toolhive
Verified Safeby stacklok
Overview
A platform for securely managing, orchestrating, and interacting with Model Context Protocol (MCP) servers, including aggregation, authentication, authorization, and workflow automation.
Installation
kubectl apply -f deploy/keycloak/mcpserver-with-auth.yaml --kubeconfig kconfig.yamlEnvironment Variables
- TOOLHIVE_SECRET_<secret_name>
- TOOLHIVE_DISABLE_ENV_FALLBACK
- TOOLHIVE_PODMAN_SOCKET
- TOOLHIVE_COLIMA_SOCKET
- TOOLHIVE_DOCKER_SOCKET
- TOOLHIVE_OTEL_ENABLED
- TOOLHIVE_OTEL_ENDPOINT
- TOOLHIVE_OTEL_HEADERS
- TOOLHIVE_OTEL_INSECURE
- NPM_CONFIG_REGISTRY
- PIP_INDEX_URL
- UV_DEFAULT_INDEX
- GOPROXY
- GOPRIVATE
- NODE_OPTIONS
- PIP_TRUSTED_HOST
- GITHUB_TOKEN
- ARTIFACTORY_API_KEY
- VMCP_IMAGE
Security Notes
Robust container-based isolation for MCP servers. Comprehensive secrets management with encrypted storage, 1Password integration, and a secure environment variable fallback with strict naming conventions and input sanitization. Implements fine-grained authorization using Cedar policies. Supports OIDC/OAuth2 authentication with PKCE, dynamic client registration, and RFC-compliant token exchange. Detailed audit logging and OpenTelemetry integration provide observability. Utilizes '.thvignore' for secure bind mount filtering. Strong emphasis on HTTPS and certificate validation.
Similar Servers
mcphub
A hub for managing, orchestrating, and providing a unified API for various Model Context Protocol (MCP) servers and their tools, including user management, OAuth services, and discovery of external servers.
mcp-k8s-go
An MCP server enabling AI assistants and users to interact with and manage Kubernetes clusters by listing, getting, applying, and executing commands on Kubernetes resources.
mcp-k8s
A Kubernetes MCP (Model Control Protocol) server that enables natural language interaction with Kubernetes clusters and Helm for resource and release management.
k8s-mcp-server
Provides a standardized interface (MCP) for interacting with Kubernetes clusters and managing Helm releases.