New Relic MCP Server

manage_credentials

Securely store, check, or remove New Relic API credentials in your system's keychain to enable programmatic access to monitoring data.

Instructions

Manage New Relic credentials securely in keychain.

Actions:
- 'status': Show current credential status
- 'store': Store new credentials (requires api_key parameter)
- 'delete': Remove all credentials from keychain

Input Schema

TableJSON Schema

Name	Required	Description	Default
`action`	Yes
`api_key`	No
`account_id`	No

Output Schema

TableJSON Schema

Name	Required	Description	Default
`result`	Yes

Implementation Reference

newrelic_mcp/server.py:549-617 (handler)

Core implementation of the manage_credentials tool handler. Includes @mcp.tool() registration decorator, function signature serving as input schema, and full logic for managing credentials via SecureCredentials.

@mcp.tool()
async def manage_credentials(
    action: str, api_key: Optional[str] = None, account_id: Optional[str] = None
) -> str:
    """
    Manage New Relic credentials securely in keychain.

    Actions:
    - 'status': Show current credential status
    - 'store': Store new credentials (requires api_key parameter)
    - 'delete': Remove all credentials from keychain
    """
    try:
        if action == "status":
            status = SecureCredentials.list_stored_credentials()
            return json.dumps(
                {"status": status, "message": "Current credential status"}, indent=2
            )

        elif action == "store":
            if not api_key:
                return json.dumps(
                    {"error": "api_key parameter is required for store action"},
                    indent=2,
                )

            if not api_key.startswith("NRAK-"):
                return json.dumps(
                    {
                        "error": "Invalid API key format. "
                        "New Relic API keys start with 'NRAK-'"
                    },
                    indent=2,
                )

            SecureCredentials.store_api_key(api_key)
            if account_id:
                SecureCredentials.store_account_id(account_id)

            return json.dumps(
                {
                    "success": True,
                    "message": "Credentials stored securely in keychain",
                },
                indent=2,
            )

        elif action == "delete":
            SecureCredentials.delete_credentials()
            return json.dumps(
                {
                    "success": True,
                    "message": "All credentials removed from keychain",
                },
                indent=2,
            )

        else:
            return json.dumps(
                {
                    "error": f"Unknown action '{action}'. "
                    "Valid actions: status, store, delete"
                },
                indent=2,
            )

    except Exception as e:
        return json.dumps({"error": str(e)}, indent=2)

newrelic_mcp/credentials.py:17-132 (helper)

Supporting SecureCredentials class with static methods for storing, retrieving, listing, and deleting New Relic API keys and account IDs using macOS Keychain (keyring library). Directly called by the manage_credentials handler.

class SecureCredentials:
    """Secure credential storage using macOS Keychain"""

    @staticmethod
    def store_api_key(api_key: str) -> None:
        """Store New Relic API key securely in keychain"""
        try:
            keyring.set_password(SERVICE_NAME, "api_key", api_key)
            logger.info("API key stored securely in keychain")
        except Exception as e:
            logger.error(f"Failed to store API key in keychain: {e}")
            raise

    @staticmethod
    def get_api_key() -> Optional[str]:
        """Retrieve New Relic API key from keychain or environment"""
        # First try keychain
        try:
            api_key = keyring.get_password(SERVICE_NAME, "api_key")
            if api_key:
                logger.info("Retrieved API key from keychain")
                return api_key
        except Exception as e:
            logger.warning(f"Failed to retrieve API key from keychain: {e}")

        # Fallback to environment variables for backwards compatibility
        api_key = os.getenv("NEWRELIC_API_KEY") or os.getenv("NEW_RELIC_API_KEY")
        if api_key:
            logger.warning(
                "Using API key from environment variable "
                "(consider migrating to keychain)"
            )

        return api_key

    @staticmethod
    def store_account_id(account_id: str) -> None:
        """Store New Relic account ID securely in keychain"""
        try:
            keyring.set_password(SERVICE_NAME, "account_id", account_id)
            logger.info("Account ID stored securely in keychain")
        except Exception as e:
            logger.error(f"Failed to store account ID in keychain: {e}")
            raise

