Best practices for MCP secret management at enterprise scale
Blog post from Lunar.dev
The text discusses the challenges and solutions associated with managing secrets and credentials at an enterprise scale, specifically focusing on MCP (Managed Connection Protocol) servers and the MCPX gateway by Lunar. At large organizations, improper secret management can lead to significant security risks, such as unauthorized access due to plaintext storage of credentials and the difficulty of manually rotating API keys and tokens. MCPX addresses these issues by encrypting secrets at rest, integrating with existing secret managers, and automatically propagating changes across all instances, thus minimizing manual intervention. It ensures that credentials are scoped by identity and not just hidden, providing a robust framework for secret management by treating credentials as references resolved at runtime, thereby preventing unauthorized access even if the credential's existence is known. The system also enhances operational reliability by allowing admins to manage secrets at a group level, ensuring compliance and providing a comprehensive audit trail for security teams, while also enabling seamless updates through direct integration with major secret management services like HashiCorp Vault, AWS Secrets Manager, GCP Secret Manager, and Azure Key Vault.
| Trend | Post Mentions | Total Month Mentions | Posts | Companies | MoM |
|---|---|---|---|---|---|
| Secrets Management | 40 | 1,821 | 338 | 111 | +22% |
| MCP | 26 | 6,108 | 613 | 170 | +36% |
| AI Agents | 4 | 4,430 | 1,100 | 236 | -3% |
| Kubernetes | 2 | 2,306 | 381 | 103 | +25% |
| Observability | 1 | 4,496 | 812 | 176 | +40% |
| Platform Engineering | 1 | 1,080 | 232 | 64 | +125% |
| Real-time | 1 | 6,296 | 1,346 | 246 | -2% |