A
securityA
licenseA
qualityA proxy server that unifies multiple MCP servers, enabling seamless tool, prompt, and resource management via the MetaMCP App.
Last updated -
34
145
Apache 2.0
Enables the execution of containerized MCP servers, particularly used for running the GitHub MCP server and potentially other tool integrations.
Used as part of the gateway server implementation to handle authentication, tool discovery, and request forwarding between MCP clients and servers.
Provides tools for interacting with GitHub repositories, allowing users to list files and access repository information via GitHub's API.
Supports optional external caching functionality to improve performance when caching tool discovery results and gateway configurations.
Enkrypt AI Secure MCP Gateway
Overview
This Secure MCP Gateway is built with authentication, automatic tool discovery, caching, and guardrail enforcement.
It sits between your MCP client and MCP servers. So, by it's nature it itself also acts as an MCP server as well as an MCP client :)
When your MCP client connects to the Gateway, it acts as an MCP server. When the Gateway connects to the actual MCP server, it acts as an MCP client.
Also see:
CLI-Commands-Reference.md for the list of commands and their usage
MCP Gateway Setup Notebook for a complete walkthrough of all the essential commands
Table of Contents
1. Features
Below are the list of features Enkrypt AI Secure MCP Gateway provides:
Authentication: We use Unique Key to authenticate with the Gateway. We also use Enkrypt API Key if you want to protect your MCPs with Enkrypt Guardrails
Ease of use: You can configure all your MCP servers locally in the config file or better yet in Enkrypt (Coming soon) and use them in the Gateway by using their name
Dynamic Tool Discovery: The Gateway discovers tools from the MCP servers dynamically and makes them available to the MCP client
Restrict Tool Invocation: If you don't want all tools to be accessible of a an MCP server, you can restrict them by explicitly mentioning the tools in the Gateway config so that only the allowed tools are accessible to the MCP client
Caching: We cache the user gateway config and tools discovered from various MCP servers locally or in an external cache server like KeyDB if configured to improve performance
Guardrails: You can configure guardrails for each MCP server in Enkrypt both on input side (before sending the request to the MCP server) and output side (after receiving the response from the MCP server)
Logging: We log every request and response from the Gateway locally in your MCP logs and also forward them to Enkrypt (Coming soon) for monitoring. This enables you to see all the calls made in your account, servers used, tools invoked, requests blocked, etc.
1.1 Guardrails
Input Protection: Topic detection, NSFW filtering, toxicity detection, injection attack prevention, keyword detection, policy violation detection, bias detection, and PII redaction (More coming soon like system prompt protection, copyright protection, etc.)
Output Protection: All input protections plus adherence checking and relevancy validation (More coming soon like hallucination detection, etc.) We also auto unredact the response if it was redacted on input.
1.2 Concepts
MCP Config is an array of MCP servers like
mcp_server_1,mcp_server_2,mcp_server_3etc.Each config has a unique ID
User is a user of the gateway with unique email and ID
A project is a collection of users that share an MCP Config
Project has a name and unique ID
The MCP Config can be updated or can be pointed to a different config by the Admin
Users can be added to multiple projects
An API Key is created for a user and project combination
A user can have different API Keys for different projects
This API Key is used to authenticate the user and identify the right project and MCP Config
See
2. High level steps of how the MCP Gateway works
Your MCP client connects to the Secure MCP Gateway server with API Key (handled by
src/secure_mcp_gateway/gateway.py).Gateway server fetches gateway config from local
enkrypt_mcp_config.jsonfile or remote Enkrypt Auth server (Coming soon).It caches the config locally or in an external cache server like KeyDB if configured to improve performance.
If input guardrails are enabled, request is validated before the tool call (handled by
src/secure_mcp_gateway/guardrail.py).Request is blocked if it violates any of the configured guardrails and the specific detector is configured to block.
Requests are forwarded to the Gateway Client (handled by
src/secure_mcp_gateway/client.py).The Gateway client forwards the request to the appropriate MCP server (handled by
src/secure_mcp_gateway/client.py).The MCP server processes the request and returns the response to the Gateway client.
If it was a discover tools call, the Gateway client caches the tools locally or in an external cache server like KeyDB if configured. It then forwards the response to the Gateway server.
The Gateway server receives the response from the Gateway client and if output guardrails are enabled, it validates the response against the configured guardrails (handled by
src/secure_mcp_gateway/guardrail.py).Response is blocked if it violates any of the configured guardrails and the specific detector is configured to block.
The Gateway server forwards the response back to the MCP client if everything is fine.
3. Prerequisites
Git 2.43or higherPython 3.11or higher installed on your system and is accessible from the command line using eitherpythonorpython3commandpip 25.0.1or higher is installed on your system and is accessible from the command line using eitherpiporpython -m pipcommanduv 0.7.9or higher is installed on your system and is accessible from the command line using eitheruvorpython -m uvcommand
Check if Python, pip and uv are installed
If any of the below commands fail, please refer the respective documentation to install them properly
Install Claude Desktop as the MCP Client from their website if you haven't already and login to it
If you are using Linux and cannot run any
Any other dependencies required for the MCP servers we want to proxy requests to
Follow the instructions of the respective MCP server to install its dependencies
Like
Node.js,npx,docker, etc.
(Optional) A cache server like KeyDB installed and running (If you want to cache externally and not locally)
If you want to protect your MCPs with Enkrypt Guardrails, you need to do the following:
Create a new account if you don't have one. It's free! 🆓 No credit card required 💳🚫
An
ENKRYPT_API_KEYwhich you can get from Enkrypt Dashboard SettingsTo protect your MCPs with Guardrails, you can use the default sample Guardrail
Sample Airline Guardrailto get started or you can create your own custom GuardrailTo configure custom Guardrails, you need to either login to Enkrypt AI App or use the APIs/SDK
4. Gateway Setup
4.1 Local Installation with pip
4.1.1 Download and Install the Package
Activate a virtual environment
Install the package. For more info see https://pypi.org/project/secure-mcp-gateway/
4.1.2 Run the Generate Command
This generates the config file at
4.1.3 Example of the generated config file
This is an example of the default configuration file generated by the CLI on macOS:
This is an example of the default configuration file generated by the CLI on Windows:
4.1.4 Install the Gateway for Claude Desktop
Run the following command to install the gateway for Claude:
This will register Enkrypt Secure MCP Gateway with Claude Desktop.
NOTE: Please restart Claude Desktop after installation
4.1.5 Example of the Claude Desktop Config after installation
~/Library/Application Support/Claude/claude_desktop_config.json
%USERPROFILE%\AppData\Roaming\Claude\claude_desktop_config.json
4.1.6 Install the Gateway for Cursor
Run the CLI Install Command for Cursor
This automatically updates your ~/.cursor/mcp.json (on Windows it is at: %USERPROFILE%.cursor\mcp.json) with the correct entry.
