gke-cred-audit
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@gke-cred-auditwhat are the high severity findings?"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
gke-cred-audit
Defensive credential-exposure auditor for GKE. Deployed in-cluster as a single
Pod (Deployment + Service); fronted by Natoma at /mcp.
The server uses its own ServiceAccount to:
Inventory its own GCE/GKE workload-identity exposure (project, instance, SA scopes/tokens).
Decode its own projected ServiceAccount token (claims only) and walk its mounted secret files.
Inventory the pods + ConfigMaps in its namespace (and, opt-in, secret metadata) so Natoma can ask follow-up questions about workloads that share the namespace.
Compute its own RBAC posture via
SelfSubjectRulesReviewand a curatedSelfSubjectAccessReviewmatrix.
Surfaces
REST with an OpenAPI 3.1 spec at
/openapi.json(Swagger UI at/docs, ReDoc at/redoc).MCP server over Streamable HTTP, mounted at
/mcp(per MCP spec rev 2025-03-26).
Both surfaces share the same redacted pydantic models. Raw bearer tokens, JWT signatures, PEM
private keys, and Secret values are never returned. The break-glass RAW_REVEAL flag exists for
debugging individual tokens; it never extends to namespace Secret values.
Deploying via Natoma
Natoma is the auth boundary for /mcp. The server itself has no native auth; this is intentional
and surfaced in /version, audit://server-info, and the OpenAPI spec via x-auth=none (gateway-managed).
kubectl apply -f manifests/rbac.yaml
kubectl apply -f manifests/deployment.yaml
kubectl apply -f manifests/service.yaml
kubectl apply -f manifests/networkpolicy.yamlThen point Natoma's gateway at http://gke-cred-audit.<namespace>.svc:8787/mcp.
The bundled NetworkPolicy only permits ingress from namespaces labeled natoma-gateway: "true";
adjust to match your installation. Egress is restricted to the Kubernetes API server and the GCE
metadata IP.
Granting secret enumeration
AUDIT_ENABLE_SECRET_LISTING=true opts in to namespace Secret enumeration. Even when enabled, the
server returns metadata only -- name, type, key names, per-key size, per-key SHA-256 prefix.
Values are never returned. A property-based test (tests/test_redaction_invariant.py)
runs against mocked Secrets containing real-looking base64 data to enforce this.
The trade-off: granting secrets:list to the audit ServiceAccount makes the audit pod a high-trust
target. Default is OFF. When enabling, prefer:
A dedicated namespace for the audit Deployment, with no other workloads.
Tightening the bundled Role with
resourceNames: [...]to specific Secret names.A
NS-SECRETS-LIST-GRANTEDfinding will appear in/findingsto make this visible.
Running locally
pip install -e '.[dev]'
gke-cred-audit --bind 127.0.0.1 --port 8787Then:
curl http://127.0.0.1:8787/openapi.json-- OpenAPI 3.1 documentcurl http://127.0.0.1:8787/findings?severity=HIGH-- JSON findingscurl http://127.0.0.1:8787/server-info-- capability manifestMCP clients connect to
http://127.0.0.1:8787/mcp
What's intentionally NOT in scope
Cross-namespace reads (would require ClusterRole; not used).
Returning Secret
data/stringDataunder any flag.Native auth on the server (Natoma owns auth).
This server cannot be installed
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/rrupesh/mcp-test'
If you have feedback or need assistance with the MCP directory API, please join our Discord server