Secure secret handing for MCPs

Piotr_Olchawa · March 23, 2026, 1:58pm

Hey,

Trying to prepare secure config for the official Github MCP server, the remote version (HTTP). Infosec asked me to find a way where we would not paste secrets into mcp.json file. VSCode has the function to pass inputs

  "inputs": [
    {
      "type": "promptString",
      "id": "github_mcp_pat",
      "description": "GitHub Personal Access Token",
      "password": true
    }
  ]

source

I tried that with Cursor, no luck. Any ideas how to make it work?

mohitjain · March 24, 2026, 8:04am

Hi @Piotr_Olchawa,

The inputs feature from VS Code’s launch.json/tasks.json isn’t supported in Cursor’s mcp.json format. Specifically, if you add an inputs array to mcp.json, it won’t cause an error, but it will be silently ignored – the parser only reads mcpServers and discards everything else. Similarly, ${input:...} variable references in your server config values won’t be resolved.

For your use case (keeping a GitHub PAT out of plaintext config), here are two approaches that work today:

Option 1: Environment variable interpolation (recommended)

Store your token in an environment variable and reference it in your config:

{
"mcpServers": {
"github": {

"url": "https://api.githubcopilot.com/mcp/",

"headers": {
"Authorization": "Bearer ${env:GITHUB_TOKEN}"
}
}
}
}

Then set GITHUB_TOKEN in your shell profile (.zshrc, .bashrc, etc.) or use a secrets manager to inject it into your environment. This keeps the token out of version-controlled files. Cursor resolves ${env:...} variables at startup.

More details: Config Interpolation

Option 2: OAuth authentication

If you’d prefer not to manage a PAT at all, Cursor supports OAuth for remote MCP servers. If the GitHub MCP remote server supports the MCP OAuth flow, you can configure it with just the URL and let Cursor handle the authentication interactively. You may need to register a GitHub OAuth App and provide the CLIENT_ID (which is public, not a secret) in the config:

{
"mcpServers": {
"github": {
"url": "https://api.githubcopilot.com/mcp/", 
"auth": {
"CLIENT_ID": "your_github_oauth_app_client_id"
}
}
}
}

For STDIO-based servers, there’s also the envFile option, which loads environment variables from a .env file:

{
"mcpServers": {
"my-server": {
"command": "my-mcp-server",
"envFile": "${workspaceFolder}/.env"
}
}
}

Just make sure to add .env to your .gitignore.

Topic		Replies	Views
How to use environment variables in mcp.json Help	11	9590	August 5, 2025
Secure Input Support for MCP Server Configuration (e.g., API Keys) Feature Requests	1	875	September 3, 2025
MCP.json pass secrets securely Feature Requests	6	2387	August 5, 2025
Subject: How to handle dynamic environment variables for Docker‑based MCP servers in Cursor Team Settings Help mcp , teams-enterprise , security	1	21	March 19, 2026
How to config MCP server with an env parameter in Cursor Help	13	8783	December 2, 2025

Secure secret handing for MCPs

Related topics