Although it is not usually required to restart, if you see it in loading state for a long time, please restart Cursor
~/.cursor/mcp.json
%USERPROFILE%\.cursor\mcp.json
4.2 Local Installation with git clone
4.2.1 Clone the repo, setup virtual environment and install dependencies
Clone the repository:
Install Python dependencies:
Verify mcp cli got installed successfully:
4.2.2 Run the setup script
This script creates the config file at
~/.enkrypt/enkrypt_mcp_config.jsonon macOS and%USERPROFILE%\.enkrypt\enkrypt_mcp_config.jsonon Windows based onsrc/secure_mcp_gateway/example_enkrypt_mcp_config.jsonfileIt replaces
UNIQUE_GATEWAY_KEYand otherUUIDswith auto generated values and also replacesDUMMY_MCP_FILE_PATHwith the actual path to the test MCP filetest_mcps/echo_mcp.pyIt also installs the MCP client in Claude Desktop
NOTE: Please restart Claude Desktop after running the setup script to see the Gateway running in Claude Desktop
4.2.3 Setup Other MCP Clients
You can navigate to cursor's Global MCP file at
~/.cursor/mcp.jsonon Linux/macOS or%USERPROFILE%\.cursor\mcp.jsonon WindowsIf you would like to use at a Project level place it inside your project. For details see Cursor's docs
You can also navigate to the file Via cursor's UI by clicking on
settingsgear icon on the top right
Click on
MCPand then click onAdd new global MCP serverwhich takes you to themcp.jsonfile
Example
mcp.jsonfile opened in the editor
Once the file is opened at Global or Project level, you can copy paste the same config we used in
Claude Desktop. For reference, you can refer to Installation - 5.2 Example MCP config file generated 📄Be sure to use your own file that was generated by the
See Verify Cursor section to verify the MCP server is running in Cursor
4.3 Docker Installation
4.3.1 Build the Docker Image
4.3.2 Generate the config file
This creates a config file in the
~/.enkrypt/docker/enkrypt_mcp_config.jsonfile on macOS/Linux and%USERPROFILE%\.enkrypt\docker\enkrypt_mcp_config.jsonfile on Windows.
4.3.3 Install the Gateway in Claude Desktop
You can find the Claude config location at the below locations in your system. For reference see Claude docs.
macOS:
~/Library/Application Support/ClaudeWindows:
%APPDATA%\Claude
4.3.4 Example Claude Desktop config file
4.3.5 Install the Gateway in Cursor
You can find the Cursor config location at the below locations. For reference see Cursor docs.
macOS:
~/.cursorWindows:
%USERPROFILE%\.cursor
4.4 Remote Installation
4.4.1 Run the Gateway in a remote server
Or run in k8s using our docker image
enkryptai/secure-mcp-gateway:vx.x.xExample:
enkryptai/secure-mcp-gateway:v2.0.3Use the latest version from Docker Hub: https://hub.docker.com/r/enkryptai/secure-mcp-gateway/tags
You can either mount the config file locally or download the json file from a remote place like
S3using aninitContainerand mount the volumeSee
docs/secure-mcp-gateway-manifest-example.yamlfor the complete manifest file reference
4.4.2 Modify your MCP Client config to use the Gateway
You can find the Claude config location at the below locations in your system. For reference see Claude docs.
macOS:
~/Library/Application Support/ClaudeWindows:
%APPDATA%\Claude
You can find the Cursor config location at the below locations. For reference see Cursor docs.
macOS:
~/.cursorWindows:
%USERPROFILE%\.cursor
Replace the
ENKRYPT_GATEWAY_KEYwith the key you got from theenkrypt_mcp_config.jsonfileReplace the
http://0.0.0.0:8000/mcp/with thehttp(s)://<remote_server_ip>:<port>/mcp/If you are running this locally, you can use
http://0.0.0.0:8000/mcp/You can setup ingress to route the traffic to the MCP Gateway over
httpsExample:
https://mcp.enkryptai.com/mcp/NOTE: Please make sure node and npm are installed on the client machine
To verify, run
node -vandnpm -v
NOTE: Make sure to use the trailing slash
5. (Optional) OpenTelemetry Setup
This section explains how to set up and use OpenTelemetry (OTEL) with the Enkrypt Secure MCP Gateway for observability.
5.1 Architecture
The observability stack includes:
OpenTelemetry Collector: Collects telemetry data (traces, metrics, logs)
Jaeger: Distributed tracing visualization
Loki: Log aggregation and querying
Prometheus: Metrics aggregation
Grafana: Unified visualization for metrics and logs
Traces are not visible in Grafana for some reason. Please use Jaeger for traces.
