MCP & AI Agents
Use keyzero as an MCP server so AI agents can resolve secrets and make authenticated requests without seeing raw credentials
The Problem
AI agents (Claude Code, Cursor, custom LLM agents) need to call authenticated APIs -- but giving them raw API keys means those keys end up in context windows, logs, and conversation history.
How keyzero Solves It
keyzero runs as an MCP (Model Context Protocol) server via kz server start --mcp, exposing two tools:
resolve-- runs the full pipeline (JWT verification, policy evaluation, secret resolution) and returns secrets to the agentfetch-- resolves the credential and makes the HTTP request on behalf of the agent, injecting the credential based oncredential_location. The agent sees the response but never sees the raw secret
The fetch tool is the preferred approach: it keeps secrets out of the agent's context entirely.
The Two Tools
resolve
Runs the full pipeline and returns resolved secrets.
Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
jwt | string | yes | Bearer token for authentication |
resource | string | yes | Resource ref path to resolve (e.g., secret/data/prod/db/password) |
Returns: JSON with results containing per-ref entries with allowed, policy, mode, and value fields.
fetch
Resolves a credential and makes an authenticated HTTP request. The raw secret is never returned to the agent.
Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
jwt | string | yes | Bearer token for authentication |
resource | string | yes | Resource ref path to resolve credentials from |
resolver | string | yes | Backend name to use for resolution |
url | string | yes | Target URL to fetch |
method | string | no | HTTP method (default: GET) |
headers | object | no | Additional headers as key-value pairs |
body | string | no | Request body |
Returns: JSON with status, headers, and body from the upstream response.
The credential is injected based on the resolver's credential_location config (e.g., header:Authorization:Bearer or header:X-API-Key:).
Setup
1. Start the MCP Server
kz server start --bundle ./bundle.yaml --mcp
The --mcp flag makes kz server start communicate over stdio using the MCP protocol instead of starting an HTTP server.
2. Configure Your AI Tool
Claude Code
Add to .mcp.json in your project root:
{
"mcpServers": {
"keyzero": {
"command": "kz",
"args": ["server", "start", "--bundle", "./bundle.yaml", "--mcp"]
}
}
}
Example Flow
- Agent receives a task: "Check the status of the production API"
- Agent calls
fetchwith:jwt: the agent's authentication tokenresource:api/keyresolver:keyurl:https://api.example.com/status
- keyzero verifies the JWT, checks policies, resolves the API key from the backend
- keyzero injects the credential into the request header and makes the HTTP call
- Agent receives the response body and status -- but never saw the API key
credential_location
The credential_location field on resolver configs controls where the credential is placed in outgoing requests:
| Format | Example | Result |
|---|---|---|
header:<name>:<prefix> | header:Authorization:Bearer | Authorization: Bearer <secret> |
header:<name>: | header:X-API-Key: | X-API-Key: <secret> |
If not specified, defaults to header:Authorization:Bearer.