[Security] [Docs] Insecure practice of passing secrets via command line arguments

XMLWordPrintableJSON

    • Type: Story
    • Resolution: Done
    • Priority: Major - P3
    • 1.0.0
    • Affects Version/s: None
    • Component/s: None
    • None
    • Needed
    • Hide

      We need to update our MCP docs to promote using environment variables over command line arguments for providing configuration options that possibly contains credentials such as:

      • connectionString

      • apiClientId

      • apiClientSecret
      Show
      We need to update our MCP docs to promote using environment variables over command line arguments for providing configuration options that possibly contains credentials such as: connectionString apiClientId apiClientSecret
    • Developer Tools

      Update Readme and provide it to the DOCSP 

       

      Update documentation to remove the insecure practices and suggest use env settings instead in a mcp configuration or pass env variables from file without exposing them in command line.

       

      Security: https://docs.google.com/document/d/1p3rU1ivM6BhIOl9g5V2QuAGS6fu9O8DbBTgYRw2drTY/edit?tab=t.0#heading=h.gtsmc864zs51 

            Assignee:
            Himanshu Singh
            Reporter:
            Bianca Lisle
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: