Delinea launched an Mannequin Context Protocol (MCP) server that allow AI-agent entry to credentials saved in Delinea Secret Server and the Delinea Platform. The server applies identification checks and coverage guidelines on each name, aiming to maintain long-lived secrets and techniques out of agent reminiscence whereas retaining full auditability
What’s new for me?
The GitHub challenge DelineaXPM/delinea-mcp (MIT-licensed) exposes a constrained MCP instrument floor for credential retrieval and account operations, helps OAuth 2.0 dynamic shopper registration per the MCP spec, and gives each STDIO and HTTP/SSE transports. The repo consists of Docker artifacts and instance configs for editor/agent integrations
The way it works?
The server exposes MCP instruments that proxy to Secret Server and (optionally) the Delinea Platform: secret and folder retrieval/search, inbox/access-request helpers, person/session admin, and report execution; secrets and techniques themselves stay vaulted and are by no means introduced to the agent. Configuration separates secrets and techniques into setting variables (e.g., DELINEA_PASSWORD) and non-secrets into config.json, with scope controls (enabled_tools, allowed object sorts), TLS certs, and an optionally available registration pre-shared key.
Clarify me why precisely it issues to me
Enterprises are quickly wiring brokers to operational techniques by way of MCP. Latest incidents—equivalent to a rogue MCP package deal exfiltrating electronic mail—underscore the necessity for registration controls, TLS, least-privilege instrument surfaces, and traceable identification context on each name. Delinea’s server claims to implement these controls in a PAM-aligned sample (ephemeral auth + coverage checks + audit), lowering credential sprawl and simplifying revocation.
Abstract
Delinea’s MIT-licensed MCP server provides enterprises an ordinary, auditable means for AI-agent credential entry—short-lived tokens, coverage analysis, and constrained instruments—to cut back secret publicity whereas integrating with Secret Server and the Delinea Platform. It’s out there now on GitHub, with preliminary protection and technical particulars confirming OAuth2, STDIO/HTTP(SSE) transports, and scoped operations.
Michal Sutter is a knowledge science skilled with a Grasp of Science in Information Science from the College of Padova. With a stable basis in statistical evaluation, machine studying, and information engineering, Michal excels at reworking complicated datasets into actionable insights.
