Coolify MCP Server

coolify_security_keys

Manage SSH security keys for Coolify infrastructure: list, create, get, update, or delete keys to control access and permissions.

Instructions

Security keys management - list, create, get, update, and delete security keys

Input Schema

TableJSON Schema

Name	Required	Description
`action`	Yes	Action to perform: list (list all security keys), create (create new security key), get (get security key by UUID), update (update security key), delete (delete security key)
`uuid`	No	Security key UUID (required for get, update, delete actions)
`name`	No	Key name (required for create, optional for update)
`description`	No	Key description (optional for create and update)
`key`	No	SSH private key content (required for create, optional for update)
`page`	No	Page number (optional for list action)
`per_page`	No	Items per page (optional for list action)

Implementation Reference

src/handlers.ts:463-496 (handler)

The primary handler function 'securityKeys' that executes the tool logic, handling CRUD operations (list, create, get, update, delete) for security keys by making API calls to Coolify endpoints.

  async securityKeys(action: string, args: any) {
    switch (action) {
      case 'list':
        const queryString = this.apiClient.buildQueryString(args);
        const response = await this.apiClient.get(`/security/keys?${queryString}`);
        return { content: [{ type: 'text', text: JSON.stringify(response.data, null, 2) }] };
      case 'create':
        const createResponse = await this.apiClient.post('/security/keys', {
          name: args.name,
          description: args.description,
          private_key: args.key,
        });
        return { content: [{ type: 'text', text: JSON.stringify(createResponse.data, null, 2) }] };
      case 'get':
        if (!args.uuid) throw new Error('Security key UUID is required for get action');
        const getResponse = await this.apiClient.get(`/security/keys/${args.uuid}`);
        return { content: [{ type: 'text', text: JSON.stringify(getResponse.data, null, 2) }] };
      case 'update':
        if (!args.uuid) throw new Error('Security key UUID is required for update action');
        const updateResponse = await this.apiClient.patch(`/security/keys/${args.uuid}`, {
          name: args.name,
          description: args.description,
          private_key: args.key,
        });
        return { content: [{ type: 'text', text: JSON.stringify(updateResponse.data, null, 2) }] };
      case 'delete':
        if (!args.uuid) throw new Error('Security key UUID is required for delete action');
        await this.apiClient.delete(`/security/keys/${args.uuid}`);
        return { content: [{ type: 'text', text: 'Security key deleted successfully' }] };
      default:
        throw new Error(`Unknown security keys action: ${action}`);
    }
  }
}

src/tools.ts:687-725 (schema)

The tool registration and input schema definition for 'coolify_security_keys', specifying supported actions and parameters.

{
  name: 'coolify_security_keys',
  description: 'Security keys management - list, create, get, update, and delete security keys',
  inputSchema: {
    type: 'object',
    properties: {
      action: { 
        type: 'string', 
        enum: ['list', 'create', 'get', 'update', 'delete'],
        description: 'Action to perform: list (list all security keys), create (create new security key), get (get security key by UUID), update (update security key), delete (delete security key)'
      },
      uuid: { 
        type: 'string', 
        description: 'Security key UUID (required for get, update, delete actions)' 
      },
      name: { 
        type: 'string', 
        description: 'Key name (required for create, optional for update)' 
      },
      description: { 
        type: 'string', 
        description: 'Key description (optional for create and update)' 
      },
      key: { 
        type: 'string', 
        description: 'SSH private key content (required for create, optional for update)' 
      },
      page: { 
        type: 'number', 
        description: 'Page number (optional for list action)' 
      },
      per_page: { 
        type: 'number', 
        description: 'Items per page (optional for list action)' 
      },
    },
    required: ['action'],
  },
},

src/index.ts:85-142 (registration)

The tool dispatch registration in the central handleToolCall switch statement, routing 'coolify_security_keys' calls to the appropriate handler method.

private async handleToolCall(name: string, args: any) {
  switch (name) {
    // System Management
    case 'coolify_system':
      return await this.handlers.system(args.action);
    
    // Team Management
    case 'coolify_teams':
      return await this.handlers.teams(args.action, args.team_id);
    
    // Project Management
    case 'coolify_projects':
      return await this.handlers.projects(args.action, args);
    case 'coolify_project_environments':
      return await this.handlers.projectEnvironments(args.action, args);
    
    // Application Management
    case 'coolify_applications':
      return await this.handlers.applications(args.action, args);
    case 'coolify_application_lifecycle':
      return await this.handlers.applicationLifecycle(args.action, args.uuid);
    case 'coolify_application_envs':
      return await this.handlers.applicationEnvs(args.action, args);
    case 'coolify_logs':
      return await this.handlers.logs(args.action, args.uuid, args.lines);
    case 'coolify_application_deployments':
      return await this.handlers.applicationDeployments(args.action, args);
    
    // Database Management
    case 'coolify_databases':
      return await this.handlers.databases(args.action, args);
    case 'coolify_database_lifecycle':
      return await this.handlers.databaseLifecycle(args.action, args.uuid);
    case 'coolify_database_types':
      return await this.handlers.databaseTypes(args.action, args);
    
    // Server Management
    case 'coolify_servers':
      return await this.handlers.servers(args.action, args);
    case 'coolify_server_management':
      return await this.handlers.serverManagement(args.action, args.uuid);
    
    // Service Management
    case 'coolify_services':
      return await this.handlers.services(args.action, args);
    case 'coolify_service_lifecycle':
      return await this.handlers.serviceLifecycle(args.action, args.uuid);
    case 'coolify_service_envs':
      return await this.handlers.serviceEnvs(args.action, args);
    
    // Security Keys Management
    case 'coolify_security_keys':
      return await this.handlers.securityKeys(args.action, args);
    
    default:
      throw new CoolifyError(`Unknown tool: ${name}`, 400);
  }
}

Tool Definition Quality

C2.9/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden of behavioral disclosure. It lists actions but doesn't describe critical traits like authentication requirements, rate limits, side effects (e.g., deletion permanence), or response formats. For a multi-action tool with potential mutations, this is a significant gap in transparency.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, efficient sentence that front-loads the core purpose. It avoids redundancy and wastes no words, though it could be slightly more structured by separating actions or adding brief context.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's complexity (7 parameters, multiple actions including mutations) and lack of annotations and output schema, the description is incomplete. It doesn't address behavioral aspects, error handling, or return values, leaving the agent under-informed for safe and effective use.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, with each parameter well-documented in the schema. The description adds no additional parameter semantics beyond what's in the schema (e.g., it doesn't clarify dependencies between parameters). Baseline 3 is appropriate as the schema does the heavy lifting.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose as 'Security keys management - list, create, get, update, and delete security keys', which is a specific verb+resource combination. However, it doesn't differentiate this tool from its siblings (like coolify_servers or coolify_services) beyond the security keys domain, missing explicit sibling differentiation.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. It lists actions but doesn't specify prerequisites, contexts, or exclusions (e.g., when to use this over other security or management tools). This leaves the agent without usage direction.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/HowieDuhzit/CoolifyMCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server