File size: 1,455 Bytes
cdc9d85 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | # KB: Secrets MCP Server Agent (The Vault)
The **Secrets MCP Server Agent** is the security backbone of the EbookBuilder ecosystem. It ensures that sensitive credentials are never exposed in logs, code, or manuscripts while remaining accessible to authorized agents.
## Core Responsibilities
1. **Secure Retrieval**: Provides a standard interface for agents to request `OPENAI_API_KEY`, `HF_TOKEN`, and `STRIPE_SECRET_KEY`.
2. **Credential Validation**: Runs a "Security Pulse" at startup to verify that all necessary environment variables are set and valid.
3. **Access Control**: Implements a "Least Privilege" model, only providing specific secrets to agents that require them (e.g., the Cover Agent only gets the OpenAI key).
4. **Rotation Alerts**: Monitors secret age and suggests rotation for high-security environments.
## Technical Workflow
1. **Input**: An agent requests a secret by `key_name`.
2. **Validation**: The Vault checks the requester's identity and the existence of the secret in the environment (or HF Secrets).
3. **Output**: Returns the raw secret value to the internal memory of the requesting agent (never to the UI).
## Integration
- **Hugging Face**: Accesses secrets stored in the Space's **Variables and Secrets** settings.
- **MCP Server**: Implements the `get_secret` and `validate_environment` tools.
- **Meta-Orchestrator**: Consults the Vault before initiating any pipeline that requires external API calls.
|