You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Agents (Claude/Cursor/Devin/etc.) hesitate to call secrets.set with a raw key value because it trips their "never enter API keys into a field" safety reflex. We're mitigating with wording (PR #2049 relabels the tool + adds MCP server instructions), but the universally-safe pattern is to let the agent provision a secret it never touches.
Proposal — secrets.request
New MCP tool + flow, mirroring how password managers / OAuth let an agent trigger a credential entry it never sees:
Problem
Agents (Claude/Cursor/Devin/etc.) hesitate to call
secrets.setwith a raw key value because it trips their "never enter API keys into a field" safety reflex. We're mitigating with wording (PR #2049 relabels the tool + adds MCP serverinstructions), but the universally-safe pattern is to let the agent provision a secret it never touches.Proposal —
secrets.requestNew MCP tool + flow, mirroring how password managers / OAuth let an agent trigger a credential entry it never sees:
secrets.request(key, reason)→ backend returns a short-livedportal_url(+ request id).secrets.status(key)until set, then continues.Why it matters
Scope
POST /secrets/requests(create, returns signed short-lived portal token), portal page to accept+store,GET /secrets/requests/{id}status.secrets.request,secrets.statustools (read-only-ish; never return the value).secrets.setfor the explicit agent-set path (now well-framed via feat(mcp): reframe secrets.set as a Vercel-style env var (agents stop refusing) #2049).Related
Filed from a product discussion; not urgent — roadmap.