itinai content

←back to Blog

Delinea Released an MCP Server to Put Guardrails Around AI Agents Credential Access

Delinea Released an MCP Server to Put Guardrails Around AI Agents Credential Access

Understanding the Target Audience

The primary audience for this release includes IT security professionals, enterprise architects, and decision-makers within organizations that utilize AI agents for operational functions. This audience is typically concerned with:

  • Ensuring secure credential management
  • Compliance with regulatory standards
  • Mitigating risks associated with credential exposure
  • Integrating AI-driven technologies into existing systems without compromising security

They are motivated by the need for robust security measures that allow them to leverage AI while maintaining control over sensitive information. Communication preferences lean towards clear, technical documentation that provides in-depth understanding and practical applications.

What’s New with Delinea MCP Server?

Delinea has launched a Model Context Protocol (MCP) server that enables AI agents to securely access credentials stored in Delinea Secret Server and the Delinea Platform. This server enforces identity checks and policy rules with each interaction, which minimizes the risk of long-lived secrets being retained in agent memory, while ensuring comprehensive audit trails.

How It Works

The MCP server provides tools that interface with Secret Server, facilitating operations such as secret retrieval, folder searches, and user session management. Notably, the actual secrets are kept secure and are not disclosed to the agent. Configuration settings organize secrets as environment variables (e.g., DELINEA_PASSWORD) and non-secrets in config.json, while also allowing scope controls for enabled tools and permitted object types.

Importance of the MCP Server

As enterprises increasingly connect AI agents to their operational systems through MCP, recent security incidents have highlighted the importance of implementing robust registration controls, TLS, and least-privilege access. Delinea’s MCP server is designed to enforce these parameters—integrating ephemeral authentication, policy evaluation, and auditing—to limit credential sprawl and ease revocation processes.

Summary

Delinea’s MIT-licensed MCP server provides enterprises with a standardized, auditable approach for AI-agent credential access, utilizing short-lived tokens and constrained tool access to minimize secret exposure. It integrates seamlessly with the Secret Server and Delinea Platform, and is now available on GitHub. Key features include:

  • Compliance with OAuth 2.0 for dynamic client registration
  • Support for STDIO and HTTP/SSE transports
  • Scoped operations to enhance security

This development positions businesses to enhance their security posture while adopting AI technologies.

External illustration