protonpass-mcp
Provides tools for managing Proton Pass vaults, items (logins/notes), TOTP codes, secret references, password generation, and vault sharing via the official pass-cli binary.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@protonpass-mcpshow me my login for github.com"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
protonpass-mcp
A Model Context Protocol (MCP) server for Proton Pass. It wraps the official pass-cli binary and exposes 14 tools so any MCP-compatible AI assistant (Claude Desktop, Claude Code, etc.) can manage your vaults, credentials, and secrets.
Note: Proton Pass has no public REST API. This server uses the official
pass-clibinary under the hood. The CLI is currently in beta and requires a Visionary or higher Proton plan.
Table of contents
Related MCP server: Warden MCP Server
Features
Vault management — list, create, share vaults
Item management — list, view, create (login / note), update, trash, restore
TOTP — read live 2FA codes from stored items
Secret references — retrieve any field via
pass://Vault/Item/fieldURIsPassword generation — generate cryptographically secure passwords
Account info — inspect the currently authenticated Proton account
Dockerized — no local Node.js or
pass-cliinstallation required on the hostPersistent sessions — session tokens survive container restarts via a named Docker volume
Requirements
Dependency | Version |
Docker | 24+ |
Proton Pass account | Visionary plan or higher (CLI beta requirement) |
No Node.js, npm, or pass-cli installation is needed on your host machine — everything runs inside the Docker image.
Project structure
protonpass-mcp/
├── src/
│ └── index.ts # MCP server — tool definitions and handlers
├── Dockerfile # Multi-stage build (TypeScript → runtime + pass-cli)
├── docker-compose.yml # Optional: run via Compose
├── mcp-config.json # MCP client configuration snippet
├── .env.example # Environment variable template
├── package.json
└── tsconfig.jsonQuick start (Docker)
1. Build the image
docker build -t protonpass-mcp .The build installs Node.js, downloads and installs pass-cli from Proton's official installer, compiles the TypeScript source, and produces a minimal runtime image.
2. Authenticate
The MCP server is non-interactive. Run this once to log in and save the session to the named Docker volume:
docker run --rm -it \
-e PROTON_PASS_KEY_PROVIDER=fs \
-v protonpass-session:/root/.local/share/proton-pass-cli \
--entrypoint pass-cli \
protonpass-mcp:latest login --interactiveEnter your Proton credentials (email, password, TOTP if enabled) when prompted. The session token and encryption key are written to the protonpass-session volume and reused automatically on every subsequent server start.
To verify the session is working:
docker run --rm \
-e PROTON_PASS_KEY_PROVIDER=fs \
-v protonpass-session:/root/.local/share/proton-pass-cli \
--entrypoint pass-cli \
protonpass-mcp:latest user infoWindows (cmd / PowerShell): Replace
\line continuations with^(cmd) or`(PowerShell), or write the command on a single line.
Tip: Re-run the login command if your session expires.
3. Configure your MCP client
Copy the contents of mcp-config.json into your client's configuration file.
Claude Desktop (claude_desktop_config.json):
{
"mcpServers": {
"protonpass": {
"command": "docker",
"args": [
"run", "--rm", "-i",
"-e", "PROTON_PASS_KEY_PROVIDER=fs",
"-e", "PASS_LOG_LEVEL=warn",
"-v", "protonpass-session:/root/.local/share/proton-pass-cli",
"protonpass-mcp:latest"
]
}
}
}Claude Code (~/.claude/settings.json):
{
"mcpServers": {
"protonpass": {
"command": "docker",
"args": [
"run", "--rm", "-i",
"-e", "PROTON_PASS_KEY_PROVIDER=fs",
"-e", "PASS_LOG_LEVEL=warn",
"-v", "protonpass-session:/root/.local/share/proton-pass-cli",
"protonpass-mcp:latest"
]
}
}
}After saving the config, restart your MCP client. The server starts automatically on demand — Docker launches a fresh container for every session and removes it when done (--rm).
Running without Docker
If pass-cli and Node.js (v22+) are already installed on your machine:
npm install
npm run build
node dist/index.jsConfigure your MCP client to run node /path/to/protonpass-mcp/dist/index.js directly.
Available tools
Tool | Description | Required params |
| List all accessible vaults | — |
| Create a new vault |
|
| List items (all vaults or filtered) | — |
| View full item details including credentials |
|
| Create a login credential item |
|
| Create a secure note item |
|
| Update fields of an existing item |
|
| Move an item to trash (soft delete) |
|
| Restore a trashed item |
|
| Get the current live TOTP code |
|
| Generate a secure random password | — |
| Read a field via |
|
| Show authenticated account details | — |
| Share a vault with another Proton user |
|
Secret URI format
The view_secret tool accepts pass:// URIs identifying any field of any item:
pass://<vault-name>/<item-name>/<field>Built-in fields: username, password, email, url, note, totp.
Custom fields are addressed by their exact name (case-sensitive).
Examples:
pass://Work/GitHub/password
pass://Personal/Netflix/username
pass://Servers/Production DB/noteVault sharing roles
Role | Permissions |
| Read, write, share |
| Read, write |
| Read-only |
Environment variables
Variable | Default | Description |
|
| Key storage backend. Use |
| — | Encryption key when |
| platform default | Override session storage path. |
|
| Log verbosity: |
When using Docker Compose, copy .env.example to .env and edit the values — Compose picks it up automatically:
cp .env.example .envOtherwise, set them in docker-compose.yml or in the args array of your MCP client config.
Security considerations
Session volume: The
protonpass-sessionDocker volume contains your Proton Pass session token and (when usingPROTON_PASS_KEY_PROVIDER=fs) your encryption key. Treat it with the same care as a private key file. Back it up securely.PROTON_PASS_ENCRYPTION_KEY: If you set this variable, do not store it in version-controlled files. Pass it via a secrets manager or a.envfile excluded from git.Command injection: The server uses
execFilewith argument arrays — no shell interpolation occurs. User-supplied strings are passed as discrete arguments, not interpolated into a shell command.No secrets in tool output:
view_itemandview_secretreturn whateverpass-clioutputs. Ensure your MCP client does not log tool results to untrusted locations.Container isolation: Each MCP session spawns an isolated container (
--rm). The container has no network access beyond what Docker grants by default and no host filesystem access beyond the named session volume.
Troubleshooting
Error: pass-cli: command not found
The image was not built with the Proton installer. Rebuild with docker build --no-cache -t protonpass-mcp ..
Error: no session found / Error: not authenticated
Re-run the authentication command from step 2. The session may have expired.
Error: permission denied on volume
Ensure the protonpass-session volume was created by Docker and is accessible. Run docker volume inspect protonpass-session to verify.
pass-cli hangs on login inside the container
The --interactive flag is required for terminal-based login. Make sure it is present in the docker run command.
Items return IDs but you need names
Use list_vaults to get vault share IDs, then list_items with that vault_id to get item IDs. The view_secret tool accepts human-readable names via the pass:// URI syntax.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/aureTheDev/protonpass-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server