Labsco
enkryptai logo

Enkrypt AI Secure MCP Gateway

β˜… 55

from enkryptai

A secure MCP gateway that acts as a proxy, providing authentication, tool discovery, caching, and guardrail enforcement.

πŸ”₯πŸ”₯πŸ”₯πŸ”₯βœ“ VerifiedPaid serviceAdvanced setup

Enkrypt AI Secure MCP Gateway

enkrypt-secure-mcp-gateway-hld

πŸ“– Featured Blog Post: Learn how the Secure MCP Gateway prevents top attacks and vulnerabilities in our latest blog:

How Enkrypt's Secure MCP Gateway and MCP Scanner Prevent Top Attacks

Discover real-world attack scenarios, security best practices, and how our gateway protects your AI applications.

Overview

This Secure MCP Gateway is built with authentication, automatic tool discovery, caching, and guardrail enforcement.

It sits between your MCP client and MCP servers. So, by it's nature it itself also acts as an MCP server as well as an MCP client :)

When your MCP client connects to the Gateway, it acts as an MCP server. When the Gateway connects to the actual MCP server, it acts as an MCP client.

Table of Contents

1. Features

enkrypt-secure-mcp-gateway-features

Below are the list of features Enkrypt AI Secure MCP Gateway provides:

  1. Authentication: We use Unique Key to authenticate with the Gateway. We also use Enkrypt API Key if you want to protect your MCPs with Enkrypt Guardrails. Additionally, a secure admin_apikey (256-character random string) is automatically generated for administrative REST API operations.

  2. Ease of use: You can configure all your MCP servers locally in the config file or better yet in Enkrypt (Coming soon) and use them in the Gateway by using their name

  3. Dynamic Tool Discovery: The Gateway discovers tools from the MCP servers dynamically and makes them available to the MCP client

  4. Restrict Tool Invocation: If you don't want all tools to be accessible of a an MCP server, you can restrict them by explicitly mentioning the tools in the Gateway config so that only the allowed tools are accessible to the MCP client

  5. Caching: We cache the user gateway config and tools discovered from various MCP servers locally or in an external cache server like KeyDB if configured to improve performance

  6. Guardrails: You can configure guardrails for each MCP server in Enkrypt both on input side (before sending the request to the MCP server) and output side (after receiving the response from the MCP server)

  7. Logging: We log every request and response from the Gateway locally in your MCP logs and also forward them to Enkrypt (Coming soon) for monitoring. This enables you to see all the calls made in your account, servers used, tools invoked, requests blocked, etc.

  8. Sandbox Isolation: MCP servers can be launched inside isolated sandbox environments (Docker, Podman, or microVMs) so that a compromised or malicious server cannot access the host filesystem, network, or other resources. Each sandbox is ephemeral β€” created per session and destroyed when done.

1.1 Guardrails

enkrypt-secure-mcp-gateway-guardrails

Input Protection: Topic detection, NSFW filtering, toxicity detection, injection attack prevention, keyword detection, policy violation detection, bias detection, and PII redaction (More coming soon like system prompt protection, copyright protection, etc.)

Output Protection: All input protections plus adherence checking and relevancy validation (More coming soon like hallucination detection, etc.) We also auto unredact the response if it was redacted on input.

1.2 Concepts

  • MCP Config is an array of MCP servers like mcp_server_1, mcp_server_2, mcp_server_3 etc.

    • Each config has a unique ID
  • User is a user of the gateway with unique email and ID

  • A project is a collection of users that share an MCP Config

    • Project has a name and unique ID
    • The MCP Config can be updated or can be pointed to a different config by the Admin
    • Users can be added to multiple projects
  • An API Key is created for a user and project combination

    • A user can have different API Keys for different projects
    • This API Key is used to authenticate the user and identify the right project and MCP Config
  • See 6.5 Example config file generated and 7. Edit the Gateway config as needed for schema reference

2. High level steps of how the MCP Gateway works

Local Gateway with Remote Guardrails Flow

<br> <details> <summary><strong>πŸͺœ Steps </strong></summary> <br>
  1. Your MCP client connects to the Secure MCP Gateway server with API Key (handled by src/secure_mcp_gateway/gateway.py).

