DEV Community

Luca Moretti
Luca Moretti

Posted on

Your AI Agent Just Leaked Your API Keys: Fixing MCP's Secrets Problem

#ai #security #opensource #javascript

If you're building with Model Context Protocol (MCP), you've probably hit this wall: your AI agent needs access to databases, APIs, and cloud services — but how do you pass secrets to MCP servers without hardcoding them in config files?

Most MCP setups today look like this:

{
  "mcpServers": {
    "database": {
      "command": "npx",
      "args": ["-y", "@my/mcp-server"],
      "env": {
        "DB_PASSWORD": "super-secret-password-in-plaintext"
      }
    }
  }
}
Enter fullscreen mode Exit fullscreen mode

That plaintext password sits in a JSON file on disk. It gets committed to git repos. It shows up in process environment listings. It's a security nightmare that gets worse as you add more MCP servers.

The Scale of the Problem

A typical MCP setup might connect to 5-10 servers: a database, a code search tool, a deployment service, cloud APIs, etc. Each one needs credentials. Multiply that across a team, and you have secrets scattered everywhere — config files, environment variables, shell history, CI/CD configs.

In traditional software, we solved this with tools like HashiCorp Vault, AWS Secrets Manager, and 1Password. But MCP servers don't have a standard way to integrate with any of them.

Enter Janee

Janee is an open-source MCP server that acts as a secrets gateway. Instead of scattering credentials across every MCP server config, you centralize them in one place with proper access controls.

Here's how it works:

  1. Janee connects to your existing secrets backend (environment variables, AWS Secrets Manager, or custom providers)
  2. Your MCP servers request secrets through Janee instead of getting them from env vars
  3. Access policies control which secrets each server can access
  4. Audit logs track every secret access

Your config goes from hardcoded credentials to:

{
  "mcpServers": {
    "janee": {
      "command": "npx",
      "args": ["-y", "janee"]
    }
  }
}
Enter fullscreen mode Exit fullscreen mode

One server. Zero hardcoded secrets.

Why This Matters for AI Security

AI agents are different from traditional software in a key way: they make autonomous decisions about which tools to call. A compromised or confused agent could:

  • Exfiltrate secrets through tool calls
  • Access databases it shouldn't touch
  • Use credentials meant for staging in production

Janee addresses this by putting a policy layer between the agent and the secrets. You define what's accessible, and everything else is denied by default.

Getting Started 

npm install -g janee
Enter fullscreen mode Exit fullscreen mode

Add it to your MCP config:

{
  "mcpServers": {
    "janee": {
      "command": "janee",
      "args": ["--provider", "env"]
    }
  }
}
Enter fullscreen mode Exit fullscreen mode

For a deeper dive into the architecture and all available providers, check the GitHub repo.

The Bigger Picture

The MCP ecosystem is growing fast — there are hundreds of MCP servers now, and the protocol is being adopted by Claude, VS Code, Cursor, and other major tools. But security infrastructure hasn't kept pace with feature development.

Secrets management is just one piece of the puzzle. The MCP spec itself is evolving with proposals for elicitation, server-initiated authorization, and other security primitives.

If you're building MCP servers or AI agent infrastructure, think about secrets hygiene now — before your setup scales to the point where a breach becomes inevitable.

Janee is open source and looking for contributors. Star it on GitHub or try it out and share your feedback.

Top comments (0)