𝗦𝘁𝗼𝗽 𝗣𝘂𝘁𝘁𝗶𝗻𝗴 𝗔𝗣𝗜 𝗞𝗲𝘆𝘀 𝗶𝗻 𝗺𝗰𝗽.𝗷𝘀𝗼𝗻

📅1 week ago⏱1 min read

Teams often share one API key for AI tools. This is a security risk. One leak ruins everything. You also lose your audit trail. You do not know who ran which prompt.

Many vendors lack OAuth. Internal tools are worse. They rely on one shared secret.

You need a front door for your APIs. Use this stack to fix it:

Amazon Cognito: Manages user identity.
API Gateway: Validates tokens at the edge.
AWS Lambda: Checks permissions and holds the secret.

The secret stays on the server. It never reaches the user laptop.

Stop using stdio transport. Stdio puts secrets in your config files. Switch to http transport. Your config file now only needs a URL. No secrets to leak.

This setup is serverless. It costs almost nothing. You get per-user logs. Revoke access in seconds.

Source: https://dev.to/aws-builders/stop-putting-api-keys-in-mcpjson-per-user-oauth-with-amazon-cognito-aws-lambda-4h2i

Optional learning community: https://t.me/GyaanSetuAi

𝗦𝘁𝗼𝗽 𝗣𝘂𝘁𝘁𝗶𝗻𝗴 𝗔𝗣𝗜 𝗞𝗲𝘆𝘀 𝗶𝗻 𝗺𝗰𝗽.𝗷𝘀𝗼𝗻

Continue reading

𝗬𝗼𝘂𝗿 𝗔𝗜 𝗔𝗴𝗲𝗻𝘁 𝗦𝗵𝗼𝘂𝗹𝗱 𝗡𝗼𝘁 𝗛𝗼𝗹𝗱 𝗬𝗼𝘂𝗿 𝗦𝘁𝗿𝗶𝗽𝗲 𝗞𝗲𝘆

𝗔𝗪𝗦 𝗔𝗚𝗘𝗡𝗧 𝗧𝗢𝗢𝗟𝗞𝗜𝗧 𝗔𝗡𝗗 𝗠𝗖𝗣

𝗦𝘁𝗼𝗽 𝗛𝗮𝗿𝗱𝗰𝗼𝗱𝗶𝗻𝗴 𝗬𝗼𝘂𝗿 𝗖𝗹𝗼𝘂𝗱 𝗦𝗲𝗰𝗿𝗲𝘁𝘀

𝗪𝗵𝘆 𝗜 𝗦𝘁𝗼𝗽𝗽𝗲𝗱 𝗛𝗮𝗿𝗱𝗰𝗼𝗱𝗶𝗻𝗴 𝗔𝗜 𝗔𝗣𝗜 𝗞𝗲𝘆𝘀 𝗶𝗻 𝗠𝘆 𝗙𝗿𝗼𝗻𝘁𝗲𝗻𝗱

𝗛𝗼𝘄 𝗜 𝗕𝘂𝗶𝗹𝘁 𝗮 𝗦𝗲𝗰𝘂𝗿𝗲 𝗔𝗜 𝗔𝗣𝗜 𝗣𝗿𝗼𝘅𝘆