Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": true
} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| get-secret | Get a secret by name. By default, injects the value into a local file so it never appears in the AI conversation. Use reveal:true to see the raw value (audited as conscious action). Use cleanup:true to remove all injected secrets from disk. |
| list-secrets | List all available secrets with their tags and expiration status. Returns names and metadata, never values. |
| create-secret | Create a new secret. Secrets with the same name can coexist if they have different env tags. |
| renew-secret | Renew an expired secret or change its TTL. Use this to reactivate expired secrets or extend expiration. |
| delete-secret | Delete a secret (soft delete, can be recovered) |
| update-secret | Update an existing secret's value, description, tags, or domain. Only provided fields are changed. |
| import-env | Import secrets from .env files into SecureCode. For security, .env import must be done through the web interface — the AI agent never sees secret values during import. This tool provides the link to the import page. |
| export-env | Export all secrets as .env or CSV format. Returns the full content with decrypted values. |
| get-status | Get your SecureCodeHQ account status: plan, usage limits, secrets count, and MCP server version. Useful to check remaining capacity and verify the server is up to date. |
| wake-session | Wake (unlock) the session to start accessing secrets. Optionally restrict access to specific tag scope and set auto-sleep timer. |
| sleep-session | Lock the session immediately. All secret access will be blocked until you wake it again. Use this when you finish working. |
| session-status | Check the current session status: active or sleeping, scope restrictions, and time remaining before auto-sleep. |
| byebye | End your work session. Locks the session, cleans up all injected secrets from disk, and says goodbye. Use this when you finish working for the day. |
| get-active-rules | List active MCP access rules. Read-only — rules can only be created or modified from the dashboard. Use this to understand why access to a secret was blocked. |
| onboard | Start or continue the SecureCode onboarding. Guides the user through signup, .env import, API key creation, MCP configuration, and optional SDK setup — all from Claude Code. Call this tool multiple times to progress through the steps. |
| security-check | Analyze the project for security issues after SecureCode setup. Returns a list of actions the agent MUST execute to protect secrets. Call this after SDK installation. |
| help | Get SecureCode documentation: available tools, usage patterns, SDK setup, and common workflows. Use this to understand how to help the user with SecureCode. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |