Skip to main content
Glama

Gemini MCP Server

by bobvasic
npmGitHub
JavaScript
MIT License
14
4
OverviewInspectNewEndpointsSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue
SECURITY.md2.27 kB
# Security Policy ## Overview Enterprise-grade security architecture for Gemini UI Design Server. Zero-trust principles with credential isolation and fail-fast validation. ## Supported Versions | Version | Supported | |---------|-----------| | 1.0.x | ✅ | ## Reporting Vulnerabilities **Email**: info@cyberlinksec.com **Subject**: `[SECURITY] Gemini UI Design Server - [Brief Description]` **Expected Response Times**: - Acknowledgment: 48 hours - Assessment: 5 business days - Resolution Coordination: Case-by-case basis ## Security Architecture ### API Key Management - **Environment Variable Isolation** - Never hardcode credentials - **Startup Validation** - Fail-fast on missing keys - **Error Sanitization** - No sensitive data in logs - **Rotation Policy** - 90-day maximum key lifetime ### Deployment Security ```bash # Restrict configuration file permissions chmod 600 ~/.config/warp/mcp.json # Use dedicated API keys per environment export GEMINI_API_KEY_PROD="production-key" export GEMINI_API_KEY_DEV="development-key" ``` ### Dependency Security - **Zero Vulnerabilities** - Verified via `npm audit` - **Minimal Surface** - 2 direct dependencies only - **Update Cadence** - Monthly dependency audits ## Best Practices **Environment Configuration** ```json { "mcpServers": { "gemini-ui-designer": { "env": { "GEMINI_API_KEY": "${GEMINI_KEY}" // Reference env var, don't hardcode } } } } ``` **Access Control** - Run as non-root user - Implement least-privilege principles - Segregate dev/prod credentials - Enable Google Cloud Console monitoring ## Incident Response ### Compromised API Key 1. **Immediate**: Revoke key in [Google Cloud Console](https://console.cloud.google.com/) 2. **Generate**: Create new key with restrictions 3. **Update**: Replace environment variables 4. **Audit**: Review usage logs for unauthorized access ### Security Contact **Email**: info@cyberlinksec.com **Company**: CyberLink Security **Response**: 24/7 for critical issues ## Compliance - **OWASP Top 10** - Aligned security practices - **ISO 27001** - Enterprise security standards - **SOC 2 Type II** - Operational security controls --- **Last Updated**: 2025-10-19 **Security Version**: 1.0.0

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/bobvasic/gemini-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server