5.2 Prerequisites
Docker and Docker Compose installed
Gateway installed and running (follow section 4)
5.3 Setup Steps
Start the Observability Stack
To stop the Observability Stack
5.4 Configuration
Edit the
enkrypt_mcp_config.jsonfile to enable telemetry
5.5 Verification Steps
Verify Services are Running
Access Service UIs
Grafana: http://localhost:3000 (default credentials: admin/admin)
Jaeger: http://localhost:16686
Prometheus: http://localhost:9090
Loki: Access through Grafana
Open Grafana (http://localhost:3000)
Go to Explore (left sidebar)
Select "Loki" from the data source dropdown
Verify Gateway Telemetry
Make test requests through the Gateway like
List all servers and toolsandecho testCheck traces in Jaeger:
Add optional tags like
enkrypt_email=default@example.comorenkrypt_project_name=default_projectorenkrypt_mcp_config_id=fcbd4508-1432-4f13-abb9-c495c946f638to see the traces for a specific user, project or MCP config etc.We can also combine tags by separating them with spaces like
enkrypt_email=default@example.com enkrypt_project_name=default_projectLook for
enkrypt_discover_all_toolsspansExamine child spans for cache, tool discovery, etc.
Check metrics in Grafana:
Navigate to
Drilldown->metricsWe can filter on various labels like
email,user_id,mcp_config_id,project_id,project_nameetc.
Check logs in Grafana
Navigate to
Drilldown->LogsSelect label as
service_name=secure-mcp-gatewayand clickShow logsNow we can filter by various labels like
attributes_project_name,attributes_project_id,attributes_email,attributes_user_id,attributes_mcp_config_id,attributes_tool_nameetc.
Check Dashboards in Grafana by navigating to
Dashboards->OpenTelemetry Gateway MetricsDue to issues in Grafana, you may need to edit each tile and click
5.6 Available Telemetry (Not exhaustive)
Traces
Request processing pipeline
Tool invocations with duration tracking
Cache operations (hits/misses)
Guardrail checks
Error tracking and status monitoring
Detailed attributes for debugging
Metrics
enkrypt_list_all_servers_calls: API endpoint usagemcp_cache_misses_total: Cache efficiency trackingenkrypt_servers_discovered: Server discovery monitoringmcp_tool_calls_total: Tool invocation trackingmcp_tool_call_duration_seconds: Performance monitoring (histogram)
Logs
Structured JSON format for better querying
Gateway operations with context
Error conditions with stack traces
Security events and guardrail checks
Performance data with timing information
6. Verify Installation and check the files generated
6.1 Verify Claude Desktop
To verify Claude installation, navigate to
claude_desktop_config.jsonfile by following these instructionsmacOS:
~/Library/Application Support/Claude/claude_desktop_config.jsonWindows:
%APPDATA%\Claude\claude_desktop_config.json
6.2 Example MCP config file generated
~/Library/Application Support/Claude/claude_desktop_config.json
%USERPROFILE%\AppData\Roaming\Claude\claude_desktop_config.json
6.3 Restart Claude Desktop to run the Gateway
After restarting, navigate to Claude Desktop
Settings
Click on
Developer->Enkrypt Secure MCP Gateway
You can also click on the settings icon below the search bar to see the Gateway in available
Click on
Enkrypt Secure MCP Gatewayto see the list of tools available
You can check Claude logs while asking Claude to do something to see the Gateway in action
Example 🍎 Linux/macOS log path:
~/Library/Application Support/Claude/logs/mcp-server-Enkrypt Secure MCP Gateway.logExample 🪟 Windows log path:
%USERPROFILE%\AppData\Roaming\Claude\logs\mcp-server-Enkrypt Secure MCP Gateway.log
6.4 Example prompts
list all servers, get all tools available and echo testThis uses a test MCP server
echo_serverwhich is intest_mcps/echo_mcp.py
We can also combine multiple prompts into one that trigger multiple tool calls at once
Example:
echo test and also echo best
Example:
This could be a malicious prompt but because no guardrails are enabled, it will not be blocked
6.5 Example config file generated
Example
enkrypt_mcp_config.jsongenerated by thesetupscript in~/.enkrypt/enkrypt_mcp_config.jsonon macOS and%USERPROFILE%\.enkrypt\enkrypt_mcp_config.jsonon WindowsIf you ran docker command to install the Gateway, the config file will be in
6.6 Verify Cursor
You can see the MCP server in the list of MCP servers in Cursor by navigating to
~/.cursor/mcp.jsonand also by clicking on the settings icon on the top right and then clicking onTools & Integrationsor on theMCPtabGenerally restarting is not needed but if it is in loading state for a long time, please restart Cursor
Now you can chat with the MCP server.
