[FEATURE] Support VS Code-style ${input:id} secret prompts in .mcp.json for VS Code extension
Preflight Checklist
- [x] I have searched existing requests and this feature hasn't been requested yet
- [x] This is a single feature request (not multiple features)
Problem Statement
When using Claude Code as a VS Code extension, there is no secure way to manage MCP server secrets in .mcp.json. Currently the only option is ${ENV_VAR} expansion, which requires users to set system-level environment variables manually — a poor DX compared to VS Code's native approach.
VS Code's built-in MCP configuration (mcp.json) supports an inputs mechanism that:
- Prompts the user for secrets at first use
- Stores them securely in VS Code's Secret Storage (OS keychain-backed)
- References them via
${input:id}syntax
{
"inputs": [
{
"id": "GITLAB_TOKEN",
"type": "promptString",
"description": "GitLab Personal Access Token",
"password": true
}
],
"servers": {
"gitlab": {
"env": {
"GITLAB_PERSONAL_ACCESS_TOKEN": "${input:GITLAB_TOKEN}"
}
}
}
}
Claude Code's .mcp.json does not support this, forcing users to either:
- Hardcode tokens in
.mcp.json(security risk, can't commit to git) - Use
${ENV_VAR}and manually configure system environment variables (poor DX, especially on Windows where it requires PowerShellSetEnvironmentVariable+ full VS Code restart) - Keep
.mcp.jsonin.gitignore(breaks team sharing of MCP config)
Proposed Solution
Add support for ${input:id} syntax in .mcp.json when Claude Code runs as a VS Code extension:
- Parse an optional
"inputs"array in.mcp.json(same schema as VS Code's nativemcp.json) - On first reference, prompt the user via VS Code's
window.showInputBox(withpassword: true) - Store the value in VS Code's
SecretStorageAPI (OS keychain-backed) - Expand
${input:id}references inenv,args,headers, andurlfields - For CLI usage (outside VS Code), fall back to interactive terminal prompt or environment variables
Example .mcp.json (proposed)
{
"inputs": [
{
"id": "GITLAB_PERSONAL_ACCESS_TOKEN",
"type": "promptString",
"description": "GitLab Personal Access Token with API scope",
"password": true
}
],
"mcpServers": {
"gitlab": {
"command": "cmd",
"args": ["/c", "npx.cmd", "-y", "@zereight/mcp-gitlab"],
"env": {
"GITLAB_PERSONAL_ACCESS_TOKEN": "${input:GITLAB_PERSONAL_ACCESS_TOKEN}",
"GITLAB_API_URL": "https://gitlab.example.com/api/v4"
}
}
}
}
Why this matters
| Current state | With ${input:id} |
|--------------|---------------------|
| Secrets hardcoded or in env vars | Secrets in OS keychain via VS Code SecretStorage |
| .mcp.json can't be committed safely | .mcp.json is safe to commit — secrets are per-user |
| Each dev sets env vars manually | New devs get prompted automatically on first use |
| Different mechanism than VS Code native MCP | Same ${input:id} pattern as VS Code's mcp.json, tasks.json, launch.json |
| Windows requires PowerShell + restart | Just click "OK" in the prompt |
Alternative Solutions
Current workarounds tried:
- System environment variables (current solution) — works but requires manual PowerShell setup per developer (
[System.Environment]::SetEnvironmentVariable(...)) and a full VS Code restart to pick up changes. Poor DX on Windows.
- Hardcoded tokens in
.mcp.json— quick but insecure, can't commit to git.
.claude/settings.local.jsonwithmcpServers— gitignored, but duplicates the entire MCP config per developer instead of sharing config and only varying secrets.
Other tools solving this:
- VS Code native MCP (
mcp.json) — supportsinputs+${input:id}with SecretStorage - Docker Compose — supports
.envfiles and${VAR}expansion - 1Password CLI —
op://references, requested in #35154
Priority
Medium - Would be very helpful
Feature Category
MCP server integration
Use Case Example
Real-world scenario:
- Our team uses a private GitLab instance with MCP server configured in
.mcp.json - The GitLab MCP requires a
GITLAB_PERSONAL_ACCESS_TOKEN— each developer has their own - Currently, every developer must manually run PowerShell command to set a system environment variable and fully restart VS Code
- With this feature,
.mcp.jsonwould be committed to git with${input:GITLAB_PERSONAL_ACCESS_TOKEN}, and each developer would simply be prompted once on first use — the token stored securely in OS keychain via VS Code SecretStorage - This saves onboarding time, eliminates plaintext secrets in config files, and aligns with the pattern developers already use in VS Code's native
mcp.json,tasks.json, andlaunch.json
Additional Context
- VS Code's native MCP configuration already supports this exact pattern via
inputs+${input:id}in%APPDATA%/Code/User/mcp.json— GitHub Copilot uses it successfully - VS Code SecretStorage API docs: https://code.visualstudio.com/api/references/vscode-api#SecretStorage
- Related issues: #29910 (secrets management), #33654 (OS keychain), #28942 (envFile), #35154 (1Password
op://) - For CLI fallback: prompt interactively with masked input (like
claude mcp add --client-secretalready does for OAuth) or fall back to${ENV_VAR}expansion
This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