mcp-trino
Verified Safeby tuannvm
Overview
Enables AI assistants to interact with Trino's distributed SQL query engine for data analytics through a standardized Model Context Protocol (MCP) server.
Installation
mcp-trinoEnvironment Variables
- TRINO_HOST
- TRINO_PORT
- TRINO_USER
- TRINO_PASSWORD
- TRINO_CATALOG
- TRINO_SCHEMA
- TRINO_SCHEME
- TRINO_SSL
- TRINO_SSL_INSECURE
- TRINO_ALLOW_WRITE_QUERIES
- TRINO_QUERY_TIMEOUT
- MCP_TRANSPORT
- MCP_PORT
- MCP_HOST
- MCP_URL
- OAUTH_ENABLED
- OAUTH_MODE
- OAUTH_PROVIDER
- JWT_SECRET
- OIDC_ISSUER
- OIDC_AUDIENCE
- OIDC_CLIENT_ID
- OIDC_CLIENT_SECRET
- OAUTH_ALLOWED_REDIRECT_URIS
- HTTPS_CERT_FILE
- HTTPS_KEY_FILE
- TRINO_ALLOWED_CATALOGS
- TRINO_ALLOWED_SCHEMAS
- TRINO_ALLOWED_TABLES
- TRINO_ENABLE_IMPERSONATION
- TRINO_IMPERSONATION_FIELD
- TRINO_SOURCE
- GITHUB_TOKEN
Security Notes
The project demonstrates a high level of security awareness. It includes robust default SQL injection prevention by restricting queries to read-only operations (configurable). OAuth 2.1 authentication is implemented via a dedicated, production-ready library (oauth-mcp-proxy) with features like PKCE, state signing, JWKS validation, and clear security best practices for multi-pod deployments (e.g., requiring JWT_SECRET). Kubernetes deployment configurations emphasize strong security postures with non-root containers, read-only filesystems, dropped capabilities, and network policies. No 'eval', obfuscation, or hardcoded sensitive secrets were found. The `install.sh` script downloads and executes a binary directly from GitHub, a common practice but carries inherent supply chain risks if the GitHub repository itself were compromised.
Similar Servers
DBchat
Transforms a database into an intelligent conversational partner, enabling natural language queries, instant answers, and data visualizations via MCP clients.
metabase-mcp-server
Enables AI assistants to interact with and manage Metabase's analytics platform by providing comprehensive API access through a Model Context Protocol server.
mcp-trino-python
The MCP Trino Server provides seamless integration with Trino and Iceberg for advanced data exploration, querying, and table maintenance capabilities through a standard interface.
DatabaseMcpServer
Provides a robust and secure database access layer for AI assistants, supporting 19 types of databases with single-instance multi-database dynamic switching and over 50 tools for data and schema management.