Enkrypt AI Secure MCP Gateway

{ "cells": [ { "cell_type": "markdown", "id": "8e9a8c8f", "metadata": {}, "source": [ "# Enkrypt Secure MCP Gateway - Complete Setup Walkthrough\n", "\n", "This notebook provides a comprehensive walkthrough for setting up a complete MCP (Model Context Protocol) configuration using the Enkrypt Secure MCP Gateway. \n", "\n", "## What We'll Cover:\n", "\n", "1. **Create a new MCP configuration** - Set up a named configuration\n", "2. **Add a server to the configuration** - Configure an MCP server with commands and arguments\n", "3. **Add input and output guardrails** - Implement security policies for server communications\n", "4. **Create a project** - Organize configurations into manageable projects\n", "5. **Assign MCP config to project** - Link configuration to project\n", "6. **Create a new user** - Set up user accounts for access control\n", "7. **Add user to project** - Grant user access to specific projects\n", "8. **Generate API key** - Create secure access credentials for the user\n", "\n", "This workflow represents a complete setup from initial configuration to user access, implementing security best practices with guardrails.\n" ] }, { "cell_type": "markdown", "id": "65268011", "metadata": {}, "source": [ "## Prerequisites\n", "\n", "Before starting, ensure you have:\n", "- The Enkrypt Secure MCP Gateway CLI installed\n", "- Access to run `secure-mcp-gateway` commands\n", "\n", "Some Useful Links:\n", "- Install the Seure MCP Gateway: https://www.youtube.com/watch?v=k-3Hi8cyr-E&list=PLnPPW2f7VGuJlV8u4ViFqyCgsyccKp9Hw&index=4 \n", "- GitHub Docs for the Gateway: https://github.com/enkryptai/secure-mcp-gateway\n", "- Documentation of ALL CLI Commands: https://github.com/enkryptai/secure-mcp-gateway/blob/main/CLI-Commands-Reference.md\n", "\n", "Let's begin by checking if we have access to the CLI tool:\n" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "# Check if the CLI tool is available\n", "!secure-mcp-gateway --help | head -10\n" ] }, { "cell_type": "markdown", "id": "bbd53790", "metadata": {}, "source": [ "## Step 1: Create a New MCP Configuration\n", "\n", "First, we'll create a new MCP configuration. This configuration will serve as a container for our MCP servers and their settings.\n", "\n", "### List existing configurations (optional - to see current state):\n" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "# List all existing configurations\n", "!secure-mcp-gateway config list\n" ] }, { "cell_type": "markdown", "id": "0d8e2ed1", "metadata": {}, "source": [ "### Create our new configuration:\n", "\n", "We'll create a configuration named \"production-demo-config\" for this walkthrough:\n" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "# Create a new MCP configuration\n", "!secure-mcp-gateway config add --config-name \"production-demo-config\"\n" ] }, { "cell_type": "markdown", "id": "b935fe8b", "metadata": {}, "source": [ "### Verify the configuration was created:\n" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "# Get details of our newly created configuration\n", "!secure-mcp-gateway config get --config-name \"production-demo-config\"\n" ] }, { "cell_type": "markdown", "id": "cfaa94c2", "metadata": {}, "source": [ "## Step 2: Add Server to Configuration\n", "\n", "Now we'll add an MCP server to our configuration. We'll create a server with environment variables and tools configuration.\n" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "# Add a server with basic configuration, environment variables, and tools\n", "!secure-mcp-gateway config add-server \\\n", " --config-name \"production-demo-config\" \\\n", " --server-name \"github_server\" \\\n", " --server-command \"docker\" \\\n", " --args \"run -i --rm -e GITHUB_PERSONAL_ACCESS_TOKEN ghcr.io/github/github-mcp-server\" \\\n", " --env '{\"GITHUB_PERSONAL_ACCESS_TOKEN\": \"your_github_token\"}' \\\n", " --description \"GitHub MCP Server\"\n" ] }, { "cell_type": "markdown", "id": "b0f591de", "metadata": {}, "source": [ "### Verify the server was added:\n" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "# List servers in our configuration\n", "!secure-mcp-gateway config list-servers --config-name \"production-demo-config\"\n" ] }, { "cell_type": "markdown", "id": "29d384c8", "metadata": {}, "source": [ "## Step 3: Add Input and Output Guardrails\n", "\n", "Guardrails provide security policies for server communications. We'll add both input and output guardrails to protect against malicious content and ensure output quality.\n", "\n", "### Add Input Guardrails:\n", "Input guardrails help protect against injection attacks, policy violations, and malicious input:\n" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "# Add input guardrails to our server\n", "!secure-mcp-gateway config update-server-input-guardrails \\\n", " --config-name \"production-demo-config\" \\\n", " --server-name \"github_server\" \\\n", " --policy '{\"enabled\": true, \"policy_name\": \"github_mcp_guardrails\", \"additional_config\": {\"pii_redaction\": false}, \"block\": [\"policy_violation\"]}'\n", " \n" ] }, { "cell_type": "markdown", "id": "df7013bf", "metadata": {}, "source": [ "### Add Output Guardrails:\n", "Output guardrails ensure response quality and filter harmful content:\n" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "# Add output guardrails to our server\n", "!secure-mcp-gateway config update-server-output-guardrails \\\n", " --config-name \"production-demo-config\" \\\n", " --server-name \"github_server\" \\\n", " --policy '{\"enabled\": true, \"policy_name\": \"github_mcp_guardrails\", \"additional_config\": {\"relevancy\": false, \"hallucination\": false, \"adherence\": false}, \"block\": [\"policy_violation\"]}'\n" ] }, { "cell_type": "markdown", "id": "49365031", "metadata": {}, "source": [ "### Verify the guardrails were added:\n", "\n", "Let's check our server configuration to ensure both guardrails are properly set:\n" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "# Get detailed server information including guardrails\n", "!secure-mcp-gateway config get-server --config-name \"production-demo-config\" --server-name \"github_server\"\n" ] }, { "cell_type": "markdown", "id": "81ad4e20", "metadata": {}, "source": [ "## Step 4: Create a Project\n", "\n", "Projects help organize configurations and manage user access. We'll create a project for our demo environment.