toolhive
Verified Safeby stacklok
Overview
ToolHive simplifies and secures the deployment, management, and orchestration of Model Context Protocol (MCP) servers, integrating them with AI clients and providing features like authentication, authorization, and observability.
Installation
thv run ghcr.io/stacklok/mcp-fetch-server:latestEnvironment Variables
- VMCP_CLIENT_SECRET
- GITHUB_EXCHANGE_SECRET
- JIRA_EXCHANGE_SECRET
- SLACK_BOT_TOKEN
- TOOLHIVE_SECRET_<secret_name>
- TOOLHIVE_PODMAN_SOCKET
- TOOLHIVE_COLIMA_SOCKET
- TOOLHIVE_DOCKER_SOCKET
Security Notes
ToolHive demonstrates a strong commitment to security through container-based isolation, OIDC/OAuth2 authentication, Cedar policy-based authorization, and secure secret management (e.g., Kubernetes SecretKeyRef, TOOLHIVE_SECRET_ environment variable prefix). It explicitly avoids sensitive data in error messages and includes proposals like `.thvignore` for secure volume mounts. The architecture for Virtual MCP servers includes a zero-trust model with distinct authentication boundaries and per-backend token exchange to minimize blast radius. No 'eval' or obvious malicious patterns were found.
Similar Servers
mcphub
An orchestration hub that aggregates, manages, and routes Model Context Protocol (MCP) servers and their tools, providing a centralized interface, user management, OAuth 2.0 authorization server capabilities, and AI-powered tool discovery and routing.
mcp-k8s-go
This MCP server enables interaction with Kubernetes clusters to list, get, apply, and execute commands on various resources through a conversational interface.
mcp-k8s
Facilitates natural language interaction and automation for Kubernetes cluster management and Helm operations via the Model Control Protocol (MCP).
k8s-mcp-server
Interacting with Kubernetes clusters and Helm releases through a standardized Model Context Protocol (MCP) interface.