keeper -node

The Keeper MCP Server exposes a Model Context Protocol (MCP) interface that allows MCP-compatible clients to securely access Keeper Secrets Manager. It authenticates against Keeper and provides a set of tools to list, search, retrieve, and manage secrets (with sensitive fields masked by default). Clients communicate over standard input/output (stdio), so you can run the server in a background process or integrate it directly into MCP-enabled tools. Typical flows involve starting the Node-based server and then issuing MCP tool calls such as ksm_list_secrets, ksm_get_secret, and ksm_search_secrets to interact with your Keeper vault. The server supports multiple operations for secrets, folders, and files, including generating passwords and retrieving specific fields like passwords, usernames, or URLs. To integrate with clients like Claude Desktop or Postman, configure the MCP client to point at the server's node process and pass the appropriate arguments to launch dist/index.js.

Usage essentials:

• Start the server with: node /path/to/keeper-mcp-node/dist/index.js
• List accessible secrets via the ksm_list_secrets tool call
• Retrieve a secret with ksm_get_secret (mask sensitive fields by default)
• Search secrets using ksm_search_secrets by title, notes, or field content
• Manage folders and files with ksm_list_folders, ksm_upload_file, and ksm_download_file The README provides concrete JSON RPC-like requests for each tool, which you can adapt into your MCP client’s workflows.

Prerequisites:\n- Node.js 18 or higher\n- Git\n- npm (comes with Node)\n\nStep 1: Install from npm (if available):\nbash\nnpm install -g @keeper/mcp-server\n\nStep 2: Install from source\nbash\n# Clone the repository\ngit clone https://github.com/Keeper-Security/keeper-mcp-node.git\ncd keeper-mcp-node\n\nnpm install\nnpm run build\n\nStep 3: Run the server (example)\nbash\nnode dist/index.js # or use your preferred launcher to run the built server\n\nPrerequisites recap: ensure your environment has Node.js >= 18 and that Keeper Secrets Manager is configured with an application, devices, and a retrieved configuration file or a valid KSM_TOKEN if using the one-time token flow.

Tips and common scenarios:\n- The server uses Keeper Secrets Manager SDK under the hood; ensure your Keeper account and Secrets Manager are properly configured (Applications, Devices, and access rights).\n- You can supply a configuration file (ksm-config.json) in ~/.keeper/ksm-config.json or ./ksm-config.json, or set KSM_TOKEN for a one-time token flow to auto-generate config.\n- When running in an MCP environment, the server communicates via stdio. Configure your MCP client to launch: node /path/to/keeper-mcp-node/dist/index.js.\n- If you encounter connectivity or authentication errors, verify Keeper credentials, the presence of a valid configuration, and that the Keeper SDK is allowed network access.\n- Environment variables that may be relevant include KSM_TOKEN (for one-time token usage) and any Keeper configuration paths.