Encrypted SQLite MCP Server
Allows querying and managing data in 1Password's encrypted SQLite vault databases.
Enables access to Firefox's encrypted login databases for querying and management.
Provides tools to interact with Signal's encrypted message databases.
Allows querying and managing data in Telegram's encrypted local database.
Enables access to WhatsApp's encrypted message databases for querying and management.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Encrypted SQLite MCP Serverlist all tables in the encrypted database"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Encrypted SQLite MCP Server
MCP server for encrypted SQLite databases
A Model Context Protocol (MCP) server for working with encrypted SQLite databases using SQLCipher. This server provides tools to read database structures, query tables, and perform CRUD operations on encrypted SQLite databases.
Compatible with all MCP clients (Cursor, Claude Desktop, and others).
Works with encrypted databases from: MoneyMoney, 1Password, Signal, WhatsApp, Firefox, Telegram, KeePass, and other applications using SQLCipher encryption.
Features
Encrypted SQLite Support: Works with SQLCipher 4 encrypted databases - the key differentiator of this MCP server
Encrypted Passphrases: Support for AES-256-GCM encrypted passphrases with macOS Keychain integration
Database Exploration: List tables, columns, indexes, and schema metadata
Query Support: Execute arbitrary SQL queries (SELECT, INSERT, UPDATE, DELETE, DDL)
CRUD Operations: Insert, update, and delete rows with filtering
Configurable Cipher Profiles: Support for different SQLCipher configurations
MCP Protocol: Full Model Context Protocol implementation via STDIO
Security: SQL identifier validation to prevent SQL injection
Debug Mode: Optional debug output via
MCP_DEBUGenvironment variableInput Validation: Comprehensive validation for limits, offsets, and identifiers
Related MCP server: SQLite-MCP
Why Encrypted SQLite?
Many popular applications use encrypted SQLite databases (SQLCipher) to protect sensitive data. This MCP server is specifically designed to work with these encrypted databases.
Applications Using Encrypted SQLite Databases
MoneyMoney (macOS): Financial management app with encrypted local databases
1Password: Password manager using SQLCipher for local vault storage
Signal: Encrypted messaging app with SQLCipher-protected message databases
WhatsApp: Messaging app using encrypted SQLite for local message storage
Firefox: Browser using SQLCipher for encrypted login databases
Telegram: Messaging app with encrypted local database storage
KeePass: Password manager supporting encrypted SQLite database files
If you need to access data from any of these applications or other SQLCipher-encrypted databases, this MCP server provides the tools you need. Note that you need the passphrase of the encrypted database.
Requirements
Java 21 or higher (JDK)
Gradle (wrapper included)
SQLite JDBC driver with encryption support (
sqlite-jdbc-3.50.1.0.jarfrom sqlite-jdbc-crypt)
Quick Start
Cursor (One-Click Installation)
The easiest way to install this MCP server in Cursor is via the Cursor MCP Store:
Click "Add to Cursor"
Follow the prompts to configure your database path and passphrase
Other MCP Clients
This server works with any MCP-compatible client. See the Configuration section below for setup instructions.
Installation
Docker (Recommended)
Use the pre-built Docker image from GitHub Container Registry:
docker pull ghcr.io/rosch100/mcp-encrypted-sqlite:latest
Quick Start: See DOCKER_QUICKSTART.md for Docker Desktop setup.
Detailed Configuration: See DOCKER_CONFIGURATION.md for advanced options.
From Source
Clone the repository:
git clone https://github.com/rosch100/mcp-encrypted-sqlite.gitcd mcp-encrypted-sqliteBuild the project:
./gradlew build installDist
The build process will automatically download sqlite-jdbc-3.50.1.0.jar from sqlite-jdbc-crypt releases and place it in the libs/ directory.
The executable will be available at build/install/mcp-encrypted-sqlite/bin/mcp-encrypted-sqlite.
Configuration
This MCP server works with any MCP-compatible client (Cursor, Claude Desktop, etc.). The configuration format follows the Model Context Protocol specification.
