Environment Variables

Environment variables are a key configuration mechanism for MCP servers, particularly for storing sensitive information like API keys, database credentials, or feature flags.

Usage in MCP

When an MCP host launches a server process, it injects a set of environment variables. These are accessible to the server via standard system calls (e.g., process.env in Node.js or os.Getenv in Go).

Configuration Example

A typical setup in a host like Claude Desktop or HasMCP:

{
  "mcpServers": {
    "slack": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-slack"],
      "env": {
        "SLACK_BOT_TOKEN": "xoxb-your-token"
      }
    }
  }
}

Security Advantages

• Separation of Concerns: Keeps secrets out of the codebase.
• Flexibility: Allows the same server binary to run in different environments (dev, staging, prod) by simply changing the host's config.
• Safety: Avoids exposing secrets in CLI argument process lists.

Questions & Answers

Why are environment variables preferred over command-line arguments for MCP secrets?

Environment variables are more secure because they do not appear in system process listings, which prevents sensitive information like API keys from being accidentally exposed to other users or logged by the OS.

How does an MCP server access the environment variables injected by the host?

The server uses standard language-specific system calls, such as process.env in Node.js or os.Getenv in Go, to read the variables provided by the host application during startup.

What are the main benefits of using environment variables for server configuration?

They allow for a clear separation of concerns (keeping secrets out of code), provide flexibility to run the same binary in different environments by simply changing the host's configuration, and enhance overall system safety.