Example prompts:
(Click
list all servers, get all tools available and echo testThis uses a test MCP server
echo_serverwhich is intest_mcps/echo_mcp.py
7. Edit the Gateway config as needed
Important:
We need to restart Claude Desktop after editing the config file
To make all new tools accessible, please use prompt "
You can add many MCP servers inside the
mcp_configarray of this gateway configYou can look here for example servers
You can also try the Enkrypt MCP Server
Example:
If you want a different set of MCP servers for a separate client/user, you can add a new
mcp_configsection to the config file. Also, you can run cli commands. See CLI-Commands-Reference.md section2. CONFIGURATION MANAGEMENTfor detailsSet
enkrypt_log_leveltoDEBUGto get more detailed logs insidecommon_mcp_gateway_configpart of the config fileThis defaults to
INFO
Now, inside
mcp_configsarray, for each individual MCP config, you can set the following:server_name: A name of the MCP server which we connect todescription(optional): A description of the MCP serverconfig: The config for the MCP server as instructed by the MCP server's documentationGenerally you have the below keys in the config:
command: The command to run the MCP serverargs: The arguments to pass to the commandenv: The environment variables to set for the command
tools: The tools exposed by the MCP serverEither set explicit tools to restrict access to only the allowed tools or leave it empty
Tools need to be given a name and a description like
"tools": { "dummy_echo": "Echo a message" }
Set
enkrypt_guardrails_enabledtotruein yourcommon_mcp_gateway_configGet your
enkrypt_api_keyfrom Enkrypt Dashboard and add it tocommon_mcp_gateway_configsection of the config fileenkrypt_use_remote_mcp_configis used to fetch MCP server config from Enkrypt server remotely (Coming soon)Please use
falsefor nowThis enables you to configure and manage MCP gateway config in Enkrypt Dashboard in a centralized place (Coming soon)
If you have any external cache server like KeyDB running, you can set
enkrypt_mcp_use_external_cachetotruein yourcommon_mcp_gateway_configSet other relevant keys related to cache in your
common_mcp_gateway_config
enkrypt_tool_cache_expiration(in hours) decides how long the tools discovered from the MCP servers are cached locally or in the external cache serverenkrypt_gateway_cache_expiration(in hours) decides how long the gateway config is cached locally or in the external cache server. This is useful when we integrate this with Enkrypt Auth server (Coming soon)enkrypt_async_input_guardrails_enabledfalseby defaultAsync mode is not recommended for tools that perform actions which cannot be undone
Because the tool call is made parallel to guardrails call, it can't be blocked if input guardrails violations are detected
Useful for servers that return just info without performing actions i.e., only read operations
enkrypt_async_output_guardrails_enabled(Coming soon)This makes output side guardrails calls asynchronously to save time
i.e., Guardrails detect call, relevancy check, adherence check, PII unredaction, etc. are made in parallel after getting the response from the MCP server
Inside each MCP server config, you can set the following:
input_guardrails_policy: Use this if we plan to use Enkrypt Guardrails on input sidepolicy_name: Name of the guardrails policy that you have created in the Enkrypt App or using the API/SDKenabled: Whether to enable guardrails on the input side or not. This isfalsein the example config fileadditional_config: Additional config for the guardrails policypii_redaction: Whether to redact PII in the request sent to the MCP server or notIf
true, this also auto unredacts the PII in the response from the MCP server
block: List of guardrails to blockPossible values in the array are:
topic_detector, nsfw, toxicity, pii, injection_attack, keyword_detector, policy_violation, bias, sponge_attacksystem_prompt_protection, copyright_protection(Coming soon)This is similar to our AI Proxy deployments config. Refer to our docs
