Skip to content

RFC: Shared key authentication for local MCP servers#16

Open
JAORMX wants to merge 2 commits intomainfrom
rfc/localhost-shared-key-auth
Open

RFC: Shared key authentication for local MCP servers#16
JAORMX wants to merge 2 commits intomainfrom
rfc/localhost-shared-key-auth

Conversation

@JAORMX
Copy link
Copy Markdown
Contributor

@JAORMX JAORMX commented Jan 12, 2026

Summary

Port proposal from toolhive PR #2570.

This proposal introduces a lightweight authentication mechanism for localhost MCP server deployments that provides defense-in-depth security without requiring external identity providers.

Overview

The proposal adds shared key authentication as an opt-in feature for local ToolHive deployments. While localhost binding provides network-level security, this adds an additional authentication layer for defense-in-depth.

Key Features

  • Cryptographically-secure shared key generation per workload (32-byte keys)
  • OS keychain storage via existing encrypted secrets provider
  • New middleware for constant-time key validation
  • Transparent integration with thv proxy stdio bridge
  • Zero-configuration UX: just add --shared-key-auth flag
  • Backward compatible (opt-in feature)

Architecture

The solution leverages existing ToolHive infrastructure:

  • Key storage: Uses existing encrypted secrets provider and OS keychain integration
  • Middleware: Follows standard middleware pattern for clean integration
  • Stdio bridge: Enhances existing proxy to inject authentication headers
  • Workload manager: Handles key lifecycle automatically

Security Properties

  • 256-bit cryptographic keys via crypto/rand
  • AES-256-GCM encrypted storage in OS keychain
  • Constant-time comparison to prevent timing attacks
  • Defense-in-depth layer (complements network isolation)
  • Unique key per workload with automatic cleanup

Usage Example

# Enable shared key auth
thv run my-server --shared-key-auth

# ToolHive automatically:
# 1. Generates secure key
# 2. Stores in OS keychain
# 3. Configures middleware
# 4. Updates client config

JAORMX added 2 commits January 12, 2026 12:01
@JAORMX
RFC: Shared key authentication for local MCP servers
b4156bd 
Port proposal from toolhive PR #2570. This RFC proposes a lightweight
authentication mechanism for localhost MCP server deployments using
cryptographically-secure shared keys stored in the OS keychain.

Signed-off-by: Juan Antonio Osorio <ozz@stacklok.com>
@JAORMX
Rename RFC file to match PR number (THV-0016)
b1587d1 
Signed-off-by: Juan Antonio Osorio <ozz@stacklok.com>
@JAORMX JAORMX mentioned this pull request Jan 12, 2026
Closed
eleftherias
eleftherias reviewed Mar 26, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@eleftherias eleftherias left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This approach makes sense, but I wonder if it could be simplified.
Did you also consider a single shared key across workloads?

The proposal states

Key injected via TOOLHIVE_SHARED_KEY environment variable to container and proxy

But does the container need to know the key?

I assume if the container doesn't know the key, then we can use a single key across all workloads without risk.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eleftherias eleftherias eleftherias left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@JAORMX @eleftherias