[FEATURE] Builtin mechanism to easily store bearer tokens/api keys securely like what is done for automatic OAuth flows
Preflight Checklist
- [x] I have searched existing requests and this feature hasn't been requested yet
- [x] This is a single feature request (not multiple features)
Problem Statement
When you want to use an MCP server that uses a bearer token or API key to authenticate rather then an automated OAuth flow, you need to store the token somewhere. But your options are rather abysmal currently. Storing it hard coded will just leave it hard coded as part of the Claude configuration or MCP configuration JSON, using an environment variable will require you to load it into your session manually before starting Claude Code which is inconvenient, and storing it in your shell profile is even worse as then every program launched that has your shell profile loaded has access to it.
Proposed Solution
VS Code implemented input variables in its MCP configuration for this purpose https://code.visualstudio.com/docs/copilot/customization/mcp-servers#_input-variables-for-sensitive-data, it would be nice to have something similar to that in Claude Code though obviously it doesn't need to work exactly like it does in VS Code and can be different to more fit into how Claude Code handles MCP.
Alternative Solutions
Wire this up manually somehow, perhaps using a startup script to manually load the needed API keys from some secure storage location like that macOS keychain or otherwise manually...
Priority
Critical - Blocking my work
Feature Category
MCP server integration
Use Case Example
- Using the GitHub MCP server, which currently doesn't do OAuth DCR (They only support OAuth with application that have special knowledge of it and pre-registered a client) so it requires a PAT.
Additional Context
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