The server communicates via STDIO (standard input/output). Add the following configuration to your MCP client's configuration file:
Configuration file locations:
Cursor:
~/.cursor/mcp.jsonClaude Desktop (macOS):
~/Library/Application Support/Claude/claude_desktop_config.jsonClaude Desktop (Windows):
%APPDATA%\Claude\claude_desktop_config.jsonOther clients: Refer to your client's documentation
{
"mcpServers": {
"encrypted-sqlite": {
"command": "/path/to/mcp-encrypted-sqlite/build/install/mcp-encrypted-sqlite/bin/mcp-encrypted-sqlite",
"args": [
"--args",
"{\"db_path\":\"/path/to/your/database.sqlite\",\"passphrase\":\"your-passphrase\"}"
]
}
}
}Optional Parameters:
transport: Defaults to"stdio"(can be omitted)cwd: Not needed when using absolute paths (can be omitted)env: Only needed if Java is not in your system PATH or for custom Java installation:
{
"mcpServers": {
"encrypted-sqlite": {
"command": "/path/to/mcp-encrypted-sqlite/build/install/mcp-encrypted-sqlite/bin/mcp-encrypted-sqlite",
"args": [
"--args",
"{\"db_path\":\"/path/to/your/database.sqlite\",\"passphrase\":\"your-passphrase\"}"
],
"env": {
"JAVA_HOME": "/path/to/java/home"
}
}
}
}Docker Configuration
Plain Passphrase
{
"mcpServers": {
"encrypted-sqlite": {
"command": "docker",
"args": [
"run", "--rm", "-i",
"-v", "/path/to/your/database.sqlite:/data/database.sqlite:ro",
"ghcr.io/rosch100/mcp-encrypted-sqlite:latest",
"--args",
"{\"db_path\":\"/data/database.sqlite\",\"passphrase\":\"your-passphrase\"}"
]
}
}
}Encrypted Passphrase (Recommended)
When using encrypted passphrases, you must pass the encryption key as an environment variable:
{
"mcpServers": {
"encrypted-sqlite": {
"command": "docker",
"args": [
"run", "--rm", "-i",
"-e", "MCP_SQLITE_ENCRYPTION_KEY=your-encryption-key",
"-v", "/path/to/your/database.sqlite:/data/database.sqlite:ro",
"ghcr.io/rosch100/mcp-encrypted-sqlite:latest",
"--args",
"{\"db_path\":\"/data/database.sqlite\",\"passphrase\":\"encrypted:your-encrypted-passphrase\"}"
]
}
}
}Important Notes:
The
-eflag must come before the-vflagmacOS Keychain is NOT accessible from Docker containers - pass the encryption key explicitly
Get your encryption key:
security find-generic-password -s "mcp-encrypted-sqlite" -a "encryption-key" -wThe database file is mounted as read-only (
:ro) by default. Remove:roif you need write access
Security Warning: Storing both the encryption key and encrypted passphrase as plain text in your configuration file is a security risk. See DOCKER_CONFIGURATION.md for secure alternatives.
Custom Cipher Profile
Override the default SQLCipher 4 settings by including a cipherProfile in the configuration JSON:
{
"mcpServers": {
"encrypted-sqlite": {
"command": "/path/to/mcp-encrypted-sqlite/build/install/mcp-encrypted-sqlite/bin/mcp-encrypted-sqlite",
"args": [
"--args",
"{\"db_path\":\"/path/to/your/database.sqlite\",\"passphrase\":\"your-passphrase\",\"cipherProfile\":{\"name\":\"SQLCipher 4 defaults\",\"pageSize\":4096,\"kdfIterations\":256000,\"hmacAlgorithm\":\"HMAC_SHA512\",\"kdfAlgorithm\":\"PBKDF2_HMAC_SHA512\"}}"
]
}
}
}Note: All fields in cipherProfile are optional - only specify the ones you want to override from the defaults. You can also specify cipherProfile in individual tool calls, but it's recommended to configure it once in the MCP server configuration for consistency.
