MCP

Introduction to the Secryn MCP server and its authentication model.

MCP Introduction

Secryn provides a dedicated MCP (Model Context Protocol) server that allows AI agents and MCP-compatible clients to securely retrieve secrets, keys, and certificates.

The MCP server acts as a bridge between agents and your Secryn instance.

All requests follow JSON-RPC format and use the tools/call method to execute operations.

MCP requires:

A valid Mcp-Session-Id header
Vault credentials passed per request

Authentication Model

Each MCP request requires:

1. Session Header

Mcp-Session-Id: YOUR_SESSION_ID

2. Vault Credentials (Inside Request Body)

Vault credentials are passed inside the request under:

vault
credentials

The MCP server will use the provided credentials to call your Secryn API.

baseUrl must include the /api suffix.

Example:

{
  "vault": {
    "id": "Test Vault",
    "vaultId": "Test Vault",
    "accessKey": "VAULT_ACCESS_KEY",
    "baseUrl": "https://demo.secryn.io/api"
  }
}

Important Notes

method must be tools/call (slash format).
baseUrl must include /api.
Vault credentials are required for non-public resources.
Public keys/certificates require code when preferPublic=true.
Secrets are never public.
All MCP activity is logged.

Methods