Keyway MCP Server

keyway_list_secrets

Retrieve secret names from the Keyway vault for a specified repository environment, returning only identifiers without exposing sensitive values.

Instructions

List all secret names in the Keyway vault for the current repository. Returns only the keys, not the values.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`environment`	No	Environment to list secrets from (default: "development")

Implementation Reference

src/tools/list-secrets.ts:12-33 (handler)

The handler function that retrieves, parses, and returns the list of secrets for the specified environment.

export async function listSecrets(args: { environment?: string }): Promise<CallToolResult> {
  const token = await getToken();
  const repository = getRepository();
  const environment = args.environment || 'development';

  const content = await pullSecrets(repository, environment, token);
  const secrets = parseEnvContent(content);
  const keys = Object.keys(secrets).sort();

  return {
    content: [
      {
        type: 'text',
        text: JSON.stringify(
          { repository, environment, count: keys.length, secrets: keys },
          null,
          2
        ),
      },
    ],
  };
}

src/index.ts:24-34 (registration)

Tool registration for 'keyway_list_secrets' in the main index file, mapping it to the 'listSecrets' handler.

server.tool(
  'keyway_list_secrets',
  'List all secret names in the Keyway vault for the current repository. Returns only the keys, not the values.',
  {
    environment: z
      .string()
      .optional()
      .describe('Environment to list secrets from (default: "development")'),
  },
  async (args) => listSecrets(args)
);

Tool Definition Quality

A4.2/5.0

Behavior3/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries the full burden. It discloses that the tool returns only keys (not values), which is useful behavioral context. However, it lacks details on permissions, rate limits, or error handling. The description does not contradict any annotations.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is two concise sentences with zero waste: the first states the purpose and scope, and the second clarifies the return format. It is front-loaded with the core functionality and efficiently conveys necessary information.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's low complexity (one optional parameter, no output schema, no annotations), the description is reasonably complete. It covers purpose, scope, and return format. However, without annotations, it could benefit from mentioning safety aspects (e.g., read-only nature) or prerequisites, but this is a minor gap.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The input schema has 100% description coverage, with one parameter ('environment') fully documented. The description does not add parameter-specific semantics beyond the schema, but since there is only one optional parameter and high schema coverage, a baseline of 4 is appropriate as the schema handles the parameter details adequately.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the specific action ('List all secret names') and resource ('in the Keyway vault for the current repository'), distinguishing it from siblings like 'keyway_set_secret' (which creates/updates) and 'keyway_scan' (which likely analyzes). It explicitly mentions what is returned ('only the keys, not the values'), avoiding ambiguity.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides clear context for when to use this tool: to retrieve secret names from the current repository's vault. It implies usage by specifying the scope ('current repository'), but does not explicitly state when not to use it or name alternatives (e.g., 'keyway_scan' might list secrets with details).

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/keywaysh/keyway-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server