@sirrlock/mcp — Sirr MCP Server

Gives AI assistants like Claude direct access to your Sirr secret vault. Store, read, and share ephemeral secrets without leaving a conversation.

Demo

Anonymous dead drop — store and burn

Session 1 — store a secret (no name, no org needed)

❯ stash this deploy token: 123asdzxc

⏺ sirr-mcp - store_secret (MCP)(value: "123asdzxc")
  ⎿  Secret pushed.
     ID: a1b2c3d4e5f6…
     URL: https://sirr.sirrlock.com/s/a1b2c3d4e5f6…
     Burns after 1 read(s).

⏺ Stored. Share the URL — it burns after one read.

Session 2 — retrieve by ID (the vault burns it)

❯ get the secret at a1b2c3d4e5f6…

⏺ sirr-mcp - read_secret (MCP)(id: "a1b2c3d4e5f6…")
  ⎿  123asdzxc

⏺ Got it. Deploying to staging with the token. Done.

Session 3 — secret is already gone

❯ get that secret again

⏺ sirr-mcp - read_secret (MCP)(id: "a1b2c3d4e5f6…")
  ⎿  Secret not found, expired, or already burned.

⏺ The secret no longer exists on the server.

Org-scoped named secret — store and read by name

❯ store the BITBUCKET_TOKEN as 123asdzxc

⏺ sirr-mcp - store_secret (MCP)(value: "123asdzxc", name: "BITBUCKET_TOKEN")
  ⎿  Secret 'BITBUCKET_TOKEN' stored in org 'acme'.

❯ deploy to staging using sirr:BITBUCKET_TOKEN

⏺ sirr-mcp - read_secret (MCP)(name: "BITBUCKET_TOKEN")
  ⎿  123asdzxc

The secret existed just long enough to be used. The vault enforces expiry server-side. Claude is instructed by the tool description not to memorize or repeat the value. Even if a different agent, session, or attacker asks — there is nothing left to return.

Install

One-liner for Claude Code:

claude mcp add --transport stdio sirr -- npx -y @sirrlock/mcp

Or install globally:

npm install -g @sirrlock/mcp

Both methods work with Claude Code, Cursor, Windsurf, and any MCP client.

Quick start

Zero config (public dead drops + share links)

Works immediately. No account, no token, no org needed:

❯ stash this API key: sk-abc123
⏺ [calls store_secret] → burn URL

❯ share this password with the contractor: hunter2
⏺ [calls share_secret] → sirrlock.com burn link

Sirr Cloud (org-scoped named secrets)

1. Sign up at sirrlock.com — free tier includes 3 seats and unlimited secrets.

2. Get your principal key from the dashboard (Settings → API Keys).

3. Add to .mcp.json — paste the config block below with your key and org ID.

4. Verify — run sirr-mcp --health to confirm the connection.

Self-Hosted

1. Start Sirr — run sirrd serve and note the SIRR_MASTER_API_KEY you set.

2. Set your token — SIRR_TOKEN in your MCP config must equal that key value.

3. Add to .mcp.json — use the self-hosted config block below.

4. Verify — run sirr-mcp --health to confirm the connection.

Configuration

Sirr Cloud (default)

No SIRR_SERVER needed — defaults to https://sirr.sirrlock.com.

# Claude Code one-liner
claude mcp add --transport stdio --env SIRR_TOKEN=your-principal-key --env SIRR_ORG=your-org-id sirr -- npx -y @sirrlock/mcp

{
  "mcpServers": {
    "sirr": {
      "command": "npx",
      "args": ["-y", "@sirrlock/mcp"],
      "env": {
        "SIRR_TOKEN": "your-principal-key",
        "SIRR_ORG": "your-org-id"
      }
    }
  }
}

Self-Hosted

Point SIRR_SERVER at your own sirrd instance:

# Claude Code one-liner
claude mcp add --transport stdio --env SIRR_SERVER=http://localhost:39999 --env SIRR_TOKEN=your-master-key sirr -- npx -y @sirrlock/mcp

{
  "mcpServers": {
    "sirr": {
      "command": "npx",
      "args": ["-y", "@sirrlock/mcp"],
      "env": {
        "SIRR_SERVER": "http://localhost:39999",
        "SIRR_TOKEN": "your-master-api-key"
      }
    }
  }
}

What is SIRR_TOKEN? On Sirr Cloud, use a principal key from the sirrlock.com dashboard. For self-hosted, use the SIRR_MASTER_API_KEY value (full access) or a principal key for org-scoped access. A mismatch is the most common cause of 401 errors. See sirr.dev/errors#401.

Environment variables

CLI flags

# Print the installed version and exit
sirr-mcp --version

# Check connectivity (Cloud)
SIRR_TOKEN=your-principal-key SIRR_ORG=your-org-id sirr-mcp --health

# Check connectivity (self-hosted)
SIRR_SERVER=http://localhost:39999 SIRR_TOKEN=your-master-key sirr-mcp --health

--health exits with code 0 on success and 1 on failure, making it safe to use in scripts and CI.

Available tools

That's it. Five tools. Everything else (webhooks, keys, orgs, roles, principals) is managed via the CLI or web dashboard.

Inline secret references

You can reference org-scoped secrets inline in any prompt:

"Use sirr:DATABASE_URL to run a migration"
"Deploy with sirr:DEPLOY_TOKEN"

The sirr:KEYNAME prefix tells Claude to fetch from the vault automatically (requires SIRR_ORG to be set).

Secret lifecycle

Sirr secrets expire by design. store_secret supports expiry controls:

Use check_secret to inspect a secret's status without consuming a read — useful when you want to verify a secret is still available before fetching it.

Security notes

• Claude only sees secret values when you explicitly ask it to fetch via read_secret

• Set max_reads=1 on any secret shared for a single AI session

• The MCP server never logs secret values

• SIRR_TOKEN lives in your MCP config's env block — it is never passed as a tool argument or in prompts

• Use HTTPS (https://) when SIRR_SERVER points to a remote host — plain HTTP transmits secrets unencrypted

Troubleshooting

Related