[FEATURE] OS Keychain/Credential Manager Support for MCP Configuration

Resolved 💬 4 comments Opened Mar 12, 2026 by segevfiner Closed May 17, 2026

Preflight Checklist

  • [x] I have searched existing requests and this feature hasn't been requested yet
  • [x] This is a single feature request (not multiple features)

Problem Statement

For MCP servers that require a manual API key (Don't have an automatic OAuth flow), you currently have to specify the API key directly in the MCP configuration, this stores the API key unencrypted and insecurely on disk, and worse, you can't even do that properly when you want to share MCP configurations as it will commit the key along with it.

Proposed Solution

Support storing API keys specified in MCP configuration in the OS key chain instead of directly specified in the file. VS Code Copilot already does this by specifying input variables for an MCP server config, whose values get stored in the keychain, which Claude Code decide to support in a similar manner, or you can come up with your own syntax for that. Something that can be safe to commit in project config and each user will get asked about and will be stored securely.

Claude Code already stores OAuth derived credentials securely in the OS keychain, so the code to store stuff there is already there, it's just a matter of integrating this for usage with directly specified API keys in MCPs.

Alternative Solutions

Keep storing API keys insecurely. Don't commit such MCP servers to shared project config.

Priority

Critical - Blocking my work

Feature Category

MCP server integration

Use Case Example

claude mcp add-json github '{"type":"http","url":"https://api.githubcopilot.com/mcp","headers":{"Authorization":"Bearer ${input:github-pat}"},"inputs":[{"type": "promptString","id": "github-pat","description": "GitHub PAT","password": true}]}'

Additional Context

https://code.visualstudio.com/docs/copilot/reference/mcp-configuration#_input-variables-for-sensitive-data

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