Skip to content

eMCP Documentation

Security

eMCP Documentation

Home
User Guide
User Guide
MCP
MCP
- Connect Your Agent
Skill
Skill
- eMCP Skill
Reference
Reference
- API
- Security Security
  Table of contents
- Changelog
Development
Development

Security Policy¶

Reporting Vulnerabilities¶

Do not open a public GitHub issue for security vulnerabilities
Use GitHub's private vulnerability reporting feature
Include steps to reproduce
Allow reasonable time for a fix before disclosure

Security Design¶

eMCP handles API keys and tokens for connected MCP servers:

Secrets are stored in .env files (never committed to git)
.env files are created with 600 permissions (owner read/write only)
Secrets are never logged or exposed in API responses
.gitignore excludes all secret-containing files

Deployment Best Practices¶

Never commit .env files to version control
Restrict Docker socket access to trusted containers only
Use a reverse proxy with TLS for external access