go-keychain
Verified Safeby jeremyhahn
Overview
Provides a secure JSON-RPC interface (Model Context Protocol) for cryptographic key and certificate management, including threshold signatures, designed for integration with AI assistants and other clients across on-prem, hybrid, and cloud environments.
Installation
go run ./cmd/mcp-server/main.go --config /etc/keychain/config-mcp.yaml --port 9444Environment Variables
- KEYSTORE_CONFIG
- KEYSTORE_PASSWORD
- PKCS11_LIBRARY
- PKCS11_TOKEN
- HSM_PIN
- TPM_DEVICE_PATH
- AWS_REGION
- GCP_PROJECT_ID
- GCP_LOCATION
- GCP_KEYRING
- AZURE_VAULT_URL
- VAULT_ADDR
Security Notes
The project demonstrates a strong awareness of security best practices, including robust error handling, panic recovery, authentication and authorization via WebAuthn/FIDO2 and RBAC, and explicit guidance on secure key handling (e.g., keys never leave HSMs, encryption during transport). Build tags are used to minimize attack surface. Extensive testing (92.5% coverage) further supports code quality. Default weak passwords/PINs for some backends, though documented as defaults, are a minor initial vulnerability if not changed.
Similar Servers
mcp-filesystem-server
Provides secure and controlled access to the local filesystem via the Model Context Protocol (MCP) for AI agents and other applications.
mcp-devtools
A high-performance MCP server providing a unified interface to essential developer tools, featuring OAuth 2.0/2.1 authorization and a multi-layered security framework.
mcp-cybersec-watchdog
A Linux server security auditing and continuous monitoring tool that provides security posture analysis and anomaly detection capabilities, designed to be integrated with AI agents.
vault-mcp-server
Provides a Model Context Protocol (MCP) server implementation to integrate HashiCorp Vault secrets management and PKI operations with LLM clients.