    @staticmethod
    def get_account_id() -> Optional[str]:
        """Retrieve New Relic account ID from keychain or environment"""
        # First try keychain
        try:
            account_id = keyring.get_password(SERVICE_NAME, "account_id")
            if account_id:
                logger.info("Retrieved account ID from keychain")
                return account_id
        except Exception as e:
            logger.warning(f"Failed to retrieve account ID from keychain: {e}")

        # Fallback to environment variable for backwards compatibility
        account_id = os.getenv("NEWRELIC_ACCOUNT_ID")
        if account_id:
            logger.warning(
                "Using account ID from environment variable "
                "(consider migrating to keychain)"
            )

        return account_id

    @staticmethod
    def get_region() -> str:
        """Get New Relic region (stored as env var as it's not sensitive)"""
        return os.getenv("NEWRELIC_REGION", "US")

    @staticmethod
    def delete_credentials() -> None:
        """Remove all stored credentials from keychain"""
        try:
            keyring.delete_password(SERVICE_NAME, "api_key")
            logger.info("API key removed from keychain")
        except keyring.errors.PasswordDeleteError:
            logger.info("No API key found in keychain to delete")
        except Exception as e:
            logger.error(f"Failed to delete API key from keychain: {e}")

        try:
            keyring.delete_password(SERVICE_NAME, "account_id")
            logger.info("Account ID removed from keychain")
        except keyring.errors.PasswordDeleteError:
            logger.info("No account ID found in keychain to delete")
        except Exception as e:
            logger.error(f"Failed to delete account ID from keychain: {e}")

    @staticmethod
    def list_stored_credentials() -> dict:
        """List what credentials are stored (True/False, not actual values)"""
        credentials = {}

        try:
            api_key = keyring.get_password(SERVICE_NAME, "api_key")
            credentials["api_key_in_keychain"] = api_key is not None
        except Exception:
            credentials["api_key_in_keychain"] = False

        try:
            account_id = keyring.get_password(SERVICE_NAME, "account_id")
            credentials["account_id_in_keychain"] = account_id is not None
        except Exception:
            credentials["account_id_in_keychain"] = False

        credentials["api_key_in_env"] = bool(
            os.getenv("NEWRELIC_API_KEY") or os.getenv("NEW_RELIC_API_KEY")
        )
        credentials["account_id_in_env"] = bool(os.getenv("NEWRELIC_ACCOUNT_ID"))
        credentials["region"] = os.getenv("NEWRELIC_REGION", "US")

        return credentials

Tool Definition Quality

A4.6/5.0

Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden of behavioral disclosure. It effectively describes the three distinct operations, specifies that 'store' requires an api_key parameter, and mentions security context ('securely in keychain'). However, it doesn't address potential side effects like what happens during 'delete' (irreversible removal) or error conditions.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is perfectly structured with a clear opening sentence establishing context, followed by a bulleted list of actions with brief explanations. Every sentence earns its place with no redundant information, making it easy to scan and understand.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's moderate complexity (3 parameters, multiple operations) and no annotations, the description does well to explain the core functionality. With an output schema present, it doesn't need to describe return values. The main gap is not explaining the 'account_id' parameter's role, but overall it provides sufficient context for basic usage.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

With 0% schema description coverage, the description compensates well by explaining the 'action' parameter's three possible values and their meanings, and explicitly stating that 'store' requires the 'api_key' parameter. It doesn't mention the 'account_id' parameter, leaving some gap, but provides substantial value beyond the bare schema.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose with specific verbs ('manage', 'show', 'store', 'remove') and resources ('New Relic credentials', 'keychain'). It distinguishes from sibling tools by focusing on credential management rather than monitoring, querying, or other New Relic operations.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description explicitly provides usage guidance through the 'Actions' list, specifying when to use each action ('status' for checking, 'store' for saving with api_key requirement, 'delete' for removal). It clearly differentiates between the three distinct operations this tool performs.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/piekstra/newrelic-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server