> How would MCP help you if the API does not support keys? Kerberos, OAuth, Basic Auth (usernam...

lll-o-lll • today at 8:43 AM • 1 reply • view on HN

> How would MCP help you if the API does not support keys?

Kerberos, OAuth, Basic Auth (username/password), PKI. MCP can be a wrapper (like any middleware).

> But that's not the point. The agent calls CLI tools, which reads secrets from somewhere where the agent cannot even access. How can agent leak the keys it does not have access to?

If the cli can access the secrets, the agent can just reverse it and get the secret itself.

> You ARE running your agents in containers, right?

Do you inject your keys into the container?

Replies

Marha01 • today at 12:17 PM

> If the cli can access the secrets, the agent can just reverse it and get the secret itself.

What do you mean by this? How "reverse it"? The CLI tool can access the secure storage, but that does not mean there is any CLI interface in the tool for the LLM to call and get the secret printed into the console.

➕ show 1 reply

alt Hacker News

Replies