Summary

The secrets management system (usr/secrets.env + §§secret(KEY) placeholders + SecretsManager.replace_placeholders()) was only wired up for tool call arguments via _10_unmask_secrets.py — not for MCP server startup configuration.

This means §§secret(MY_KEY) in an MCP server's env dict (stdio) or headers/url (SSE/HTTP) was passed as a literal string instead of being resolved to the actual secret value.

Changes

Resolve §§secret() placeholders before passing config to the MCP SDK:

Stdio servers (MCPClientLocal._create_stdio_transport):

from python.helpers.secrets import get_default_secrets_manager
secrets_mgr = get_default_secrets_manager()
resolved_env = None
if server.env:
    resolved_env = {
        k: secrets_mgr.replace_placeholders(v) if isinstance(v, str) else v
        for k, v in server.env.items()
    }
# Then pass resolved_env to StdioServerParameters

SSE/HTTP servers (MCPClientRemote._create_stdio_transport):

• Resolves §§secret() in server.url
• Resolves §§secret() in server.headers dict values
• Used for both sse_client() and streamablehttp_client()

Usage

Users can now configure MCP servers with secret references:

{
  "mcpServers": {
    "my-se    "my-se    "my-se    "my-se    "my-se    "my-se    "my-se    "my-se    "my-se    "my-se    "my-se    "my-se    "my-se    "my-se    "my-se    "my-se    "my-se    "my-se    "my-se    "m an    "my-se_p    "my-se    "my-se    "my-se    "my-se    "my-se    "my-se    "my-se  � only adds resolution when `§§secret()` patterns are present
---------ea---------ea---------ea---------ea---------ea---------ea------secrets in output
- Affected file: `python/hel- Affected file: `y`- Affected f8