Encrypted Passphrases
For enhanced security, you can store passphrases in encrypted form. The server uses AES-256-GCM encryption, which provides authenticated encryption and is both secure and fast.
macOS Keychain (Recommended for macOS)
Generate and store key in Keychain: Run:
./store-key-in-keychain.sh --generateEncrypt your passphrase: Run:
./encrypt-passphrase.sh "your-plain-passphrase"
The key is automatically loaded from the Keychain when no environment variable is set.
Benefits:
Key is securely encrypted and stored by macOS
No environment variables needed
Automatic unlock with macOS user password
Works system-wide for all applications
Environment Variable (Cross-Platform)
Generate an encryption key: Run:
java -cp build/libs/mcp-encrypted-sqlite-VERSION.jar com.example.mcp.sqlite.config.PassphraseEncryptionSet the encryption key: Run:
export MCP_SQLITE_ENCRYPTION_KEY="<your-generated-key>"Encrypt your passphrase: Run:
java -cp build/libs/mcp-encrypted-sqlite-VERSION.jar com.example.mcp.sqlite.util.EncryptPassphrase "your-plain-passphrase"
Usage
Use the encrypted passphrase (with encrypted: prefix) in your configuration:
On macOS with Keychain (recommended):
{
"mcpServers": {
"encrypted-sqlite": {
"command": "/path/to/mcp-encrypted-sqlite/build/install/mcp-encrypted-sqlite/bin/mcp-encrypted-sqlite",
"args": [
"--args",
"{\"db_path\":\"/path/to/your/database.sqlite\",\"passphrase\":\"encrypted:<encrypted-passphrase>\"}"
]
}
}
}Note: No env section needed - the key is automatically loaded from macOS Keychain.
With environment variable (cross-platform):
{
"mcpServers": {
"encrypted-sqlite": {
"command": "/path/to/mcp-encrypted-sqlite/build/install/mcp-encrypted-sqlite/bin/mcp-encrypted-sqlite",
"args": [
"--args",
"{\"db_path\":\"/path/to/your/database.sqlite\",\"passphrase\":\"encrypted:<encrypted-passphrase>\"}"
],
"env": {
"MCP_SQLITE_ENCRYPTION_KEY": "<your-encryption-key>"
}
}
}
}Important Security Notes:
The encryption key MUST be available (macOS Keychain or
MCP_SQLITE_ENCRYPTION_KEYenvironment variable)The server automatically detects encrypted passphrases (starting with
encrypted:) and decrypts themUse
PassphraseEncryption.generateKey()to generate strong keys (256 bits / 32 bytes)AES-256-GCM provides authenticated encryption
Weak keys are automatically rejected
Available Tools
list_tables
List all tables in the database. By default only table names, with include_columns=true also column details.
Parameters:
db_path(optional if configured): Path to the database filepassphrase(optional if configured): Database passphraseinclude_columns(optional, default: false): If true, column details are also returned
Example:
{
"name": "list_tables",
"arguments": {
"include_columns": true
}
}get_table_data
Read data from a table with optional filtering, column selection, and pagination.
Parameters:
table(required): Table namecolumns(optional): Array of column names to selectfilters(optional): Object with column-value pairs for filteringlimit(optional, default: 200): Maximum number of rowsoffset(optional, default: 0): Offset for pagination
Example:
{
"name": "get_table_data",
"arguments": {
"table": "accounts",
"columns": ["id", "name", "balance"],
"filters": {"status": "active"},
"limit": 50,
"offset": 0
}
}execute_sql
Execute arbitrary SQL statements (SELECT, INSERT, UPDATE, DELETE, DDL).
Security Warning: This tool executes raw SQL without parameterization. Only use with trusted SQL or ensure proper validation and sanitization is performed before calling this tool. For safer operations, use the other tools (get_table_data, insert_or_update, delete_rows) which use parameterized queries.
