Preventing Token Mismanagement and Secret Exposure in MCP Servers
When building an MCP server for my side project (Biotrackr), one of the first things I had to think about was how to manage secrets. The MCP server needs an APIM subscription key to call downstream health data APIs, and it also exposes an API key for clients connecting to it. That’s two secrets that need to be stored, distributed, and protected and if either one leaks, the blast radius could extend across the entire platform. ...