Bug: neo4j-memory MCP tool fails with 'Unauthorized' while neo4j-cypher works with the same credentials. #86
Description
When using the Docker MCP Toolkit, the mcp/neo4j-memory tool consistently fails to authenticate against a Neo4j database, returning a Neo.ClientError.Security.Unauthorized error.
In contrast, the mcp/neo4j-cypher tool, using the exact same configuration (config.yaml), secret file (.env), and pointing to the same Neo4j instance, connects and authenticates successfully. This strongly suggests a bug within the mcp/neo4j-memory tool itself, where it might not be correctly reading or applying the credentials passed by the MCP gateway. The credentials have been verified externally and work.
%docker mcp gateway run --port 1000 --transport streaming --secrets mcp.env
- Reading configuration...
- Reading registry from registry.yaml
- Reading catalog from docker-mcp.yaml
- Reading config from config.yaml
- Configuration read in 9.205334ms
- Watching registry at /Users/jowa/.docker/mcp/registry.yaml
- Watching config at /Users/jowa/.docker/mcp/config.yaml
- Those servers are enabled: duckduckgo, neo4j-cypher, neo4j-memory
- Using images:
- mcp/duckduckgo@sha256:68eb20db6109f5c312a695fc5ec3386ad15d93ffb765a0b4eb1baf4328dec14f
- mcp/neo4j-cypher@sha256:8f400d041ff120d2451902bdc97ac7d0da96365efb7b44dfb811d52cf1ed07c8
- mcp/neo4j-memory@sha256:ca3969dbf634fc34e61883e290a0b2e77cf53581d409ef6b7f1eca06fdbd09de
> Images pulled in 2.986834ms
- Listing MCP tools...
- Running mcp/duckduckgo with [run --rm -i --init --security-opt no-new-privileges --cpus 1 --memory 2Gb --pull never -l docker-mcp=true -l docker-mcp-tool-type=mcp -l docker-mcp-name=duckduckgo -l docker-mcp-transport=stdio]
- Running mcp/neo4j-memory with [run --rm -i --init --security-opt no-new-privileges --cpus 1 --memory 2Gb --pull never -l docker-mcp=true -l docker-mcp-tool-type=mcp -l docker-mcp-name=neo4j-memory -l docker-mcp-transport=stdio -e NEO4J_PASSWORD -e NEO4J_URL -e NEO4J_USERNAME]
- Running mcp/neo4j-cypher with [run --rm -i --init --security-opt no-new-privileges --cpus 1 --memory 2Gb --pull never -l docker-mcp=true -l docker-mcp-tool-type=mcp -l docker-mcp-name=neo4j-cypher -l docker-mcp-transport=stdio -e NEO4J_PASSWORD -e NEO4J_URL -e NEO4J_USERNAME]
> neo4j-cypher: (3 tools)
> duckduckgo: (2 tools)
**> Can't start neo4j-memory: Failed to connect to Neo4j: {code: Neo.ClientError.Security.Unauthorized} {message: The client is unauthorized due to authentication failure.}**
> 5 tools listed in 552.056792ms
- Watching for configuration updates...
> Initialized in 564.4325ms
> Start streaming server on port 1000
Environment
Operating System: macOS
Docker Engine : v28.3.2
Configuration Files
registry.yaml
registry:
neo4j-cypher:
ref: ""
neo4j-memory:
ref: ""
config.yaml
neo4j-cypher:
url: bolt://host.docker.internal:7687
username: neo4j
password:
secret: neo4j.password
neo4j-memory:
url: bolt://host.docker.internal:7687
username: neo4j
password:
secret: neo4j.password
mcp.env
neo4j.password=my_correct_password