Mcp credentials internal

Fetch Mcp Credentials

JIT fetch decrypted MCP server credentials.

Called by the agent runtime at MCP server spawn time. The runtime presents its proxy key for auth, and receives the decrypted credential dict for the requested server slug.

Security:

Proxy key auth (constant-time comparison)
Per-server scoping: only the requested slug's credentials returned
Credentials decrypted in-memory, never cached
Instance scope set via RLS

"I've seen things you people wouldn't believe. Attack ships on fire off the shoulder of Orion." — Roy Batty, Blade Runner (about what credentials get to see before they expire from memory)

Path Parameters

instance_idInstance Id

Formatuuid

server_slugServer Slug

Response Body

curl -X POST "https://loading/internal/v1/instances/497f6eca-6276-4993-bfeb-53cbbbba6f08/mcp-creds/string"

curl -X POST "https://loading/internal/v1/instances/497f6eca-6276-4993-bfeb-53cbbbba6f08/mcp-creds/string"

{
  "credentials": {},
  "issued_at": "string",
  "server_slug": "string"
}

{
  "detail": [
    {
      "loc": [
        "string"
      ],
      "msg": "string",
      "type": "string"
    }
  ]
}

Mcp credentials internal

Fetch Mcp Credentials

Path Parameters

Response Body

200

422