Skip to main content
Glama
Jakedismo

Master MCP Server

by Jakedismo
OverviewSchemaRelated ServersScoreDiscussions
TypeScript
Hybrid
configuration_security.md.-OOlkzN4.js2.65 kB
import{_ as t,c as i,o as a,a6 as o}from"./chunks/framework.CHl2ywxc.js";const p=JSON.parse('{"title":"Security Configuration & Practices","description":"","frontmatter":{},"headers":[],"relativePath":"configuration/security.md","filePath":"configuration/security.md","lastUpdated":1755281500000}'),r={name:"configuration/security.md"};function n(c,e,s,d,l,u){return a(),i("div",null,e[0]||(e[0]=[o('<h1 id="security-configuration-practices" tabindex="-1">Security Configuration &amp; Practices <a class="header-anchor" href="#security-configuration-practices" aria-label="Permalink to &quot;Security Configuration &amp; Practices&quot;">​</a></h1><h2 id="secrets-in-config" tabindex="-1">Secrets in Config <a class="header-anchor" href="#secrets-in-config" aria-label="Permalink to &quot;Secrets in Config&quot;">​</a></h2><p>Use either of the following in your config:</p><ul><li><code>env:VARNAME</code> → value is read from <code>process.env.VARNAME</code></li><li><code>enc:gcm:&lt;base64&gt;</code> → value is decrypted using <code>MASTER_CONFIG_KEY</code> (or <code>MASTER_SECRET_KEY</code>)</li></ul><p><code>SecretManager</code> handles both resolving and redacting sensitive values for logs.</p><h2 id="token-encryption" tabindex="-1">Token Encryption <a class="header-anchor" href="#token-encryption" aria-label="Permalink to &quot;Token Encryption&quot;">​</a></h2><p><code>TokenManager</code> encrypts stored delegated/proxy tokens with <code>TOKEN_ENC_KEY</code>. In production this must be set; otherwise startup fails. In development, a warning is logged and an ephemeral key is generated.</p><h2 id="oauth-best-practices" tabindex="-1">OAuth Best Practices <a class="header-anchor" href="#oauth-best-practices" aria-label="Permalink to &quot;OAuth Best Practices&quot;">​</a></h2><ul><li>Always set <code>hosting.base_url</code> correctly for accurate redirect URIs behind proxies.</li><li>Use PKCE (enabled by default) and short-lived state tokens.</li><li>Limit scopes in <code>servers[].auth_config.scopes</code> to the minimum required.</li></ul><h2 id="hardening-tips" tabindex="-1">Hardening Tips <a class="header-anchor" href="#hardening-tips" aria-label="Permalink to &quot;Hardening Tips&quot;">​</a></h2><ul><li>Drop container capabilities and run as non-root (see Dockerfiles)</li><li>Use <code>LOG_FORMAT=json</code> in production for structured logs</li><li>Ensure secrets are injected via platform secret stores (KMS, Workers Secrets, Koyeb Secrets)</li><li>Enable <code>security.audit</code> to log config changes (redacted)</li></ul>',11)]))}const f=t(r,[["render",n]]);export{p as __pageData,f as default};

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Jakedismo/master-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server