alpaca-mcp-server
Verified Safeby klysdale
Overview
Provides a containerized Alpaca Market-Compatible Protocol (MCP) server for downstream services, enabling centralized API access to Alpaca without requiring callers to provide API keys on each request.
Installation
docker compose up --buildEnvironment Variables
- ALPACA_API_KEY
- ALPACA_SECRET_KEY
Security Notes
Credentials (`ALPACA_API_KEY`, `ALPACA_SECRET_KEY`) are designed to be injected at build time via arguments and baked into the Docker image as environment variables. The entrypoint script includes strong validation to prevent the server from starting with default 'changeme' values or empty credentials. However, this approach means any built image containing real credentials must be treated as highly sensitive and should never be pushed to public registries, as anyone with the image can extract the keys. While this risk is explicitly documented and mitigated with runtime validation, baking secrets into images is generally less secure than runtime injection (e.g., via Docker secrets or a secrets manager) as it increases the risk of credential compromise if the image itself is compromised.
Similar Servers
mcpo
Exposes Model Context Protocol (MCP) tools as OpenAPI-compatible HTTP servers.
mcp-context-forge
Converts web content (HTML, PDF, DOCX, etc.) and local files from a URL into high-quality Markdown format. It supports multiple conversion engines, content optimization, batch processing, and image handling.
metamcp
MetaMCP acts as an MCP proxy to dynamically aggregate multiple MCP servers into a single unified MCP server endpoint, enabling middleware application and customized tool access for coding agents.
mcphub
An orchestration hub that aggregates, manages, and routes Model Context Protocol (MCP) servers and their tools, providing a centralized interface, user management, OAuth 2.0 authorization server capabilities, and AI-powered tool discovery and routing.