mcpfold logomcpfold

← All features

Secrets as references, never values

Your config carries ${env:…} / ${op:…} references instead of raw tokens, so nothing sensitive is ever written to a client config or committed to git. mcpfold resolves each reference at fold time, from your environment or secret manager.

A secret reference names where a value lives — an environment variable, a dotenv file, or a secret manager such as 1Password or Infisical, plus the OS keychain — instead of embedding the value. The config you edit and commit contains only the reference.

At fold time mcpfold resolves references from the provider you chose and applies each client’s own secret strategy: a shim that resolves at launch, the client’s native input mechanism, or a direct write on your machine. The invariant holds throughout — a reference is never expanded into a value that gets synced to the cloud; only config with references is ever shared.

The result is that credentials stay out of the files most likely to be shared, synced, or accidentally checked in.

A reference, not a token

{ "servers": { "github": { "command": "npx", "args": ["-y", "@modelcontextprotocol/server-github"], "env": { "GITHUB_TOKEN": "${op:GitHub/token}" } } } }

Go deeper

Related features

Ready to try it? Install mcpfold — the CLI is free and MIT-licensed. Or head back to the overview.