|

Delinea Released an MCP Server to Put Guardrails Around AI Agents Credential Access

ByRicardo

Delinea launched an Model Context Protocol (MCP) server that permit AI-agent entry to credentials saved in Delinea Secret Server and the Delinea Platform. The server applies identification checks and coverage guidelines on each name, aiming to preserve long-lived secrets and techniques out of agent reminiscence whereas retaining full auditability

What’s new for me?

The GitHub project DelineaXPM/delinea-mcp (MIT-licensed) exposes a constrained MCP device floor for credential retrieval and account operations, helps OAuth 2.0 dynamic shopper registration per the MCP spec, and provides each STDIO and HTTP/SSE transports. The repo consists of Docker artifacts and instance configs for editor/agent integrations

How it really works?

The server exposes MCP instruments that proxy to Secret Server and (optionally) the Delinea Platform: secret and folder retrieval/search, inbox/access-request helpers, person/session admin, and report execution; secrets and techniques themselves stay vaulted and are by no means offered to the agent. Configuration separates secrets and techniques into atmosphere variables (e.g., DELINEA_PASSWORD) and non-secrets into config.json, with scope controls (enabled_tools, allowed object varieties), TLS certs, and an non-compulsory registration pre-shared key.

Explain me why precisely it issues to me

Enterprises are quickly wiring brokers to operational programs via MCP. Recent incidents—corresponding to a rogue MCP bundle exfiltrating electronic mail—underscore the necessity for registration controls, TLS, least-privilege device surfaces, and traceable identification context on each name. Delinea’s server claims to implement these controls in a PAM-aligned sample (ephemeral auth + coverage checks + audit), decreasing credential sprawl and simplifying revocation.

Summary

Delinea’s MIT-licensed MCP server offers enterprises an ordinary, auditable means for AI-agent credential entry—short-lived tokens, coverage analysis, and constrained instruments—to cut back secret publicity whereas integrating with Secret Server and the Delinea Platform. It’s accessible now on GitHub, with preliminary protection and technical particulars confirming OAuth2, STDIO/HTTP(SSE) transports, and scoped operations.

The publish Delinea Released an MCP Server to Put Guardrails Around AI Agents Credential Access appeared first on MarkTechPost.

Similar Posts