Support secret manager references (e.g. 1Password op://) in MCP config and preserve user-defined claude() shell functions

Resolved 💬 2 comments Opened Mar 17, 2026 by sugano-masataka Closed Apr 15, 2026

Summary

When configuring MCP servers that require API keys, users currently need to set environment variables before launching Claude Code. A common approach is defining a claude() wrapper function in .zshrc to inject secrets from a password manager like 1Password CLI:

claude() {
  local api_key
  api_key="$(op item get '<item-id>' --field apiKey 2>/dev/null)"
  GOOGLE_DEVELOPER_KNOWLEDGE_API_KEY="$api_key" command claude "$@"
}

However, Claude Code redefines the claude shell function on exit (via shell integration), overwriting the user's wrapper. This forces users to either:

  • Rename their wrapper (losing the intuitive claude command name)
  • Re-source .zshrc after every session

Feature Request (either/both would solve this)

Option A: Native secret manager support in .mcp.json

Support secret references in MCP configuration, so users don't need wrapper functions at all:

// Example: 1Password CLI reference
{
  "mcpServers": {
    "google-developer-knowledge": {
      "type": "http",
      "url": "https://developerknowledge.googleapis.com/mcp",
      "headers": {
        "X-Goog-Api-Key": "op://vault/item/field"
      }
    }
  }
}

This could support:

  • 1Password CLI (op:// URIs or op item get calls)
  • Shell command substitution (e.g. { "$cmd": "op item get ... --field apiKey" })
  • Other secret managers (AWS Secrets Manager, Google Secret Manager, etc.)

Option B: Preserve user-defined claude() shell functions

Provide an option to prevent Claude Code's shell integration from overwriting user-defined claude() functions on exit. For example:

  • A setting like "preserveShellFunction": true
  • Or detecting and respecting existing user-defined claude() functions

Environment

  • Claude Code version: 2.1.76
  • Shell: zsh
  • OS: macOS (Darwin)

Use Case

Using the Google Developer Knowledge MCP server which requires an API key passed via HTTP header. The API key is stored in 1Password for security.

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