@1claw/mcp — published on npm

The MCP server
secrets manager

AI agents need secrets — API keys, database URLs, signing keys. The Model Context Protocol needs a vault that speaks its language. 1claw is the MCP-native secrets manager with 17 tools, HSM encryption, and policy-based access control.

Start freeRead the MCP docs

What MCP needs from a secrets manager

The Model Context Protocol is an open standard for connecting AI models to external tools. When those tools need credentials — database connections, API keys, signing keys, OAuth tokens — the protocol needs a secure way to deliver them. Here's what a proper MCP secrets manager requires:

  • Encryption at rest and in transit. Secrets must be encrypted with HSM-backed keys, not stored in plaintext config files. The transport between MCP server and vault must be TLS with short-lived tokens.
  • Policy-based access control. Not every agent should see every secret. MCP tools should be scoped to specific paths, with glob patterns, IP conditions, and time windows. An agent requesting databases/* shouldn't be able to read signing-keys/*.
  • Rotation and versioning. Credentials expire and get compromised. The secrets manager needs to support versioned secrets, one-step rotation, and max-access-count limits for ephemeral credentials.
  • Audit logging. Every secret access must be recorded — who accessed what, when, from which IP. The audit trail should be tamper-evident with hash chaining.
17 MCP tools

Every tool your agent needs

Full CRUD, rotation, sharing, environment bundles, and blockchain transaction signing — all exposed as MCP tools.

get_secret

Fetch a secret by path. Returns the current version value.

put_secret

Store or update a secret. Supports typed values (api_key, password, certificate, etc.).

list_secrets

List all secrets in a vault. Filtered by the agent’s policy scope.

describe_secret

Get metadata (type, version count, created_at) without revealing the value.

rotate_and_store

Generate a new credential value and store it as the next version. One-step rotation.

share_secret

Share a secret to another agent or back to the creating human.

create_vault

Create a new encrypted vault for organizing secrets.

list_vaults

List all vaults the agent has access to.

grant_access

Grant another principal a policy on a secret path.

delete_secret

Delete a secret. Requires write policy.

get_env_bundle

Fetch multiple secrets at once as key-value pairs for environment injection.

submit_transaction

Submit a blockchain transaction intent (Intents API agents).

sign_transaction

Sign a transaction without broadcasting — returns signed tx hex for custom RPC.

simulate_transaction

Simulate a transaction via Tenderly before signing.

simulate_bundle

Simulate a bundle of transactions in sequence via Tenderly.

list_transactions

List recent transactions for an agent. Includes status and hashes.

get_transaction

Get details of a specific transaction by ID.

inspect_content

Standalone security scanner: detects prompt injection, PII, encoding tricks, and social engineering.

Integration patterns

The 1claw MCP server works with any MCP-compatible client. Here are the most common patterns:

  • Cursor IDE. Add the MCP config to .cursor/mcp.json. Your Cursor agent gets vault access for every project.
  • Claude Desktop. Add to claude_desktop_config.json. Claude can fetch, store, and rotate secrets through tool calls.
  • Custom MCP clients. Any client implementing the MCP spec can connect. The server runs as a stdio process — no HTTP server to manage.
  • CI/CD pipelines. Use the 1claw CLI (npx @1claw/cli env pull) to inject secrets into builds without storing them in CI environment variables.
MCP config — any client
{
  "mcpServers": {
    "1claw": {
      "command": "npx",
      "args": ["@1claw/mcp"],
      "env": {
        "ONECLAW_AGENT_API_KEY": "ocv_..."
      }
    }
  }
}

// Key-only auth: agent ID auto-resolved
// Vault auto-discovered from token response
// JWT refreshed 60s before expiry

Authentication and access control

The MCP server supports three authentication modes. The simplest — key-only auth — requires just the agent's API key. The server auto-discovers the agent ID and vault from the token exchange response. For advanced setups, you can pass the agent ID explicitly or use a static JWT.

Key-only (recommended)

Set ONECLAW_AGENT_API_KEY. The MCP server exchanges it for a JWT, discovers the agent ID from the prefix lookup, and auto-selects the vault.

Explicit agent ID

Set ONECLAW_AGENT_ID + ONECLAW_AGENT_API_KEY. Useful when an API key is shared across environments and you want to pin a specific agent.

Static JWT (legacy)

Set ONECLAW_AGENT_TOKEN + ONECLAW_VAULT_ID. For pre-issued tokens in CI/CD or serverless functions.

Regardless of auth mode, the agent only accesses secret paths granted by its policies. Policies support glob patterns (api-keys/*), IP conditions, time windows, and read/write permissions. The policy engine evaluates every request — no policy match means no access.

npm install @1claw/mcp

Build MCP servers on a real secrets backend

Stop storing secrets in environment variables and JSON config files. Give your MCP tools a proper vault with HSM encryption, policies, and an audit trail.

Start freeRead the MCP docs

Also available: TypeScript SDK · CLI · REST API