\n" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "# Create a new project\n", "!secure-mcp-gateway project create --project-name \"Demo Production Environment\"\n" ] }, { "cell_type": "markdown", "id": "1d995a2e", "metadata": {}, "source": [ "## Step 5: Assign MCP Configuration to Project\n", "\n", "Now we'll link our configuration to the project, making the servers available to project users.\n" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "# Assign our configuration to the project\n", "!secure-mcp-gateway project assign-config --project-name \"Demo Production Environment\" --config-name \"production-demo-config\"\n" ] }, { "cell_type": "markdown", "id": "64b08a2a", "metadata": {}, "source": [ "### Verify the configuration assignment:\n" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "# Get project details to see the assigned configuration\n", "!secure-mcp-gateway project get --project-name \"Demo Production Environment\"\n" ] }, { "cell_type": "markdown", "id": "05317242", "metadata": {}, "source": [ "## Step 6: Create a New User\n", "\n", "Users need to be created and assigned to projects to access the MCP servers. We'll create a user for our demo environment.\n" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "# Create a new user\n", "!secure-mcp-gateway user create --email \"nitin@enkryptai.com\"\n" ] }, { "cell_type": "markdown", "id": "57cf8387", "metadata": {}, "source": [ "## Step 7: Add User to Project\n", "\n", "To grant the user access to our project and its associated MCP configuration, we need to add them to the project.\n" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "# Add user to the project\n", "!secure-mcp-gateway project add-user --project-name \"Demo Production Environment\" --email \"nitin@enkryptai.com\"\n" ] }, { "cell_type": "markdown", "id": "03813e90", "metadata": {}, "source": [ "## Step 8: Generate API Key for User\n", "\n", "The final step is to generate an API key that the user can use to authenticate and access the MCP servers through the gateway.\n" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "# Generate API key for the user in this project\n", "!secure-mcp-gateway user generate-api-key --email \"nitin@enkryptai.com\" --project-name \"Demo Production Environment\"\n" ] }, { "cell_type": "markdown", "id": "242a444e", "metadata": {}, "source": [ "## Summary\n", "\n", "🎉 **Congratulations!** You have successfully completed the full setup of an Enkrypt Secure MCP Gateway environment.\n", "\n", "### What We Accomplished:\n", "\n", "1. ✅ **Created MCP Configuration**: \"production-demo-config\"\n", "2. ✅ **Added Server**: \"demo-api-server\" with environment variables and tools\n", "3. ✅ **Implemented Security**: Both input and output guardrails configured\n", "4. ✅ **Created Project**: \"Demo Production Environment\"\n", "5. ✅ **Linked Configuration**: Assigned config to project\n", "6. ✅ **Created User**: \"demo.user@company.com\"\n", "7. ✅ **Granted Access**: Added user to project\n", "8. ✅ **Generated Credentials**: API key created for secure access\n", "\n", "### Security Features Enabled:\n", "\n", "**Input Guardrails:**\n", "- PII redaction\n", "- Content filtering\n", "- Rate limiting \n", "- Protection against: policy violations, injection attacks, malicious input, sensitive data\n", "\n", "**Output Guardrails:**\n", "- Relevancy checking\n", "- Hallucination detection\n", "- Adherence monitoring\n", "- Toxicity filtering\n", "- Content safety\n", "- Protection against: policy violations, hallucinations, harmful content, toxic content\n", "\n", "### Server Configuration:\n", "\n", "**Environment Variables:**\n", "- API_KEY, ENVIRONMENT, LOG_LEVEL, PORT\n", "\n", "**Tools Configuration:**\n", "- Web search (enabled)\n", "- File system (enabled, read-only)\n", "- Calculator (disabled)\n", "\n", "### Next Steps:\n", "\n", "1. **Use the API Key**: The user can now use their generated API key to authenticate with the MCP Gateway\n", "2. **Monitor Usage**: Use the CLI to monitor API key usage and system health\n", "3. **Scale Up**: Add more servers, users, or projects as needed\n", "4. **Maintain Security**: Regularly rotate API keys and review guardrail policies\n", "\n", "### Useful Commands for Ongoing Management:\n", "\n", "```bash\n", "# Monitor API keys\n", "secure-mcp-gateway user list-api-keys --email \"demo.user@company.com\"\n", "\n", "# Rotate API key when needed\n", "secure-mcp-gateway user rotate-api-key --api-key \"YOUR_API_KEY\"\n", "\n", "# Regular health checks\n", "secure-mcp-gateway system health-check\n", "\n", "# Create backups\n", "secure-mcp-gateway system backup --output-file \"backup-$(date +%Y%m%d).json\"\n", "```\n", "\n", "This completes our walkthrough of the Enkrypt Secure MCP Gateway setup process!\n" ] } ], "metadata": { "kernelspec": { "display_name": "venv", "language": "python", "name": "python3" }, "language_info": { "codemirror_mode": { "name": "ipython", "version": 3 }, "file_extension": ".py", "mimetype": "text/x-python", "name": "python", "nbconvert_exporter": "python", "pygments_lexer": "ipython3", "version": "3.13.6" } }, "nbformat": 4, "nbformat_minor": 5 }