Delinea Unveils Model Context Protocol Server for Secure AI Credential Access
Delinea, a leading provider of privileged access management (PAM) solutions, has unveiled the Model Context Protocol (MCP) server. This new tool enables AI agents to securely access credentials stored in Delinea's Secret Server and Platform, enhancing enterprise security and control.
The MCP server, released under the MIT license, offers robust security features. It keeps secrets vaulted and never exposes them to agents. Instead, secrets are separated into environment variables, while non-secrets are stored in a separate file with scope controls. This approach aligns with the principle of least privilege, reducing the risk of credential sprawl.
The server implements strict registration controls, TLS encryption, and enforces least-privilege tool surfaces. It also ensures traceable identity context on every call, providing enterprises with full auditability. This is particularly important given the recent incidents highlighting the need for such controls.
The MCP server integrates seamlessly with Delinea's Secret Server and Platform. It proxies to these systems for secret and folder retrieval, search, inbox and access request helpers, user and session administration, and report execution. The server applies identity checks and policy rules on every call, ensuring that long-lived secrets remain out of agent memory.
The GitHub project, now available, offers both STDIO and HTTP/SSE transports, Docker artifacts, and example configurations for editor/agent integrations. It supports OAuth 2.0 dynamic client registration and exposes a constrained MCP tool surface for credential retrieval and account operations.
Delinea's MCP server provides enterprises with a standard, auditable way for AI-agent credential access. It offers short-lived tokens, policy evaluation, and constrained tools, further strengthening enterprise security. With this release, Delinea continues to demonstrate its commitment to securing human and machine identities through centralized authorization.
