Decrypt Secrets
Decrypt your encrypted MCP tokens at the start of a remote session.
When to Use
- •At the start of a remote/web session when MCP servers need tokens
- •When you see "Encrypted secrets found but not decrypted" in session startup
- •When MCP servers fail due to missing authentication
How It Works
- •Your tokens are stored encrypted in
.env.local.encrypted(safe to commit) - •Running this decrypts them to
.env.local(gitignored) - •MCP servers then use the tokens automatically
Instructions
Run the decryption script and enter your passphrase:
bash
node scripts/secrets/decrypt-secrets.js
You'll be prompted for the passphrase you set when encrypting.
First-Time Setup
If you haven't encrypted your secrets yet:
- •
Add your tokens to
.env.local:codeGITHUB_TOKEN=ghp_your_token SONAR_TOKEN=sqp_your_token CONTEXT7_API_KEY=your_key
- •
Encrypt them:
bashnode scripts/secrets/encrypt-secrets.js
- •
Commit
.env.local.encryptedto your repo - •
In future sessions, just run the decrypt script
Security Notes
- •
.env.localis gitignored - your actual tokens are never committed - •
.env.local.encrypteduses AES-256-GCM encryption - •Choose a strong passphrase (8+ characters)
- •Your passphrase is never stored anywhere