Parameters:
sql(required): SQL statement to execute
Example:
{
"name": "execute_sql",
"arguments": {
"sql": "SELECT COUNT(*) FROM transactions WHERE amount > 1000"
}
}insert_or_update
Perform UPSERT operations (INSERT or UPDATE on conflict).
Parameters:
table(required): Table nameprimary_keys(required): Array of primary key column namesrows(required): Array of row objects to insert/update
Example:
{
"name": "insert_or_update",
"arguments": {
"table": "accounts",
"primary_keys": ["id"],
"rows": [
{"id": 1, "name": "Account 1", "balance": 1000.0},
{"id": 2, "name": "Account 2", "balance": 2000.0}
]
}
}delete_rows
Delete rows from a table based on filters.
Parameters:
table(required): Table namefilters(required): Object with column-value pairs for filtering
Example:
{
"name": "delete_rows",
"arguments": {
"table": "transactions",
"filters": {"status": "cancelled"}
}
}get_table_schema
Retrieves detailed schema information for a table (columns, indexes, foreign keys, constraints).
Parameters:
table(required): Table name
Example:
{
"name": "get_table_schema",
"arguments": {
"table": "accounts"
}
}list_indexes
Lists all indexes of a table.
Parameters:
table(required): Table name
Example:
{
"name": "list_indexes",
"arguments": {
"table": "accounts"
}
}Debug Mode
The server supports optional debug output via the MCP_DEBUG environment variable. When enabled, detailed debug information is written to stderr (not stdout, to comply with MCP protocol requirements).
Enable debug mode:
{
"mcpServers": {
"encrypted-sqlite": {
"command": "/path/to/mcp-encrypted-sqlite/build/install/mcp-encrypted-sqlite/bin/mcp-encrypted-sqlite",
"args": [
"--args",
"{\"db_path\":\"/path/to/your/database.sqlite\",\"passphrase\":\"your-passphrase\"}"
],
"env": {
"MCP_DEBUG": "true"
}
}
}
}Debug output includes:
Server startup information (Java version, OS, arguments)
Configuration parsing details
Request processing information
Response sizes and structures
Database connection details
Note: Debug output is disabled by default to keep logs clean. Only enable it when troubleshooting issues.
Default Cipher Profile
The server uses SQLCipher 4 defaults by default:
cipher_page_size: 4096kdf_iter: 256000cipher_hmac_algorithm: HMAC_SHA512cipher_kdf_algorithm: PBKDF2_HMAC_SHA512cipher_use_hmac: ONcipher_plaintext_header_size: 0
These settings match the defaults used by tools like "DB Browser for SQLite" with SQLCipher 4.
Development
See DEVELOPMENT.md for development setup, building, testing, and project structure.
Security Considerations
General Security
Passphrases: Passphrases are only stored in memory and never logged
Encrypted Passphrases: Use encrypted passphrases with AES-256-GCM for storing passphrases in configuration files (see Encrypted Passphrases section)
Memory: Note that decrypted passphrases remain in memory as Java Strings (immutable). For maximum security, consider using
char[]arrays, though this is not currently implemented.Transport: Use secure transport channels (e.g., encrypted sessions) when accessing the server remotely
File Permissions: Ensure database files have appropriate file system permissions
Security Best Practices
Use encrypted passphrases with AES-256-GCM encryption
Generate strong keys using
PassphraseEncryption.generateKey()(256 bits / 32 bytes)Store encryption keys securely: Use macOS Keychain (recommended on macOS) or secure secret storage
Never store both encryption key and encrypted passphrase in the same configuration file - Use wrapper scripts or environment variables to load the key securely (see DOCKER_CONFIGURATION.md for details)
Rotate keys periodically - when rotating, re-encrypt all passphrases with the new key
Use different keys for different environments (development, staging, production)
Never commit keys or encrypted passphrases to version control
Restrict file permissions on configuration files containing secrets (
chmod 600)
Troubleshooting
Debugging MCP Server Communication Issues
The MCP server includes extensive debugging features to help diagnose communication problems.