output_guardrails_policy: Use this if we plan to use Enkrypt Guardrails on output sidepolicy_name: Name of the guardrails policy that you have created in the Enkrypt App or using the API/SDKenabled: Whether to enable guardrails on the output side or not. This isfalsein the example config fileadditional_config: Additional config for the guardrails policyrelevancy: Whether to check for relevancy of the response from the MCP serveradherence: Whether to check for adherence of the response from the MCP serverhallucination: Whether to check for hallucination in the response from the MCP server (Coming soon)
block: List of guardrails to blockPossible values in the array are:
All possible values in input block array plus
adherence, relevancysystem_prompt_protection, copyright_protection, hallucination(Coming soon)This is similar to our AI Proxy deployments config. Refer to our docs
8. (Optional) Add GitHub MCP Server to the Gateway
GitHub MCP Serverneedsdockerto be installed. So, please install and havedockerrunning on your machine before proceeding with the steps belowYou can download docker desktop from here. Install and run it if you don't have it already
Create a personal access token from GitHub
Create a token that has access to only public repos and set expiry very low initially for testing
Add the below GitHub server block to
enkrypt_mcp_config.jsoninside"mcp_config": []array. It should already have the echo server config.NOTE: Don't forget to add comma
Replace
REPLACE_WITH_YOUR_PERSONAL_ACCESS_TOKENwith the personal access token you createdYou can also add via the cli. See CLI-Commands-Reference.md section
2. CONFIGURATION MANAGEMENTfor detailsExample:
Now restart Claude Desktop for it to detect the new server
Then run the prompt
list all servers, get all tools availablefor it to discover github server and all it's tools available
Now run
List all files from https://github.com/enkryptai/enkryptai-mcp-server
Great! 🎉 We have successfully added a GitHub MCP Server to the Gateway. However, it is completely unprotected and is open to all kinds of abuse and attacks.
Now, let's say a prompt like this is run
This may not have caused actual damage but imagine a more complicated prompt that may have caused actual damage to the system.
To protect the MCP server, we can use Enkrypt Guardrails as shown in the next section.
9. (Optional) Protect GitHub MCP Server and Test Echo Server
You can use a prompt to generate rules or generate a PDF file while you can then paste or upload while creating a policy in the App
Give numbered list of security rules in plain text for configuring AI guardrails for a GitHub server on the rules and policies it needs to follow to prevent malicious use of the GitHub servicesThen say
Research latest GitHub MCP hacks and abuses people are trying and update the rules to prevent those. Keep research to the most severe topicsThen say
Only keep essential security rules to reduce size. Remove unwanted sections like post incident, compliance, audit, etc which cannot be used while preventionThen you can copy paste the rules while creating the policy
Go to Enkrypt App and login with either OTP or Google or Microsoft account
Click on
Policies
Click on
Add new policy
Name it
GitHub Safe Policyand paste the policy rules and clickSave
This is how a saved policy looks like with the rules applied for
Policy violationGuardrails
Now navigate back to home or hover over left sidebar and click
GuardrailsClick on
Add New Guardrailbutton on the top right
Name it
GitHub Guardrail, toggleInjection AttackOFF
Scroll down on
Configure Guardrailsside panel and togglePolicy ViolationON, select the newly created policy and tickNeed Explanationif needed
Now, click on
Savebutton on the bottom right to save the guardrail
We can see the newly added guardrail in the list of guardrails
Now, we need get out FREE API Key from Enkrypt App. Hover over the left sidebar for it to expand and click on
SettingsYou can also directly navigate to https://app.enkryptai.com/settings
Now click on the
Copyicon next to your obfuscated API Key to copy the key to your clipboard as highlighted in the screenshot below
Now we have everything we need from the App. Let's add the API Key to the
enkrypt_mcp_config.jsonfileOpen the
enkrypt_mcp_config.jsonfile from~/.enkrypt/enkrypt_mcp_config.jsonon macOS or%USERPROFILE%\.enkrypt\enkrypt_mcp_config.jsonon WindowsIf you ran docker command to install the Gateway, the config file will be in
Add the API Key to the
common_mcp_gateway_configsection by replacingYOUR_ENKRYPT_API_KEYwith the API Key you copied from the AppInside the
