This guide outlines security best practices for configuring and using Model Context Protocol (MCP) servers with Kiro, helping you protect sensitive information and maintain system security.
Understanding MCP Security
MCP servers extend Kiro's capabilities by connecting to external services and APIs. This introduces potential security considerations that should be addressed:
- Access to sensitive information: MCP servers may require API keys or tokens
- External code execution: MCP servers run code outside of Kiro's sandbox
- Data transmission: Information flows between Kiro and external services
Secure Configuration
Protecting API Keys and Tokens
- Never commit configuration files with sensitive tokens to version control
- Use environment variables when possible instead of hardcoding values
- Create tokens with minimal permissions necessary for the MCP server to function
- Regularly rotate API keys and tokens used in configurations
Example: Using Environment Variables
Instead of hardcoding tokens in your configuration:
{ "mcpServers": { "github": { "env": { "GITHUB_PERSONAL_ACCESS_TOKEN": "${GITHUB_TOKEN}" } } } }
Set the environment variable in your shell:
export GITHUB_TOKEN=your-token-value
Configuration File Permissions
Restrict access to your MCP configuration files:
# Set restrictive permissions on user-level config chmod 600 ~/.kiro/settings/mcp.json # Set restrictive permissions on workspace-level config chmod 600 .kiro/settings/mcp.json
Safe Tool Usage
Tool Approval Process
- Review each tool request carefully before approval
- Check the parameters being passed to the tool
- Understand what the tool will do before approving it
- Deny any suspicious requests that don't match your current task
Auto-approval Guidelines
Only auto-approve tools that:
- Don't have write access to sensitive systems
- Come from trusted sources with verified code
- Are used frequently in your workflow
- Have limited scope of what they can access
{ "mcpServers": { "aws-docs": { "autoApprove": [ "mcp_aws_docs_search_documentation", "mcp_aws_docs_read_documentation" ] } } }
Server-Specific Security
AWS Documentation Server
The AWS Documentation server is generally safe as it:
- Only reads public documentation
- Doesn't access your AWS account or resources
- Doesn't require AWS credentials
GitHub MCP Server
When using the GitHub MCP server:
- Create a dedicated token for Kiro with minimal permissions
- Limit repository access to only those needed
- Don't grant delete permissions unless absolutely necessary
- Consider using a fine-grained personal access token instead of a classic token
Custom MCP Servers
When creating or using custom MCP servers:
- Review the source code before using
- Run in isolated environments when possible
- Limit the permissions granted to the server
- Monitor the server's activity for unexpected behavior
Workspace Isolation
Using Workspace-Level Configurations
Use workspace-level configurations for project-specific MCP servers:
project-a/ ├── .kiro/ │ └── settings/ │ └── mcp.json # Project A specific servers project-b/ ├── .kiro/ │ └── settings/ │ └── mcp.json # Project B specific servers
This ensures that:
- MCP servers only run when working in the relevant project
- Tokens and configurations are isolated between projects
- Security risks are contained to specific workspaces
Monitoring and Auditing
Checking MCP Logs
Regularly review MCP logs to monitor server activity:
- Open the Kiro panel
- Select the Output tab
- Choose "Kiro - MCP Logs" from the dropdown
Auditing Tool Usage
Periodically review which tools you've approved:
- Check your MCP configuration for auto-approved tools
- Review the MCP logs for tool usage patterns
- Remove auto-approval for tools you no longer use frequently
Responding to Security Incidents
If you suspect a security issue with an MCP server:
- Disable the server immediately in your configuration
- Revoke any tokens or API keys associated with the server
- Check for unauthorized activity in the connected services
- Report the issue to the MCP server maintainer
Additional Security Measures
Network Security
- Use firewalls to restrict outbound connections from MCP servers
- Consider using a VPN for sensitive MCP server connections
- Monitor network traffic to and from MCP servers
System Security
- Keep your system updated with security patches
- Run MCP servers with minimal privileges
- Use separate user accounts for running sensitive MCP servers
For information on configuring MCP servers, see the MCP Configuration page.
Best Practices