Robert Munteanu
Software developer, Open Source contributor, occasional blogger and all-round geek. Currently working as a computer scientist for Adobe on the Adobe Experience Manager product.
Latest blog post: Securing MCP Server connection credentials with SOPS
When using coding assistants like OpenCode, Claude, Codex, or others it can be useful to connect to external systems using the Model Context Protocol, or MCP.
MCP servers usually require authentication and sometimes this is the form of API keys or username/password combinations.
When defining connections in a configuration file these usually end up hardcoded. In the OpenCode configuration format this would be:
{
"mcp": {
"my-local-mcp": {
"type": "local",
"command": ["docker", "run", "--rm", "-i", "-e", "MY_SECRET_TOKEN", "my-mcp-server-image:latest"],
"environment": {
"MY_SECRET_TOKEN": "admin"
}
}
}
}
This has the disadvantage of storing the token in plain text format. There is the possibility of referencing environment variables instead using the {env:MY_SECRET_TOKEN} format , but this puts the burden on the user to set those correctly and many times they end up being stored in profile files or .envrc files managed by direnv which are also stored in plain text format and have the same disadvantages.
External links
- Social: rombert on fosstodon.org
- Code: rombert on github
- Presentation slides: rombertw on slideshare
- Presentation videos: Robert Munteanu's technical presentations on YouTube
- Professional experience: Robert Munteanu on LinkedIn
- Want to email me? Use this site's subdomain at this site's domain, ends up being my full name