How to securely provide env variables to MCP servers?

Resolved 💬 5 comments Opened Jun 13, 2025 by Guitaricet Closed Jul 20, 2025

I am preparing a shared .mcp.json file that I want to commit to our repository, but facing an issue in how to authenticate in the database.

There are two solutions that I see:

  1. Provide it plaintext
    "postgres": {
      "command": "docker",
      "args": [
        "run", 
        "-i", 
        "--rm", 
	"--network=host",
        "mcp/postgres", 
        "postgresql://user_name:<our_actual_plaintext_password>@postgres_ip:5432/database_name"]
    }

This one is a big no for obvious reasons. Env variables and code should not go together.

  1. Set an environment variable PGPASSWORD in my env
    "postgres": {
      "command": "docker",
      "args": [
        "run", 
        "-i", 
        "--rm", 
	"--network=host",
        "-e",
        "PGPASSWORD",
        "mcp/postgres", 
        "postgresql://user_name@postgres_ip:5432/database_name"]
    }

It's acceptable, but inconvenient, because the env variable for the database that we have is named differently, say DBPWD

Ideally, I would like to see an option to expand env variables similar to

    "postgres": {
      "command": "docker",
      "args": [
        "run", 
        "-i", 
        "--rm", 
	"--network=host",
        "mcp/postgres", 
        "postgresql://user_name:$DBPWD@postgres_ip:5432/database_name"]
    }

or, maybe:

...
      "env": {
        "PGPASSWORD": "${PSQLPWD}",
...

I believe currently there is no option to do so (please correct me if I'm wrong), are there any plans on adding this functionality and recommendations for a workaround

View original on GitHub ↗

This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