Security

Secure Your AI with Security MCP Servers

Connect HashiCorp Vault MCP, 1Password MCP, and OAuth MCP to Claude. Secure secrets management, authentication, and vulnerability scanning for enterprise AI workflows.

security-auditor

PREMIUM

Scan your codebase for secrets, PII, hardcoded passwords, dependency vulnerabilities, and compliance violations (SOC2, HIPAA, GDPR, ISO27001) — directly from your AI workflow. Get SARIF-format reports with risk scores and grades.

security-audit

vulnerability-scan

compliance

DB Incident

PREMIUM

Delivers MCP access to database incident tracking and response functions. Retrieves incident details, logs new events, and updates resolutions for DB errors, outages, or breaches. Database administrators, SREs, and security teams use it for automated incident handling in production environments.

New

database

incident-management

security

Agent Security

FREE

Agent Security MCP server enforces security protocols for AI agents in Model Context Protocol environments. It handles agent authentication, access controls, and activity monitoring to block unauthorized actions. AI developers and security engineers use it for safe agent-tool interactions in production systems.

mcp

agent-security

ai-security

License Verify

PREMIUM

Provides MCP-based access to software license verification functions. Validates license keys, checks expiration and revocation status, and retrieves associated metadata. Developers use it to enforce licensing in desktop apps, SaaS platforms, and AI agents managing subscriptions.

license-verification

mcp

security

Drive Permission Auditor

by Md Salman Izhar

PREMIUM

Audits permission settings on Google Drive files, folders, and shared drives by retrieving access lists, roles, and sharing configurations. Security administrators, compliance officers, and IT teams use it for identifying unauthorized access risks and generating audit reports. Integrates via MCP for automated checks in enterprise environments.

security

google-drive

permissions

Workspace Admin Auditor

by Md Salman Izhar

PREMIUM

Retrieves and analyzes audit logs of administrative actions in workspaces. Tracks permission changes, user role assignments, and security events programmatically via MCP. Workspace administrators and security analysts use it to investigate incidents and ensure compliance in collaborative platforms.

security

auditing

compliance

Apex Security Checker

FREE

Scans Salesforce Apex code for security vulnerabilities via MCP API calls. Detects issues including SOQL injection, CRUD/FLS enforcement failures, and unsafe dynamic code execution. Salesforce developers and security teams use it to validate code in development pipelines and pre-deployment audits.

apex

salesforce

security

HTTP Security Headers

FREE

Analyze and score HTTP security headers (CSP, HSTS, CORS, cookies) with actionable fix recommendations for web applications.

security-headers

web-security

http-headers

View All 22 Security Servers

Featured Security MCP Servers

Enterprise-grade security integrations for AI workflows

HashiCorp Vault MCP

Official

Securely access secrets, tokens, and credentials from HashiCorp Vault

Official

Secrets

Tokens

Enterprise

View Server

1Password MCP Server

Secure your MCP configurations with 1Password CLI integration

Vaults

Items

CLI

View Server

OAuth MCP Server

Handle OAuth 2.0 flows and token management for API authentication

OAuth 2.0

PKCE

Tokens

Refresh

View Server

AWS Secrets Manager MCP

Retrieve secrets from AWS Secrets Manager for secure credential access

AWS

Secrets

Rotation

IAM

View Server

Authentication & Identity

Handle OAuth flows, manage sessions, and integrate with identity providers

OAuth MCP Server

OAuth 2.0

PKCE

Tokens

Auth0 MCP

Identity

SSO

MFA

Okta MCP Server

Enterprise

SAML

SSO

Clerk MCP

User Management

Sessions

Firebase Auth MCP

Google

Social Login

Supabase Auth MCP

JWT

Row Level Security

Secrets Management

Securely access API keys, credentials, and tokens from enterprise vaults

HashiCorp Vault MCP

Enterprise

Dynamic Secrets

1Password MCP

Official

Vaults

AWS Secrets Manager MCP

AWS

Rotation

Google Secret Manager MCP

GCP

Versioning

Azure Key Vault MCP

Azure

Keys

Certs

Doppler MCP Server

Sync

Environments

Security Scanning

Scan code, dependencies, and containers for vulnerabilities

Snyk MCP Server

Dependencies

Code

SonarQube MCP

Code Quality

Bugs

Semgrep MCP

SAST

Rules

Trivy MCP Server

Containers

IaC

What Can Security MCP Servers Do?

Retrieve Secrets

Access API keys, tokens, and credentials from secure vaults.

Handle OAuth

Manage OAuth flows, token exchange, and refresh cycles.

Scan Vulnerabilities

Detect security issues in code, dependencies, and containers.

Manage Identity

Integrate with Auth0, Okta, and other identity providers.

Security Best Practices

• Least privilege: Grant only the permissions needed for the task
• Short-lived tokens: Use tokens with expiration rather than long-lived credentials
• Audit logging: Enable logging on both the MCP server and secrets manager
• Separate environments: Use different credentials for dev, staging, and production
• Rotate regularly: Set up automatic credential rotation where possible
• Review access: Regularly audit which MCP servers have access to what secrets

Compare Secrets Managers

Choose the right secrets management solution for your workflow

Feature	Vault	1Password	AWS SM	Doppler
Dynamic Secrets	✓	—	✓	—
Auto Rotation	✓	—	✓	✓
Team Sharing	✓	✓	IAM	✓
Multi-Cloud	✓	✓	AWS	✓
CLI Tool	✓	✓	✓	✓
Official MCP	✓	✓	Community	Community

Frequently Asked Questions

How do I securely manage API keys with MCP?

Use a security MCP server like 1Password MCP or Vault MCP to store and retrieve API keys. Never hardcode credentials. MCP servers can fetch secrets at runtime from secure stores, keeping your configuration files clean.

Can Claude access secrets from Vault?

Yes! Install the Vault MCP server, configure your Vault address and authentication method, and add it to Claude Desktop. Claude can then securely retrieve secrets using natural language requests.

What is the best MCP server for authentication?

For secrets management, 1Password MCP and Vault MCP are top choices. For OAuth flows, use the OAuth MCP server. For enterprise SSO, consider Auth0 MCP or Okta MCP servers.

How do I connect 1Password to Claude Desktop?

Install 1Password MCP server from the official 1Password developer portal. Configure your 1Password account credentials and add the server to your Claude Desktop MCP configuration. Restart Claude to activate.

Is it safe to use MCP servers with sensitive data?

Yes, when properly configured. Use read-only access, limit scope to specific secrets, enable audit logging, and prefer short-lived tokens. Security MCP servers like Vault and 1Password have enterprise-grade security built-in.

How do OAuth MCP servers work?

OAuth MCP servers handle the complete OAuth 2.0 flow — authorization, token exchange, and refresh. They support PKCE for security and can manage tokens for multiple providers, letting Claude authenticate to APIs on your behalf.

Related Categories

Cloud MCP

AWS, Azure, GCP integrations

Monitoring MCP

Security monitoring & alerts

Version Control

Secure code repositories

Build a Custom Security MCP Server

Create custom security integrations. Build an MCP server, publish to the marketplace, and earn 83% of every sale.

Start Building Monetize Your Server