Kovra MCP server — let your AI agents use your secrets without ever seeing them.
Project description
kovra-mcp
The agent-facing MCP server for kovra — exposes the scoped secrets surface
(spec §9.4) to Claude Code over stdio. It is a thin FastMCP
wrapper over the kovra_ffi PyO3 bindings; all policy lives in the Rust core,
not here.
Tools
list · status · fingerprint · set · generate · delete ·
edit_metadata · reveal · inject_run
Reveal returns a value only for a secret explicitly marked revealable that
is non-prod and non-high (I11); prod/high/inject-only are never returned
to the model (I14). Out-of-scope coordinates are unaddressable (I13). There is no
unattended-mode tool — real high/prod delivery routes through the CLI +
kovra approve broker, which inject_run drives but the model cannot bypass.
Build & run
The server needs the kovra_ffi native module (built from ../crates/ffi-python
by maturin). With uv:
cd mcp
uv sync # builds kovra-ffi via maturin + installs mcp
uv run kovra-mcp # serve over stdio
Configuration
The vault and keyring come from the bindings' own env (KOVRA_VAULT_DIR,
KOVRA_PASSPHRASE). The session scope is set at launch:
| Variable | Default | Meaning |
|---|---|---|
KOVRA_MCP_OPERATIONS |
metadata,reveal,inject |
Operation axes granted |
KOVRA_MCP_ENVIRONMENTS |
* |
Addressable environments (* = any) |
KOVRA_MCP_PROJECTS |
* |
Addressable projects (* = any) |
The scope is a containment, not the security boundary — the core denies a
prod/high reveal to an agent even when its environment is in scope.
Register with Claude Code
{
"mcpServers": {
"kovra": {
"command": "uv",
"args": ["run", "--directory", "/abs/path/to/kovra/mcp", "kovra-mcp"],
"env": { "KOVRA_MCP_ENVIRONMENTS": "dev,test" }
}
}
}
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file kovra_mcp-0.1.1.tar.gz.
File metadata
- Download URL: kovra_mcp-0.1.1.tar.gz
- Upload date:
- Size: 47.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.9.10 {"installer":{"name":"uv","version":"0.9.10"},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e7ab9180ff45073a32a01cd0b439f85ff58fab2b86b16630085523f1476739f4
|
|
| MD5 |
a4fc1db7b2d85c0d38803549879b0d02
|
|
| BLAKE2b-256 |
62b1618d2e1042c38cba6902c2cd3b22744e0c55feece885a641ce6308d8feca
|
File details
Details for the file kovra_mcp-0.1.1-py3-none-any.whl.
File metadata
- Download URL: kovra_mcp-0.1.1-py3-none-any.whl
- Upload date:
- Size: 8.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.9.10 {"installer":{"name":"uv","version":"0.9.10"},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3643539754b9819dee4bdd80ff8f5a06362f10f16f64d1f07408061f5a3a79df
|
|
| MD5 |
ee8179fdf3cd8878cc44a70aea071a83
|
|
| BLAKE2b-256 |
89d7c1409d74a1b0a0642d697bb07d81b8b3b65d13dd2cf7d466e274d1f0ed64
|
