Cursor secrets management
without the risk
Every time you paste an API key into Cursor, it lands in prompts, logs, and LLM context windows. 1claw's MCP server injects secrets at runtime so they never touch your editor.
How secrets leak in Cursor
Cursor's AI features are powerful — but every prompt you send includes context from your workspace. When API keys live in .env files, hardcoded strings, or clipboard pastes, they become part of that context. Here's where secrets end up:
- LLM context windows. Cursor sends open files as context. If your
.envis open or referenced, the LLM provider receives your keys. - Git history. Even if you add
.envto.gitignore, a single accidental commit exposes keys forever. GitHub's secret scanning finds thousands of leaked keys daily. - Clipboard and prompts. Pasting a key into a Cursor chat message means it's now in the conversation log, synced to the cloud, and potentially used as training data.
- Shared workspaces. Team members with Cursor access can see every file. Without granular access control, every developer has every secret.
# Cursor sends this as context
OPENAI_API_KEY=sk-proj-4f8a...c2d1
STRIPE_SECRET=sk_live_51N8x...kJ2m
DATABASE_URL=postgresql://admin:p@ss@prod:5432
MCP server that plugs into Cursor natively
1claw's MCP server connects to Cursor's Model Context Protocol. Your agent fetches secrets at runtime through authenticated, scoped API calls — never from flat files.
HSM-encrypted vault
Secrets are stored in a hardware-backed vault with AES-256 envelope encryption. Not in .env, not in memory, not in the repo.
Policy-scoped access
Each agent only sees the secret paths you explicitly grant. Glob-based policies, IP restrictions, and time-window conditions.
Zero-config MCP integration
Add the MCP config to your Cursor settings. Your agent gets 17 tools: list, get, put, rotate, share, simulate, sign, and more — all authenticated.
Set up in under two minutes
Add the 1claw MCP server to your Cursor configuration. Once connected, your agent can fetch secrets on demand — no .env files needed. The agent authenticates with an API key and only accesses the secret paths you've granted via policies.
- Create a vault and store your secrets
- Register an agent and grant it a policy on the paths it needs
- Add the MCP config to Cursor — agent fetches secrets at runtime
- Secrets never appear in your workspace, git history, or prompts
{
"mcpServers": {
"1claw": {
"command": "npx",
"args": ["@1claw/mcp"],
"env": {
"ONECLAW_AGENT_API_KEY": "ocv_your_key_here"
}
}
}
}How it works under the hood
The MCP server handles authentication, token refresh, and vault discovery automatically. Your agent never stores credentials locally.
Agent starts
Cursor launches the MCP server process. It exchanges the API key for a short-lived JWT.
Vault auto-discovered
The token response includes the agent’s vault IDs. No vault ID configuration needed.
Secret fetched
When the agent calls get_secret, the MCP server fetches the value from the encrypted vault over HTTPS.
Token refreshed
JWTs auto-refresh 60 seconds before expiry. The agent key stays in the MCP process — never in Cursor memory.
.env files vs. 1claw vault
Flat files were never designed for AI-assisted development.
Stop pasting secrets into Cursor
Install the MCP server, create a vault, and your Cursor agent will never see a raw API key again. Setup takes under two minutes.
Already using 1claw? Jump to the MCP setup guide →