GitHubserver block we added in the previous section,Add the newly created Guardrail
GitHub Guardrailto theinput_guardrails_policyandoutput_guardrails_policysectionsBy replacing
"policy_name": "Sample Airline Guardrail"with"policy_name": "GitHub Guardrail"Now change
enabledtotrueforinput_guardrails_policyfrom previousfalseWe will leave
output_guardrails_policyasfalsefor now
We already should have
policy_violationin theblockarray for both policiesSo the final config should look something like this:
Save the file and restart Claude Desktop for it to detect the changes
GitHub MCP Serverneedsdockerto be installed. So, please install and havedockerrunning on your machine before proceeding with the steps belowYou can download docker desktop from here. Install and run it if you don't have it already
Now run the prompt
list all services, toolsfor it to discover github, echo servers and all their tools availableAfter this, let's rerun the previously successful malicious prompt
Ask github for the repo "hello; ls -la; whoami"We can see that the prompt is blocked as Input Guardrails blocked the request
We can configure the test
echoserver with Guardrails of our choice and see the detections by runningecho "hello; ls -la; whoami".The below prompt which worked before but is blocked with Guardrails
Experiment and try the
echoserver with various guardrails to see how it behaves. You can also try our Playground for better testing.
The safe prompt
10. Recommendations for using Guardrails
We have found that the best way to use Enkrypt Guardrails in MCP Gateway is to have a separate guardrail for each server. This way we can have a fine tuned guardrail for each server.
Because each MCP Server is very different from the other, it is not possible to have a single guardrail that works for all servers.
Some may need
Toxicity Detector, someNSFW Detector, someInjection Attack Detector, someKeyword Detector, somePolicy Violation, some may needRelevancydetector, some may needAdherencedetector, etc.Some may need a combination of these detectors to work together to block malicious requests.
Some may need Guardrails on the input side, some on the output and some may need both to be applied.
See our docs for details on various detectors available.
Hence, have separate guardrails for each server and experiment with the best combination of detectors and blocks for each server that blocks malicious requests but allows legitimate requests to pass through.
Try our
Policy Violationdetector with your own custom policy which details what is allowed and what is not. This may be the best way for your use case.
You can navigate to the Enkrypt App Homepage, login and Click on
Policiesto create your own custom policy.This accepts text as well as PDF file as input so create a file with all the rules you want to apply to your MCP server and upload it
Once created, you can use it while configuring the Guardrail like we say with
GitHub Guardrailin the previous section
11. Other Tools Available
The Gateway can give the summary of it's cache status by looking at the local/external cache server
This is useful to debug issues if for example a tool was updated remotely by a server but the Gateway is not aware of it yet
The Gateway can clear it's cache from local/external cache server
This is useful to clear the cache if for example a tool was updated remotely by a server but the Gateway is not aware of it yet
You can either clear all cache or specific cache by providing the
server_nameExample:
clear cache for echo_server
You can also clear all cache or just the gateway cache or just the server cache
Example:
clear all cache,clear just gateway cache,clear server cache for echo_server,Clear all server cache
12. Deployment patterns
12.1 Local Gateway, Local Guardrails and Local MCP Server
12.2 Local Gateway, Local MCP Server with Remote Guardrails
12.3 Local Gateway with Remote MCP Server and Remote Guardrails
12.4 Remote Gateway, Remote MCP Server and Remote Guardrails
13. Uninstall the Gateway
To remove the Gateway from any MCP client, just remove the MCP server block
"Enkrypt Secure MCP Gateway": {...}from the client's config file.Restart the MCP client to apply the changes for some clients like Claude Desktop. Cursor does not require a restart.
