[FEATURE] Support VS Code-style ${input:id} secret prompts in .mcp.json for VS Code extension

Resolved 💬 5 comments Opened Apr 6, 2026 by MaxRyabov Closed May 17, 2026

Preflight Checklist

  • [x] I have searched existing requests and this feature hasn't been requested yet
  • [x] This is a single feature request (not multiple features)

Problem Statement

When using Claude Code as a VS Code extension, there is no secure way to manage MCP server secrets in .mcp.json. Currently the only option is ${ENV_VAR} expansion, which requires users to set system-level environment variables manually — a poor DX compared to VS Code's native approach.

VS Code's built-in MCP configuration (mcp.json) supports an inputs mechanism that:

  • Prompts the user for secrets at first use
  • Stores them securely in VS Code's Secret Storage (OS keychain-backed)
  • References them via ${input:id} syntax
{
  "inputs": [
    {
      "id": "GITLAB_TOKEN",
      "type": "promptString",
      "description": "GitLab Personal Access Token",
      "password": true
    }
  ],
  "servers": {
    "gitlab": {
      "env": {
        "GITLAB_PERSONAL_ACCESS_TOKEN": "${input:GITLAB_TOKEN}"
      }
    }
  }
}

Claude Code's .mcp.json does not support this, forcing users to either:

  1. Hardcode tokens in .mcp.json (security risk, can't commit to git)
  2. Use ${ENV_VAR} and manually configure system environment variables (poor DX, especially on Windows where it requires PowerShell SetEnvironmentVariable + full VS Code restart)
  3. Keep .mcp.json in .gitignore (breaks team sharing of MCP config)

Proposed Solution

Add support for ${input:id} syntax in .mcp.json when Claude Code runs as a VS Code extension:

  1. Parse an optional "inputs" array in .mcp.json (same schema as VS Code's native mcp.json)
  2. On first reference, prompt the user via VS Code's window.showInputBox (with password: true)
  3. Store the value in VS Code's SecretStorage API (OS keychain-backed)
  4. Expand ${input:id} references in env, args, headers, and url fields
  5. For CLI usage (outside VS Code), fall back to interactive terminal prompt or environment variables

Example .mcp.json (proposed)

{
  "inputs": [
    {
      "id": "GITLAB_PERSONAL_ACCESS_TOKEN",
      "type": "promptString",
      "description": "GitLab Personal Access Token with API scope",
      "password": true
    }
  ],
  "mcpServers": {
    "gitlab": {
      "command": "cmd",
      "args": ["/c", "npx.cmd", "-y", "@zereight/mcp-gitlab"],
      "env": {
        "GITLAB_PERSONAL_ACCESS_TOKEN": "${input:GITLAB_PERSONAL_ACCESS_TOKEN}",
        "GITLAB_API_URL": "https://gitlab.example.com/api/v4"
      }
    }
  }
}

Why this matters

| Current state | With ${input:id} |
|--------------|---------------------|
| Secrets hardcoded or in env vars | Secrets in OS keychain via VS Code SecretStorage |
| .mcp.json can't be committed safely | .mcp.json is safe to commit — secrets are per-user |
| Each dev sets env vars manually | New devs get prompted automatically on first use |
| Different mechanism than VS Code native MCP | Same ${input:id} pattern as VS Code's mcp.json, tasks.json, launch.json |
| Windows requires PowerShell + restart | Just click "OK" in the prompt |

Alternative Solutions

Current workarounds tried:

  1. System environment variables (current solution) — works but requires manual PowerShell setup per developer ([System.Environment]::SetEnvironmentVariable(...)) and a full VS Code restart to pick up changes. Poor DX on Windows.
  1. Hardcoded tokens in .mcp.json — quick but insecure, can't commit to git.
  1. .claude/settings.local.json with mcpServers — gitignored, but duplicates the entire MCP config per developer instead of sharing config and only varying secrets.

Other tools solving this:

  • VS Code native MCP (mcp.json) — supports inputs + ${input:id} with SecretStorage
  • Docker Compose — supports .env files and ${VAR} expansion
  • 1Password CLIop:// references, requested in #35154

Priority

Medium - Would be very helpful

Feature Category

MCP server integration

Use Case Example

Real-world scenario:

  1. Our team uses a private GitLab instance with MCP server configured in .mcp.json
  2. The GitLab MCP requires a GITLAB_PERSONAL_ACCESS_TOKEN — each developer has their own
  3. Currently, every developer must manually run PowerShell command to set a system environment variable and fully restart VS Code
  4. With this feature, .mcp.json would be committed to git with ${input:GITLAB_PERSONAL_ACCESS_TOKEN}, and each developer would simply be prompted once on first use — the token stored securely in OS keychain via VS Code SecretStorage
  5. This saves onboarding time, eliminates plaintext secrets in config files, and aligns with the pattern developers already use in VS Code's native mcp.json, tasks.json, and launch.json

Additional Context

  • VS Code's native MCP configuration already supports this exact pattern via inputs + ${input:id} in %APPDATA%/Code/User/mcp.json — GitHub Copilot uses it successfully
  • VS Code SecretStorage API docs: https://code.visualstudio.com/api/references/vscode-api#SecretStorage
  • Related issues: #29910 (secrets management), #33654 (OS keychain), #28942 (envFile), #35154 (1Password op://)
  • For CLI fallback: prompt interactively with masked input (like claude mcp add --client-secret already does for OAuth) or fall back to ${ENV_VAR} expansion

View original on GitHub ↗

This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