Keyway MCP Server

Instructions

Implementation Reference

• src/tools/set-secret.ts:14-48 (handler)

  The handler function `setSecret` that processes the `keyway_set_secret` tool, including validation and interaction with the API.

  export async function setSecret(args: {
    name: string;
    value: string;
    environment?: string;
  }): Promise<CallToolResult> {
    // Validate name format
    if (!SECRET_NAME_PATTERN.test(args.name)) {
      return {
        content: [
          {
            type: 'text',
            text: `Invalid secret name "${args.name}". Name must be uppercase with underscores (e.g., DATABASE_URL, API_KEY)`,
          },
        ],
        isError: true,
      };
    }
  
    const token = await getToken();
    const repository = getRepository();
    const environment = args.environment || 'development';
  
    const result = await pushSecrets(repository, environment, { [args.name]: args.value }, token);
  
    const action = result.stats?.created ? 'created' : 'updated';
  
    return {
      content: [
        {
          type: 'text',
          text: JSON.stringify({ success: true, name: args.name, environment, action }, null, 2),
        },
      ],
    };
  }

• src/index.ts:36-48 (registration)

  Registration of the `keyway_set_secret` tool in the MCP server, defining its schema and mapping it to the `setSecret` handler.

  server.tool(
    'keyway_set_secret',
    'Create or update a secret in the Keyway vault. The key must be uppercase with underscores (e.g., DATABASE_URL).',
    {
      name: z.string().describe('Secret name - must be uppercase with underscores'),
      value: z.string().describe('Secret value to store'),
      environment: z
        .string()
        .optional()
        .describe('Environment to set secret in (default: "development")'),
    },
    async (args) => setSecret(args)
  );