Skip to content

Feature Request: Hide API Keys in MCP Server Configuration #15

New issue
New issue
Open
Open
Feature Request: Hide API Keys in MCP Server Configuration#15
Assignees
sts-dat-nguyen2
@sts-dat-nguyen2

Description

@sts-dat-nguyen2
sts-dat-nguyen2
opened on Jun 23, 2025

Summary

Currently, API keys in the MCP Server configuration Environment Variables section are displayed in plain text. This poses a security risk as sensitive credentials are visible to anyone viewing the configuration interface.

Current Behavior

  • API keys and other sensitive environment variables are displayed in plain text
  • No masking or hiding mechanism is implemented for sensitive fields
  • Credentials are exposed in the UI, creating potential security vulnerabilities

Requested Feature

Implement password-style masking for sensitive environment variables, particularly API keys, in the MCP Server configuration interface.

Acceptance Criteria

  • Environment variables containing API keys should be masked (displayed as ••••••••)
  • Option to toggle visibility (show/hide) for masked fields
  • Automatic detection of sensitive field names (e.g., fields containing "API_KEY", "TOKEN", "SECRET", "PASSWORD")
  • Manual option to mark specific environment variables as sensitive
  • Values should still be editable while masked
  • Existing functionality should remain unchanged

Suggested Implementation

  1. Auto-detection: Automatically mask environment variables with names containing:

    • API_KEY
    • TOKEN
    • SECRET
    • PASSWORD
    • PRIVATE_KEY

  2. UI Components:

    • Use password input type for sensitive fields
    • Add eye icon toggle button to show/hide values
    • Visual indicator (lock icon) for masked fields

  3. Manual Override:

    • Checkbox or toggle to manually mark fields as sensitive
    • Setting should persist in configuration

Security Benefits

  • Prevents shoulder surfing attacks
  • Reduces risk of accidental credential exposure in screenshots/recordings
  • Follows security best practices for credential management
  • Improves overall application security posture

Priority

Medium-High - Security-related feature that protects sensitive user credentials

Additional Context

This feature request is based on standard security practices implemented in most configuration management tools and password managers. Similar functionality exists in tools like Docker Desktop, Kubernetes dashboards, and various CI/CD platforms.

Labels: enhancement, security, feature-request, ui/ux

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions