/
← L3: CI/CD Integration and Session Isolation Lab 1: Integrate Rally with Claude →
Module 9 — Enterprise Integration & DevOps Align

L4: MCP Server Configuration

L4: MCP Server Configuration

MCP Server Configuration and Secret Management

In the previous lessons, we discussed building custom tools and distributing them across agents. However, writing custom API integration code for every single database, SaaS app, or file system your agent needs to access is not scalable. This is where the Model Context Protocol (MCP) comes in.

This lesson covers how to configure MCP servers to standardize tool access and, crucially, how to manage the highly sensitive credentials those servers require.

1. What is the Model Context Protocol (MCP)?

MCP is an open-source standard designed by Anthropic that acts as a universal "USB-C cable" for AI agents.

Instead of writing a custom Python function to search GitHub, another to read Google Drive, and another to query a PostgreSQL database, you simply spin up pre-built MCP Servers for each of these services.

  • The Architecture: Your Claude agent acts as the MCP Client. It connects to the MCP Server. The server automatically exposes its capabilities (tools, resources, and prompts) to Claude in a standardized JSON schema.

  • The Benefit: It completely decouples the agent's reasoning loop from the underlying API integration logic, allowing you to swap out data sources without rewriting your agentic code.

2. MCP Transport Protocols

When configuring an MCP architecture, you must choose how the Client (Claude) and the Server communicate. There are two primary transport methods:

  • stdio (Standard Input/Output): This is the most common pattern for local development and contained environments like Claude Code or Claude Desktop. The agent spawns the MCP server as a subprocess on the same machine and communicates via local terminal streams. It is highly secure because no network ports are exposed.

  • SSE (Server-Sent Events) over HTTP: This is the pattern for distributed, cloud-native production systems. The MCP Server runs independently as a web service (e.g., in a Docker container). The agent connects to it over the network. This allows multiple agents to share a single, centralized MCP server.

3. Server Configuration Scoping

Configuration dictates exactly what an MCP server is allowed to do. When an agent boots up, it reads a configuration file (often claude_desktop_config.json or a framework-specific YAML file) to know which servers to launch and what parameters to pass them.

Architectural Best Practice: Scoping

Never configure an MCP server with global access. If you are configuring a GitHub MCP server, do not give it a Personal Access Token (PAT) with root access to all your repositories. You must configure the server's scope strictly to the exact repositories the agent needs for its assigned task.

4. Secret Management (The Core Challenge)

MCP servers require highly sensitive credentials (database passwords, API keys, OAuth tokens) to access external systems. Hardcoding these into the configuration file is a critical security failure.

Local / Development Environments:

During local development, MCP servers should be configured to read from a secure .env file that is strictly included in your .gitignore.

Production Environments:

In production, your architecture must never rely on static files for secrets. You must inject credentials at runtime as environment variables. As a standard best practice, you will typically integrate this configuration with enterprise-grade vaults like AWS Secrets Manager or GCP Secret Manager.

  • The Workflow: When the execution container for your agent spins up, your deployment pipeline fetches the temporary, encrypted keys from the Secret Manager, injects them into the MCP Server's environment, and the server establishes the connection. This ensures your deployment remains entirely stateless and secure, preventing catastrophic leaks if the agent's code repository is compromised.

5. Handling Configuration and Auth Errors

Because MCP servers sit between the agent and the data, authentication failures are common. As an architect, you must handle these gracefully.

  • Failing Fast: If an MCP server fails to authenticate upon startup due to a missing or invalid secret, the server should crash immediately (fail fast) rather than quietly starting up with no capabilities.

  • Error Propagation: If an API key expires while the agent is running, the MCP server will throw an authorization error. As covered in Lesson 2.2, this error must be caught and returned to Claude as a structured tool_result (e.g., {"error": "GitHub API token expired. Disconnecting MCP server."}). Claude can then read this error and properly escalate the failure to the user, rather than endlessly retrying a broken connection.