Secure storage of credentials for MCP entries #2731
pvandervelde
started this conversation in
Feature Requests
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Some of the MCP services that are available require credentials in order to connect to remote services. For instance the GitHub MCP requires a token in order to connect to repositories.
The Roo Code configuration for MCPs requires that you store the authentication tokens in the configuration file in clear text. You can store those MCP configurations in the global configuration, however for things like GitHub that may not be the best in that this means you need a single token that would cover all your access to GitHub (i.e. a token has has all the same rights as the user does across all the repositories), while if you could securely store the token in the project MCP config then you could use a token only linked to the repository linked to the workspace. This would also make it possible to work across several GitHub orgs (because orgs are the boundary for tokens).
GitHub Copilot and VsCode handle MCP authentication in a secure way (https://code.visualstudio.com/docs/copilot/chat/mcp-servers#_configuration-format).
Beta Was this translation helpful? Give feedback.
All reactions