
      "command": "mcp-safe-run",
      "args": [
        "-p",
        "brave_search",
        "--",
        "npx",
        "-y",
        "@modelcontextprotocol/server-brave-search"
      ]
    },

which works, BUT with Cursor the very same command produce

2025-04-23 05:58:08.416 [info] arch: Starting new stdio process with command: mcp-safe-run -p brave_search -- npx -y @modelcontextprotocol/server-brave-search
2025-04-23 05:58:08.416 [error] arch: Client error for command A system error occurred (spawn mcp-safe-run ENOENT)

While in the devcontaiver, where I deal with everything, it is installed and working. I suppose that MCP’s are running in some special container which is prepared for that and i can’t find how can i switch it or tweak

kvokka · April 23, 2025, 12:37pm

There is the VSCode suggested way to manage this, like ${env:FOO} and it was just adopted by Roo code. It would be great if Cursor used the same syntax

kvokka · April 23, 2025, 2:19pm

As an option, it might be to allow re-use of the dev-container (or host machine) as it allows to do VSCode.

Before the latest changes in VSCode, it was nice to have such a sort of isolation, but now it’s more of a hassle rather than a value. Those, who have security concerns are using workspaces and/or devcontainers anyway, and ironically, that group of users has lthe east options to manage MCP.json file and have to treat it as secret

VanAndell · April 23, 2025, 3:13pm

I’ll update the docs on the repo to state that Cursor doesn’t actually work with the mcp-safe-run.

Windsurf, Roo, and Cline works perfectly fine with keychain, file, and profile placeholders

griffithsbs · April 24, 2025, 7:43pm

I ended up publishing the “wrap it with a script” idea as a simple NPM package so that at least for simple stdio use cases I can define any env vars in a file and then reference them by name in the cursor MCP config by prefixing the command with npx envmcp: envmcp - npm

kvokka · April 27, 2025, 7:23pm

@griffithsbs ty man! Using it works amazingly, hope the docs will be updated soon for others.

Topic		Replies	Views
How to use environment variables in mcp.json How To	7	621	April 26, 2025
Creating a wrapper script for env variables for MCP server Discussion	11	846	March 4, 2025
How to config MCP server with an env parameter in Cursor How To	9	3390	April 2, 2025
Is mcp configuration causing cmd issues Discussion	1	127	March 8, 2025
MCP bootstrap script Feature Requests	0	70	March 16, 2025

Resolve local environment variables in MCP server definitions

Related topics