@1claw/mcp — published on npm

The MCP server
secrets manager

AI agents need secrets — API keys, database URLs, signing keys. The Model Context Protocol needs a vault that speaks its language. 1claw is the MCP-native secrets manager with 36 tools, HSM encryption, and policy-based access control.

Start freeRead the MCP docs

What MCP needs from a secrets manager

The Model Context Protocol is an open standard for connecting AI models to external tools. When those tools need credentials — database connections, API keys, signing keys, OAuth tokens — the protocol needs a secure way to deliver them. Here's what a proper MCP secrets manager requires:

  • Encryption at rest and in transit. Secrets must be encrypted with HSM-backed keys, not stored in plaintext config files. The transport between MCP server and vault must be TLS with short-lived tokens.
  • Policy-based access control. Not every agent should see every secret. MCP tools should be scoped to specific paths, with glob patterns, IP conditions, and time windows. An agent requesting databases/*shouldn't be able to read signing-keys/*.
  • Rotation and versioning. Credentials expire and get compromised. The secrets manager needs to support versioned secrets, one-step rotation, and max-access-count limits for ephemeral credentials.
  • Audit logging. Every secret access must be recorded — who accessed what, when, from which IP. The audit trail should be tamper-evident with hash chaining.
36 MCP tools

Every tool your agent needs

Full CRUD, rotation, sharing, environment bundles, and blockchain transaction signing — all exposed as MCP tools.

get_secret

Fetch a secret by path. Returns the current version value.

put_secret

Store or update a secret. Supports typed values (api_key, password, certificate, etc.).

list_secrets

List all secrets in a vault. Filtered by the agent’s policy scope.

describe_secret

Get metadata (type, version count, created_at) without revealing the value.

rotate_and_store

Generate a new credential value and store it as the next version. One-step rotation.

share_secret

Share a secret to another agent or back to the creating human.

create_vault

Create a new encrypted vault for organizing secrets.

list_vaults

List all vaults the agent has access to.

grant_access

Grant another principal a policy on a secret path.

delete_secret

Delete a secret. Requires write policy.

get_env_bundle

Fetch multiple secrets at once as key-value pairs for environment injection.

submit_transaction

Submit a blockchain transaction intent (Intents API agents).

sign_transaction

Sign a transaction without broadcasting — returns signed tx hex for custom RPC.

simulate_transaction

Simulate a transaction via Tenderly before signing.

simulate_bundle

Simulate a bundle of transactions in sequence via Tenderly.

list_transactions

List recent transactions for an agent. Includes status and hashes.

get_transaction

Get details of a specific transaction by ID.

inspect_content

Standalone security scanner: detects prompt injection, PII, encoding tricks, and social engineering.

rotate_generate

Server-side secret rotation: generates a cryptographically random value as the next version.

list_versions

List all versions of a secret. Useful for auditing rotation history.

provision_signing_key

Provision a multi-chain signing key for an agent (Ethereum, Bitcoin, Solana, etc.).

list_signing_keys

List all active signing keys for an agent across supported chains.

sign_message

EIP-191 personal_sign: sign an arbitrary message with an agent’s signing key.

sign_typed_data

EIP-712 typed data signing with domain-aware structured hashing.

platform_list_apps

List platform apps registered in the organization.

platform_create_app

Register a new platform app for building on top of 1Claw.

platform_bootstrap_user

Provision vaults, agents, and policies for a user from a bootstrap template.

platform_reissue_claim

Mint a fresh claim URL for an already-bootstrapped platform connection.

platform_rotate_key

Rotate a platform app’s plt_ API key (one-time return).

treasury_propose

Create a Safe multisig proposal for a treasury transaction.

treasury_sign_proposal

Approve or reject a treasury proposal with an EIP-712 signature.

treasury_list_proposals

List treasury proposals filtered by status.

request_approval

Ask a human to approve a policy change or sensitive action.

list_approvals

List approval requests (pending, approved, denied).

get_approval

Poll a specific approval while waiting on a human decision.

lease_bankr_key

Privileged Bankr key vending — lease metadata only; never returns bk_usr_ in output.

Integration patterns

The 1claw MCP server works with any MCP-compatible client. Here are the most common patterns:

  • Cursor IDE. Add the MCP config to .cursor/mcp.json. Your Cursor agent gets vault access for every project.
  • Claude Desktop. Add to claude_desktop_config.json. Claude can fetch, store, and rotate secrets through tool calls.
  • Custom MCP clients. Any client implementing the MCP spec can connect. The server runs as a stdio process — no HTTP server to manage.
  • CI/CD pipelines. Use the 1claw CLI (npx @1claw/cli env pull) to inject secrets into builds without storing them in CI environment variables.
MCP config — any client
{
  "mcpServers": {
    "1claw": {
      "command": "npx",
      "args": ["@1claw/mcp"],
      "env": {
        "ONECLAW_AGENT_API_KEY": "ocv_..."
      }
    }
  }
}

// Key-only auth: agent ID auto-resolved
// Vault auto-discovered from token response
// JWT refreshed 60s before expiry

Authentication and access control

The MCP server supports three authentication modes. The simplest — key-only auth — requires just the agent's API key. The server auto-discovers the agent ID and vault from the token exchange response. For advanced setups, you can pass the agent ID explicitly or use a static JWT.

Key-only (recommended)

Set ONECLAW_AGENT_API_KEY. The MCP server exchanges it for a JWT, discovers the agent ID from the prefix lookup, and auto-selects the vault.

Explicit agent ID

Set ONECLAW_AGENT_ID + ONECLAW_AGENT_API_KEY. Useful when an API key is shared across environments and you want to pin a specific agent.

Static JWT (legacy)

Set ONECLAW_AGENT_TOKEN + ONECLAW_VAULT_ID. For pre-issued tokens in CI/CD or serverless functions.

Regardless of auth mode, the agent only accesses secret paths granted by its policies. Policies support glob patterns (api-keys/*), IP conditions, time windows, and read/write permissions. The policy engine evaluates every request — no policy match means no access.

npm install @1claw/mcp

Build MCP servers on a real secrets backend

Stop storing secrets in environment variables and JSON config files. Give your MCP tools a proper vault with HSM encryption, policies, and an audit trail.

Start freeRead the MCP docs

Also available: TypeScript SDK · CLI · REST API