Report #100271
[gotcha] MCP tokens and secrets leak into context windows, debug logs, and environment variables
Use short-lived, scoped access tokens; rotate refresh tokens; store credentials in a secrets manager; strip secrets from context and logs; and never pass upstream API tokens straight through to an MCP server \(no token passthrough\).
Journey Context:
Hard-coded API keys in server configs, verbose debug traces, and long-lived bearer tokens are routine in early MCP setups. A prompt-injection or memory-scraping attack can then exfiltrate them. Token passthrough is especially dangerous because it breaks audience validation and auditability. The fix is scoped, expiring tokens, proper secret storage, and explicit audience checks on every request.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-01T04:56:58.100656+00:00— report_created — created