  2. Gateway server fetches gateway config from local enkrypt_mcp_config.json file or remote Enkrypt Auth server (Coming soon).

    • It caches the config locally or in an external cache server like KeyDB if configured to improve performance.
  3. If input guardrails are enabled, request is validated before the tool call (handled by src/secure_mcp_gateway/guardrail.py).

    • Request is blocked if it violates any of the configured guardrails and the specific detector is configured to block.
  4. Requests are forwarded to the Gateway Client (handled by src/secure_mcp_gateway/client.py).

  5. The Gateway client forwards the request to the appropriate MCP server (handled by src/secure_mcp_gateway/client.py).

  6. The MCP server processes the request and returns the response to the Gateway client.

  7. If it was a discover tools call, the Gateway client caches the tools locally or in an external cache server like KeyDB if configured. It then forwards the response to the Gateway server.

  8. The Gateway server receives the response from the Gateway client and if output guardrails are enabled, it validates the response against the configured guardrails (handled by src/secure_mcp_gateway/guardrail.py).

    • Response is blocked if it violates any of the configured guardrails and the specific detector is configured to block.
  9. The Gateway server forwards the response back to the MCP client if everything is fine.

</details>

7. Edit the Gateway config as needed

<details> <summary><strong>βœ‚οΈ Edit Gateway Config </strong></summary>
  • Important:

    • We need to restart Claude Desktop after editing the config file
    • To make all new tools accessible, please use prompt "list all servers, get all tools available" for the MCP Client to discover all new tools. After this the MCP Client should be able to use all tools of the servers configured in the Gateway config file
  • You can add many MCP servers inside the mcp_config array of this gateway config

    • You can look here for example servers

    • You can also try the Enkrypt MCP Server

    • Example:

      {
        "common_mcp_gateway_config": {...},
        "mcp_configs": {
          "UNIQUE_MCP_CONFIG_ID": {
            "mcp_config_name": "default_config",
            "mcp_config": [
              {
                "server_name": "MCP_SERVER_NAME_1",
                "description": "MCP_SERVER_DESCRIPTION_1",
                "config": {
                  "command": "python/npx/etc.",
                  "args": [
                    "arg1", "arg2", ...
                  ],
                  "env": { "key": "value" }
                },
                // Set explicit tools to restrict access to only the allowed tools
                // Example: "tools": { "tool_name": "tool_description" }
                // Example: "tools": { "echo": "Echo a message" }
                // Or leave the tools empty {} to discover all tools dynamically
                "tools": {},
                "enable_server_info_validation": false,
                "enable_tool_guardrails": false,
                "input_guardrails_config": {...},
                "output_guardrails_config": {...}
              },
              {
                "server_name": "MCP_SERVER_NAME_2",
                "description": "MCP_SERVER_DESCRIPTION_2",
                "config": {...},
                "tools": {},
                "enable_server_info_validation": false,
                "enable_tool_guardrails": false,
                "input_guardrails_config": {...},
                "output_guardrails_config": {...}
              }
            ]
          },
          "UNIQUE_MCP_CONFIG_ID_2": {...}
        },
        "projects": {
          "UNIQUE_PROJECT_ID": {
            "project_name": "default_project",
            "mcp_config_id": "UNIQUE_MCP_CONFIG_ID",
            "users": [
              "UNIQUE_USER_ID"
            ],
            "created_at": "2025-01-01T00:00:00.000000"
          },
          "UNIQUE_PROJECT_ID_2": {...}
        },
        "users": {
          "UNIQUE_USER_ID": {
            "email": "default@example.com",
            "created_at": "2025-01-01T00:00:00.000