passwd

This MCP server exposes the passwd.team password manager as an MCP service, enabling your AI assistant to search, read, create, update, delete, and share secrets, including passwords, API keys, SSH keys, secure notes, TOTP codes, and file attachments. It supports advanced sharing permissions and group/contacts lookups to facilitate secure collaboration. You can interact with it through MCP-enabled clients (e.g., Claude Code, Claude Desktop/Cowork, Cursor/Windsurf) or via the passwd CLI when integrated as an MCP tool. The server relies on OAuth-based authentication and requires you to set the deployment URL via PASSWD_ORIGIN; all secret operations are performed through the passwd CLI tool or via the MCP bridge, allowing structured, JSON-driven interactions for automation and chat-based workflows.

Prerequisites:

• Node.js and npm (or pnpm) installed on the client machine
• Access token for GitHub Packages if you’re behind a private registry (as the README notes, packages are hosted on GitHub Packages)
• PASSWD_ORIGIN URL for your passwd.team deployment

Step-by-step installation:

1. Ensure you have a GitHub Packages auth setup if required by your environment. For one-time setup described in the README:

//npm.pkg.github.com/:_authToken=ghp_YOUR_TOKEN_HERE
@pepuscz:registry=https://npm.pkg.github.com

2. Use npx to run the MCP server directly (no build step required):

npx -y @pepuscz/passwd-mcp@1.0.6

3. If you prefer to pin the server to a specific version in your MCP config, set up the server entry as:

{
  "mcpServers": {
    "passwd-mcp": {
      "command": "npx",
      "args": ["-y", "@pepuscz/passwd-mcp@1.0.6"],
      "env": {
        "PASSWD_ORIGIN": "https://your-company.passwd.team"
      }
    }
  }
}

4. Test the setup by running a basic command through your MCP client (the exact syntax depends on the client). For example, in Claude or the CLI integration, ensure the server name matches (passwd-mcp) and that PASSWD_ORIGIN is configured.

Prerequisites recap:

• Node.js installed
• Access token or authentication flow enabled for passwd.mcp
• PASSWD_ORIGIN set to your passwd.team URL
• Optional: configure npm authentication if needed to access the package registry

Tips and common considerations:

• PASSWD_ORIGIN is required and points to your passwd.team deployment; without it, authentication and API requests may fail.
• Tokens are cached after first login (e.g., ~/.passwd/tokens.json for the CLI). If you encounter authentication issues, ensure tokens are refreshed or re-authenticated.
• Upgrading: when new versions are released, update the MCP config and the referenced MCP package version, then restart the client to pick up changes.
• If you use the CLI in conjunction with the MCP, you may need to login via npx @pepuscz/passwd-cli@<version> to populate cached tokens.
• This MCP server integrates with standard passwd CLI tooling and supports sharing, TOTPs, files, and multiple secret types; always follow the recommended JSON outputs and avoid exposing secrets in chat unless explicitly requested by the user.