Viewing Logs
In MCP clients:
Check your client's log output (e.g., Cursor: Output panel → "MCP Logs")
All debug output is written to
stderr
Manual testing:
Run: ./build/install/mcp-encrypted-sqlite/bin/mcp-encrypted-sqlite --args '{"db_path":"/path/to/db.sqlite","passphrase":"secret"}' 2>&1 | tee mcp-debug.log
Common Communication Problems
1. Server does not start
Symptom: No logs visible, server does not respond
Debugging: Check startup logs:
Java version is logged
Arguments are logged
Configuration parsing is logged
Solution:
Verify Java is correctly installed
Check the MCP configuration (
mcp.json)Check paths in
commandandargsfields
2. JSON Parsing Errors
Symptom: "Parse error" in logs
Debugging: The server logs:
First 500 characters of received JSON
Exact exception with stack trace
Solution:
Check JSON structure in MCP configuration
Ensure JSON is properly escaped
Verify all required fields are present
3. Missing or Incorrect Responses
Symptom: Requests are not answered or timeouts occur
Debugging: The server logs:
Each received request with ID and method
Response size and status
Flush status after writing
Solution:
Check if
STDOUTis available (logged at startup)Check response size (very large responses can cause problems)
Verify flush was successful
4. Invalid Requests
Symptom: "Invalid Request" errors
Debugging: The server logs:
Missing fields (e.g.,
method,id)JSON-RPC version mismatches
Invalid parameters
Solution:
Ensure all requests comply with JSON-RPC 2.0 standard
Verify
methodandidfields are presentCheck parameter structure
5. Database Connection Problems
Symptom: "Database error" errors
Debugging: The server logs:
Used DB paths (Default vs. Override)
Passphrase status (encrypted/decrypted)
CipherProfile configuration
Solution:
Check DB path in logs
Verify passphrase was correctly decrypted
Check CipherProfile settings
Debugging Features in Detail
The server automatically logs:
Startup Information:
Java version and Java Home
Operating system information
Number and content of arguments
Configuration parsing status
Request Processing:
Each received request with number and length
JSON-RPC validation
Method calls with parameters
Response size and status
Error Handling:
Detailed exception information with stack traces
JSON-RPC error codes according to specification
Error responses with additional debug data
Database Operations:
Used configurations (Default vs. Override)
SQL queries (first 100 characters)
Result sizes and affected rows
Database cannot be opened
Verify the passphrase is correct
Check that the database uses SQLCipher 4 defaults (or configure a custom cipher profile)
Ensure the database file path is correct and accessible
Check logs: The server logs detailed information about passphrase decryption and DB path
Connection issues
Verify Java is installed:
java -versionCheck that
JAVA_HOMEis set correctly in the MCP configurationReview your MCP client logs for detailed error messages
FTS (Full-Text Search) tables
The server automatically handles FTS virtual tables that may not have accessible metadata. These tables will appear with empty column lists.
License
Licensed under the Apache License, Version 2.0. See LICENSE for details.
Third-Party Licenses
sqlite-jdbc-crypt (Apache License 2.0) - SQLite JDBC driver with encryption support
Gson (Apache License 2.0) - JSON library for Java
Source: https://github.com/google/gson
JUnit Jupiter (Eclipse Public License 2.0) - Testing framework
Source: https://junit.org/junit5/
See NOTICE for detailed attribution information.
Acknowledgments
sqlite-jdbc-crypt - SQLite JDBC driver with encryption support
Model Context Protocol - MCP specification
Contributing
Contributions are welcome! Please feel free to submit a Pull Request. See CONTRIBUTING.md for guidelines.
Support
For issues, questions, or contributions, please open an issue on GitHub.
Buy me a coffee
Like this integration? Feel free to buy me a coffee! Your support helps me continue working on cool features.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/rosch100/mcp-encrypted-sqlite'
If you have feedback or need assistance with the MCP directory API, please join our Discord server