Documentation

Best Practices

This guide outlines security best practices for configuring and using Model Context Protocol (MCP) servers with Kiro, helping you protect sensitive information and maintain system security.

Copied!Understanding MCP Security

MCP servers extend Kiro's capabilities by connecting to external services and APIs. This introduces potential security considerations that should be addressed:

  • Access to sensitive information: MCP servers may require API keys or tokens
  • External code execution: MCP servers run code outside of Kiro's sandbox
  • Data transmission: Information flows between Kiro and external services

Copied!Secure Configuration

Copied!Protecting API Keys and Tokens

  1. Never commit configuration files with sensitive tokens to version control
  2. Use environment variables when possible instead of hardcoding values
  3. Create tokens with minimal permissions necessary for the MCP server to function
  4. Regularly rotate API keys and tokens used in configurations

Copied!Example: Using Environment Variables

Instead of hardcoding tokens in your configuration:

json
{ "mcpServers": { "github": { "env": { "GITHUB_PERSONAL_ACCESS_TOKEN": "${GITHUB_TOKEN}" } } } }

Set the environment variable in your shell:

bash
export GITHUB_TOKEN=your-token-value

Copied!Configuration File Permissions

Restrict access to your MCP configuration files:

bash
# Set restrictive permissions on user-level config chmod 600 ~/.kiro/settings/mcp.json # Set restrictive permissions on workspace-level config chmod 600 .kiro/settings/mcp.json

Copied!Safe Tool Usage

Copied!Tool Approval Process

  1. Review each tool request carefully before approval
  2. Check the parameters being passed to the tool
  3. Understand what the tool will do before approving it
  4. Deny any suspicious requests that don't match your current task

Copied!Auto-approval Guidelines

Only auto-approve tools that:

  1. Don't have write access to sensitive systems
  2. Come from trusted sources with verified code
  3. Are used frequently in your workflow
  4. Have limited scope of what they can access
json
{ "mcpServers": { "aws-docs": { "autoApprove": [ "mcp_aws_docs_search_documentation", "mcp_aws_docs_read_documentation" ] } } }

Copied!Server-Specific Security

Copied!AWS Documentation Server

The AWS Documentation server is generally safe as it:

  • Only reads public documentation
  • Doesn't access your AWS account or resources
  • Doesn't require AWS credentials

Copied!GitHub MCP Server

When using the GitHub MCP server:

  1. Create a dedicated token for Kiro with minimal permissions
  2. Limit repository access to only those needed
  3. Don't grant delete permissions unless absolutely necessary
  4. Consider using a fine-grained personal access token instead of a classic token

Copied!Custom MCP Servers

When creating or using custom MCP servers:

  1. Review the source code before using
  2. Run in isolated environments when possible
  3. Limit the permissions granted to the server
  4. Monitor the server's activity for unexpected behavior

Copied!Workspace Isolation

Copied!Using Workspace-Level Configurations

Use workspace-level configurations for project-specific MCP servers:

project-a/ ├── .kiro/ │ └── settings/ │ └── mcp.json # Project A specific servers project-b/ ├── .kiro/ │ └── settings/ │ └── mcp.json # Project B specific servers

This ensures that:

  • MCP servers only run when working in the relevant project
  • Tokens and configurations are isolated between projects
  • Security risks are contained to specific workspaces

Copied!Monitoring and Auditing

Copied!Checking MCP Logs

Regularly review MCP logs to monitor server activity:

  1. Open the Kiro panel
  2. Select the Output tab
  3. Choose "Kiro - MCP Logs" from the dropdown

Copied!Auditing Tool Usage

Periodically review which tools you've approved:

  1. Check your MCP configuration for auto-approved tools
  2. Review the MCP logs for tool usage patterns
  3. Remove auto-approval for tools you no longer use frequently

Copied!Responding to Security Incidents

If you suspect a security issue with an MCP server:

  1. Disable the server immediately in your configuration
  2. Revoke any tokens or API keys associated with the server
  3. Check for unauthorized activity in the connected services
  4. Report the issue to the MCP server maintainer

Copied!Additional Security Measures

Copied!Network Security

  1. Use firewalls to restrict outbound connections from MCP servers
  2. Consider using a VPN for sensitive MCP server connections
  3. Monitor network traffic to and from MCP servers

Copied!System Security

  1. Keep your system updated with security patches
  2. Run MCP servers with minimal privileges
  3. Use separate user accounts for running sensitive MCP servers

For information on configuring MCP servers, see the MCP Configuration page.

Page updated: June 20, 2025