MCP (Model Context Protocol)

Your AI agent needs a Password Manager

TL;DR

AI agents are starting to deploy code, configure infrastructure, and manage services.
To do real work, they need access to credentials like API keys, database passwords, and tokens.

Most teams currently solve this badly:

  • pasting secrets into prompts
  • storing them in .env files
  • copying credentials manually

A password manager combined with MCP (Model Context Protocol) lets AI agents retrieve credentials securely when they need them without exposing secrets or storing them locally.

AI agents are starting to interact with real systems

AI agents are quickly moving beyond chat interfaces.

Tools like OpenClaw, Claude Code, Cursor, and Windsurf are already being used to:

  • deploy infrastructure
  • configure services
  • write and run scripts
  • onboard new environments
  • manage cloud resources

But the moment an agent interacts with real systems, it runs into a simple problem: it needs credentials.

  • API keys.
  • Database passwords.
  • SSH keys.
  • Two-factor authentication codes.

Without those, an AI agent can’t do anything meaningful.

The credential problem in agentic workflows

Today, most developers solve this in one of three ways.

1. Pasting credentials into prompts

Developers often paste API keys or passwords directly into the AI conversation. This is convenient but dangerous.

Those credentials now exist in:

  • chat logs
  • context windows
  • prompt histories
  • potentially model training data

Secrets quickly spread in ways that are difficult to track or revoke.

2. Hardcoding secrets in environment variables

Another common approach is storing credentials in .env files.

This works for simple local setups, but breaks down quickly:

  • secrets end up scattered across machines
  • credentials get committed to repositories
  • updates require manual synchronization
  • access control is impossible

For team environments, .env files quickly become a liability

3. Manually copying credentials

Some teams avoid automation entirely and copy credentials from their password manager whenever the agent needs them.

This avoids exposing secrets but defeats the purpose of using an agent in the first place.

The workflow becomes:

  1. Ask the agent to do something
  2. The agent asks for credentials
  3. You open your password manager
  4. Copy the secret
  5. Paste it back into the terminal or prompt

Instead of speeding things up, the agent becomes dependent on constant human intervention.

What AI agents actually need

AI agents don’t need to store secrets. They need to retrieve them securely when required.

That means:

  • secrets come from a single source of truth
  • access follows existing permissions
  • credentials can be rotated safely
  • there is an audit trail

This is exactly what password managers were designed for.

The missing piece was a standard way for AI agents to access them.

MCP: connecting AI agents to tools

The Model Context Protocol (MCP) is an open standard that allows AI tools to connect to external services.

Instead of custom integrations for every tool, MCP defines a universal interface.

An MCP server exposes capabilities like:

  • retrieving secrets
  • accessing APIs
  • querying databases
  • interacting with files
  • performing actions

AI clients like Claude Code, OpenClaw, Cursor, and Windsurf can then discover and use those tools automatically.

Connecting AI agents to a password manager

One practical example is passwd-mcp, an open-source MCP server that connects AI agents to a Passwd vault.

Once connected, an AI agent can:

  • search for credentials in the vault
  • retrieve passwords or API keys
  • generate TOTP authentication codes
  • create and organize new secrets
  • share credentials securely with teammates

The agent does not store any secrets locally.

Every request goes through the Passwd API with the same permissions as the authenticated user.

What this enables

When credential access becomes part of an agent’s workflow, automation becomes much more powerful.

Environment setup

A developer asks the agent:

“Set up the local environment for the payments service.”

The agent clones the repository, reads the configuration, retrieves the necessary database credentials from the vault, writes the .env file, and starts the services.

A process that normally takes 15โ€“20 minutes becomes a single prompt.

Infrastructure deployment

During deployment, the agent retrieves:

  • cloud provider credentials
  • database connection strings
  • authentication tokens

It completes the deployment without stopping to ask for secrets.

Team onboarding

A new developer joins the team.

Instead of manually walking them through credentials, the agent:

  • identifies the relevant secrets
  • generates secure share links
  • sends a summary of required access

Incident response

A compromised API key needs to be rotated.

The agent retrieves the credential, calls the provider API to generate a new one, updates the vault, and redeploys the service.

All within one workflow.

Why environment variables aren’t enough

Environment variables work well for simple scripts.

They fail in real team environments where:

  • multiple people need access to the same credentials
  • secrets must be rotated regularly
  • different workflows require different permissions
  • access needs to be audited

A password manager solves these problems.

MCP simply makes it accessible to AI agents.

Security model

In the case of passwd-mcp, the MCP server runs locally.

This means:

  • credentials travel directly between your machine and your Passwd instance
  • connections use HTTPS
  • OAuth tokens are stored with restricted file permissions
  • the AI agent inherits your existing vault permissions

The agent can only access secrets that your account already has access to.

No privilege escalation.

The bottom line

AI agents are becoming powerful tools for real work.

But giving them direct access to infrastructure without proper credential management is a fast path to leaks and security issues.

A password manager with MCP support provides what AI workflows need:

  • centralized secret storage
  • permission-based access
  • secure retrieval during automation
  • a full audit trail

Instead of copying secrets around, agents can retrieve them safely from the same vault your team already uses.