Integrates with AWS Secrets Manager for secure API key storage and retrieval, enabling authentication and user context management
MCP Server
Model Context Protocol server with comprehensive security features
Features
- PII/PCI Redaction: Automatic masking of credit cards, emails, phones, SSNs, addresses
- Field Allowlisting: Only safe fields returned to LLMs (blocks sensitive data)
- Free-Text Sanitization: Suspicious content detection and removal
- Size Limits: Payload size management and summarization (64KB max)
- Structured Responses: Consistent
llm_view
andmeta
format for audit trails - Comprehensive Audit Logging: All requests logged with full context and client info
Security-First Design
- Multi-Layer Defense: Authentication → Rate Limiting → PII Redaction → Field Filtering → Content Sanitization
- Zero Trust Architecture: Every request is authenticated, rate-limited, and audited
- Defense in Depth: Multiple security layers ensure no single point of failure
- Fail-Safe Defaults: When in doubt, the server blocks access rather than allowing it
Real-World Security Examples
Before (Raw API Response):
After (LLM-Safe Response):
Project Structure
Installation
Prerequisites
- Python 3.11+
- AWS CLI configured (for Secrets Manager)
- Virtual environment
Setup
Configuration
Claude Desktop Integration
Add to your Claude Desktop MCP configuration:
Security Features
Authentication & Authorization
- AWS Secrets Manager Integration: API keys stored securely in AWS
- User Context: Each API key maps to a user with specific permissions
- Expiration Support: API keys can have expiration dates
- Default Key Fallback: Claude Desktop uses
DEFAULT_API_KEY
automatically
Rate Limiting
- Per-Endpoint Limits: Different limits for different tools
- Per-User Tracking: Rate limits applied per user ID
- Configurable Windows: Time windows (e.g., 1 hour, 1 day)
- In-Memory Storage: Fast rate limit checking
Audit Logging
- Comprehensive Logging: All requests logged with full context
- Security Events: Authentication failures, rate limit violations
- Structured Logs: JSON format for easy parsing
- File + Console: Logs to file and console for critical events
- Graceful Fallback: Console-only logging if file system is read-only
Data Protection & PII/PCI Redaction
The server automatically detects and masks sensitive data before it reaches the LLM, ensuring no PII/PCI data is exposed.
1. PII/PCI Masking Examples
What Gets Redacted/Masked:
- PAN/Credit Cards:
4111111111111111
→4***-****-****-****1
- Bank Accounts:
1234567890
→1*******0
- Emails:
jane.doe@example.com
→j***e@e***e.c***m
- Phones:
555-123-4567
→5***-***-***7
- Addresses:
123 Main St
→[address omitted]
- SSN/Tax IDs:
123-45-6789
→1***-**-***9
- Personal Names:
John Doe
→J***n D***e
- Company Names:
Acme Corporation
→A***e C***********n
Raw vs. LLM-Safe Response:
2. Field Allowlisting Examples
Only approved fields are returned to prevent data leakage. Everything else is stripped.
Invoice Example:
3. Free-Text Sanitization Examples
Suspicious content in notes, descriptions, and comments is detected and sanitized.
4. Size Limits & Summarization Examples
Large payloads are automatically summarized to prevent token overruns.
5. Complete Security Response Example
Here's what a complete response looks like with all security features applied:
Security Configuration
The security profile is configured in security_profiles/finance-default.yaml
:
Field Allowlists by Entity:
- Account: id, accountNumber, name, status, balance, currency, createdDate, updatedDate, type, industry
- Subscription: id, name, status, subscriptionStartDate, subscriptionEndDate, termType, autoRenew, renewalTerm, initialTerm, accountId, ratePlanId
- Invoice: id, invoiceNumber, status, amount, balance, dueDate, invoiceDate, currency, taxAmount, totalAmount, accountId, subscriptionId
Size Limits:
- Max Payload Size: 64KB
- Max Text Length: 200 characters
- Max List Items: 20 items
- Large lists are summarized: "980 more items omitted"
Meta Fields Explained
Response Meta Fields:
requestId
: Unique identifier for tracking requestsuserId
: User who made the request (from API key)userRole
: User's role (readonly, admin, etc.)apiKey
: Masked API key for identificationtimestamp
: When the request was processedfieldsRemoved
: List of fields that were blocked/removedredactionProfile
: Security profile used (e.g., "finance-default")securityApplied
: Whether security enhancements were appliedrateLimitInfo
: Current rate limit statuscontentSanitized
: Fields that had content sanitizedlistSummarized
: Whether large lists were summarized
Security Event Logging:
Response Format
All responses follow this structure:
This server cannot be installed
hybrid server
The server is able to function both locally and remotely, depending on the configuration or use case.
Enables secure interaction with billing systems through comprehensive PII/PCI redaction, field allowlisting, and multi-layer security controls. Protects sensitive financial data while providing LLMs safe access to account, subscription, and invoice information.
Related MCP Servers
- -securityAlicense-qualityEnables AI models to interact with the Lightning Network by providing an MCP-compliant API to pay invoices.Last updated -154MIT License
- AsecurityAlicenseAqualityEnterprise-grade authentication solution that provides secure credential management with encryption, multi-protocol authentication (OAuth2, SAML, LDAP), and real-time threat detection for applications.Last updated -8AGPL 3.0
- -securityAlicense-qualityA comprehensive system that helps organizations track, manage, and respond to security vulnerabilities effectively through features like vulnerability tracking, user management, support tickets, API key management, and SSL certificate management.Last updated -MIT License
- -securityFlicense-qualityEnables AI tools to interact with Firefly III personal finance management instances through a cloud-deployed MCP server. Supports financial operations like account management, transactions, budgeting, and reporting with configurable tool presets.Last updated -