Provides guidance and tools for securely containerizing and running MCP servers in isolated Docker environments with controlled access to files, network traffic, and environment variables
Offers detection and prevention strategies for unauthorized or unmonitored MCP server usage within organizations
MCP-Checklists
We're a team of security and AI enthusiasts building MCP Manager, a comprehensive MCP security solution for businesses of all sizes.
In this repository we will publish a range of checklists, indexes, lessons learned and helpful utilities to help you adopt and use AI agents and MCP servers securely - without losing pace in the AI race.
⭐Star this repo to stay up to date and avoid missing that guide you know you'll need in the future!
We welcome contributions and suggestions - here's the instructions for contributing.
📚 Table of Contents
- Using Docker to Secure Local MCP servers
- Authentication and Authorization
- Logging, Auditing, and Observability
- Security Threats and Mitigation
- AI Agent Building, Optimization, & Security
🐳 Using Docker to Run Local MCP Servers Securely
Installing and running MCP servers locally is equivalent to installing and running any other software on your computer. Locally running MCP servers have unlimited access to all your files, creating risks of data exfiltration, token theft, virus infection and propagation, or data encryption attacks (Ransomware).
Docker is a containerization solution that is free, open source, and widely supported across all major operating systems.
Why You Should Use Docker to Containerize Local MCP Servers
Running MCP servers inside Docker containers allows you to run them in a sandboxed environment that you have complete control over. You decide which files and folders to expose to the container, can define rules for HTTP and WebSocket traffic, and selectively expose environment variables instead of unintentionally leaking secrets.
Using Docker to containerize your MCP servers reduces security risks and gives you more control over what data and capabilities the server has access to. It's not a complete bulletproof solution, however, because if you're not careful, you can still give Docker containers running locally unfettered access to your VPN / private networks.
Guide and Docker Files
We understand that learning complex technologies like Docker can be intimidating, but we've made our best effort to provide you with examples, documentation, and helpful scripts to get you started running MCPs securely.
Use How to Run MCP Servers Securely to learn about our helpful scripts and Dockerfiles that will get you started running local MCP Servers securely in no time.
🔐 Authentication and Authorization
Checklists
📝 Logging, Auditing, and Observability
Checklists
🛡️ Threats and Mitigation
Checklists
Index Lists
🤖 AI Agent Building and Security
Checklists/Guides
This server cannot be installed
An enterprise-level MCP gateway and proxy that sits between an organization's MCP servers and clients. MCP Manager mitigates security threats, enables fine-grained permissions, enforces policies and guardrails, and generates comprehensive, end-to-end logs.
Related MCP Servers
- -securityAlicense-qualityMCP Server provides a simpler API to interact with the Model Context Protocol by allowing users to define custom tools and services to streamline workflows and processes.Last updated -13MIT License
- -securityAlicense-qualityA proxy service that connects MCP clients to remote MCP servers, allowing users to use server keys from MCP.so to access remote resources without running their own server.Last updated -283MIT License
- AsecurityAlicenseAqualityA unified control center for managing MCP servers, providing tooling for environment variable management, profile-based configurations, and local package installation automation.Last updated -243MIT License