Best Practices

This guide outlines security best practices for configuring and using Model Context Protocol (MCP) servers with Kiro, helping you protect sensitive information and maintain system security.

Understanding MCP Security

MCP servers extend Kiro's capabilities by connecting to external services and APIs. This introduces potential security considerations that should be addressed:

• Access to sensitive information: MCP servers may require API keys or tokens
• External code execution: MCP servers run code outside of Kiro's sandbox
• Data transmission: Information flows between Kiro and external services

Secure Configuration

Protecting API Keys and Tokens

1. Never commit configuration files with sensitive tokens to version control
2. Create tokens with minimal permissions necessary for the MCP server to function
3. Regularly rotate API keys and tokens used in configurations

Configuration File Permissions

Restrict access to your MCP configuration files:

# Set restrictive permissions on user-level config
chmod 600 ~/.kiro/settings/mcp.json

# Set restrictive permissions on workspace-level config
chmod 600 .kiro/settings/mcp.json

Safe Tool Usage

Tool Approval Process

1. Review each tool request carefully before approval
2. Check the parameters being passed to the tool
3. Understand what the tool will do before approving it
4. Deny any suspicious requests that don't match your current task

Auto-approval Guidelines

Only auto-approve tools that:

1. Don't have write access to sensitive systems
2. Come from trusted sources with verified code
3. Are used frequently in your workflow
4. Have limited scope of what they can access

{
  "mcpServers": {
    "aws-docs": {
      "autoApprove": [
        "mcp_aws_docs_search_documentation", 
        "mcp_aws_docs_read_documentation"
      ]
    }
  }
}

Server-Specific Security

AWS Documentation Server

The AWS Documentation server is generally safe as it:

• Only reads public documentation
• Doesn't access your AWS account or resources
• Doesn't require AWS credentials

GitHub MCP Server

When using the GitHub MCP server:

1. Create a dedicated token for Kiro with minimal permissions
2. Limit repository access to only those needed
3. Don't grant delete permissions unless absolutely necessary
4. Consider using a fine-grained personal access token instead of a classic token

Custom MCP Servers

When creating or using custom MCP servers:

1. Review the source code before using
2. Run in isolated environments when possible
3. Limit the permissions granted to the server
4. Monitor the server's activity for unexpected behavior

Workspace Isolation

Using Workspace-Level Configurations

Use workspace-level configurations for project-specific MCP servers:

project-a/
├── .kiro/
│   └── settings/
│       └── mcp.json  # Project A specific servers
project-b/
├── .kiro/
│   └── settings/
│       └── mcp.json  # Project B specific servers

This ensures that:

• MCP servers only run when working in the relevant project
• Tokens and configurations are isolated between projects
• Security risks are contained to specific workspaces

Monitoring and Auditing

Checking MCP Logs

Regularly review MCP logs to monitor server activity:

1. Open the Kiro panel
2. Select the Output tab
3. Choose "Kiro - MCP Logs" from the dropdown

Auditing Tool Usage

Periodically review which tools you've approved:

1. Check your MCP configuration for auto-approved tools
2. Review the MCP logs for tool usage patterns
3. Remove auto-approval for tools you no longer use frequently

Responding to Security Incidents

If you suspect a security issue with an MCP server:

1. Disable the server immediately in your configuration
2. Revoke any tokens or API keys associated with the server
3. Check for unauthorized activity in the connected services
4. Report the issue to the MCP server maintainer

Additional Security Measures

Network Security

1. Use firewalls to restrict outbound connections from MCP servers
2. Consider using a VPN for sensitive MCP server connections
3. Monitor network traffic to and from MCP servers

System Security

1. Keep your system updated with security patches
2. Run MCP servers with minimal privileges
3. Use separate user accounts for running sensitive MCP servers

For information on configuring MCP servers, see the MCP Configuration page.