To uninstall the pip package, run the following command:
14. Troubleshooting
If any calls fail in the client, please look at the mcp logs of the respective client
See this for Claude logs location
Example 🍎 Linux/macOS log path:
~/Library/Logs/Claude/mcp-server-Enkrypt Secure MCP Gateway.logExample 🪟 Windows log path:
%USERPROFILE%\AppData\Roaming\Claude\logs\mcp-server-Enkrypt Secure MCP Gateway.log
If you see errors like
Exception: unhandled errors in a TaskGroup (1 sub-exception)then maybe the MCP server the gateway is trying to use is not running.So, please make sure the file it is trying to access is available
Any pre-requisites for the MCP server to run are met like
dockerrunning, etc.
If we need more detailed logs, please set the
enkrypt_log_leveltodebugin theenkrypt_mcp_config.jsonfile and restart the MCP client.
14.1 OpenTelemetry Troubleshooting
SSL Handshake Errors
If you see SSL errors like:
Solution: Add
insecure=Trueto the OTLP exporter configuration intelemetry.pyNo Logs in Loki
Verify OTLP collector is running:
Check collector config in
otel_collector/otel-collector-config.yamlVerify Loki is receiving data:
Missing Metrics
Check OTLP collector metrics pipeline:
Verify metrics in collector logs:
Docker Issues
15. Known Issues being worked on
Output guardrails are not being applied to non-text tool results. Support for other media types like images, audio, etc. is coming soon.
16. Known Limitations
The Gateway does not support a scenario where the Gateway is deployed remotely but the MCP server is deployed locally (without being exposed to the internet). This is because the Gateway needs to know the MCP server's address to forward requests to it.
17. Contribute
Look at the
TODOfile for the current work in progress and yet to be implemented featuresInstall the gateway locally to test your changes
by following the Git clone steps
or build it using
python -m build, activate the venv and install usingpip install .
Report or fix any bugs you encounter 😊
18. License
18.1 Enkrypt AI MCP Gateway Core
This project's core functionality is licensed under the MIT License.
For the full license text, see the LICENSE.txt file in this repository.
18.2 Enkrypt AI Guardrails, Logo, and Branding
© 2025 Enkrypt AI. All rights reserved.
Enkrypt AI software is provided under a proprietary license. Unauthorized use, reproduction, or distribution of this software or any portion of it is strictly prohibited.
Terms of Use: https://www.enkryptai.com/terms-and-conditions
Privacy Policy: https://app.enkryptai.com/privacy-policy
Enkrypt AI and the Enkrypt AI logo are trademarks of Enkrypt AI, Inc.
This server cannot be installed
hybrid server
The server is able to function both locally and remotely, depending on the configuration or use case.
A proxy server that sits between MCP clients and servers, providing authentication, tool discovery, caching, and guardrail enforcement to protect MCP servers from malicious inputs.
- Overview
- Table of Contents
- 1. Features
- 2. High level steps of how the MCP Gateway works
- 3. Prerequisites
- 4. Gateway Setup
- 5. (Optional) OpenTelemetry Setup
- 6. Verify Installation and check the files generated
- 7. Edit the Gateway config as needed
- 8. (Optional) Add GitHub MCP Server to the Gateway
- 9. (Optional) Protect GitHub MCP Server and Test Echo Server
- 10. Recommendations for using Guardrails
- 11. Other Tools Available
- 12. Deployment patterns
- 13. Uninstall the Gateway
- 14. Troubleshooting
- 15. Known Issues being worked on
- 16. Known Limitations
- 17. Contribute
- 18. License
Related MCP Servers
- -securityAlicense-qualityA proxy service that connects MCP clients to remote MCP servers, allowing users to use server keys from MCP.so to access remote resources without running their own server.Last updated -173MIT License
- JavaScriptMIT License