Security Proposal: Adopt Best Practices for Credential Management in MCP Server and Open-Source Implementation

[chenxi-neo]

Security Proposal: Adopt Best Practices for Credential Management in MCP Server and Open-Source Implementation

Description

Hi MCP Community,

I would like to propose a security enhancement for MCP Server to address the risks associated with credential management, particularly for accessing various data sources. By adopting industry best practices for both temporary and long-term credentials, we can significantly reduce the potential risks of credential leakage and improve the overall security posture of MCP Server.

---

1. Temporary Credentials

MCP Server often needs to access data sources using temporary, rotatable credentials. To ensure secure and efficient management of these credentials, I recommend implementing the following industry best practices:

A. Workload Identity-Based Access

When MCP Server acts as a workload to access data sources, the following mechanisms should be adopted:

• GCP Workload Identity Federation: Allow workloads to authenticate directly with GCP services without relying on long-term credentials.
• Azure Entra Client Credential Auth: Use Azure Entra (formerly Azure AD) for secure authentication and token issuance.
• AWS EC2 Instance Metadata: Leverage AWS EC2 instance metadata for retrieving temporary credentials.
• Kubernetes Integration with AWS STS: Implement AssumeRoleWithWebIdentity to enable Kubernetes service accounts to exchange tokens for AWS STS credentials.

These approaches ensure that credentials are short-lived, automatically rotated, and tied to specific workloads, minimizing the risk of misuse.

B. User Identity-Based Access

When MCP Server acts on behalf of a user (e.g., Claude Desktop Client or Cursor Client calling a locally deployed MCP Server), the following best practice should be implemented:

• OAuth 2.0 Device Flow: Use OAuth 2.0 Device Flow to securely authenticate users and obtain access tokens without exposing credentials.

---

2. Long-Term Credentials

In cases where long-term credentials are unavoidable (e.g., legacy systems or APIs that rely on static credentials like username/password or API keys), MCP Server should enforce strict security measures:

• Secure Storage: Store long-term credentials in a secure vault system such as HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, or GCP Secret Manager.
• Access Control: Implement strict access controls and audit logging for credential retrieval and usage.
• Encryption: Ensure credentials are encrypted at rest and in transit.

---

Proposal

To align MCP Server with industry standards and enhance its security, I propose the following:

1. Officially adopt the best practices outlined above for managing temporary and long-term credentials.
2. Open-source the implementation of these security features to enable community collaboration, transparency, and continuous improvement.

By open-sourcing the implementation, the MCP community can actively contribute to and review the security mechanisms, ensuring a robust and trustworthy solution.

---

Next Steps

1. Evaluate the feasibility of integrating the suggested mechanisms for temporary and long-term credential management.
2. Develop a roadmap for implementing secure credential storage and access control.
3. Open-source the implementation to foster community involvement and feedback.

I believe these improvements will significantly strengthen MCP Server's security and align it with industry best practices. I look forward to hearing the community's thoughts and feedback on this proposal!

Best regards