Access
Self-hosted credential store and API proxy for AI agents. One Bearer token, all your services. Handles OAuth refresh, encrypted storage, audit logging, and per-agent permissioning.
What is Access?
Access is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to self-hosted credential store and api proxy for ai agents. one bearer token, all your services. handles oauth refresh, encrypted storage, audit logging, and per-agent permissioning.
Self-hosted credential store and API proxy for AI agents. One Bearer token, all your services. Handles OAuth refresh, encrypted storage, audit logging, and per-agent permissioning.
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- Self-hosted credential store and API proxy for AI agents. On
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx accessConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use Access
Access is a self-hosted credential store and API proxy for AI agents that consolidates OAuth tokens, API keys, and service secrets behind a single Bearer token. It handles OAuth refresh cycles automatically, encrypts secrets at rest, maintains a full audit log of every credential access, and enforces per-agent permission scoping — so you can give each Claude agent only the services it needs. Teams running multiple AI agents across services like Gmail, GitHub, Slack, Stripe, and AWS use Access to centralise credential management rather than scattering secrets across individual MCP server configs.
Prerequisites
- Node.js 18 or later installed
- A PostgreSQL database accessible via DATABASE_URL
- SECRET_ENCRYPTION_KEY, NEXTAUTH_SECRET, and CONSUMER_TOKEN_HASH_SECRET environment variables set
- An MCP-compatible client such as Claude Desktop or Cursor
Clone and install the repository
Access is a self-hosted application — clone the repo and install dependencies with npm.
git clone https://github.com/Scottpedia0/access.git
cd access
npm installConfigure required environment variables
Create a .env file at the project root with your database URL and encryption secrets. OWNER_EMAILS restricts admin access to specified email addresses.
DATABASE_URL=postgresql://user:password@localhost:5432/access
DIRECT_DATABASE_URL=postgresql://user:password@localhost:5432/access
SECRET_ENCRYPTION_KEY=a-long-random-secret-at-least-32-chars
NEXTAUTH_SECRET=another-random-secret
CONSUMER_TOKEN_HASH_SECRET=yet-another-random-secret
[email protected]Run database migrations and start the server
Apply Prisma migrations to initialise the database schema, then start the Next.js application.
npx prisma migrate deploy
npm run build
npm startGenerate an agent bearer token
Log in to the Access web UI, create an agent, assign it the services it needs, and copy the resulting Bearer token for use in your MCP client config.
Configure Claude Desktop to use the MCP server
Add the Access MCP server entry to claude_desktop_config.json, pointing to the mcp-server.mjs file with your Access URL and agent token.
{
"mcpServers": {
"access": {
"command": "node",
"args": ["/path/to/access/mcp-server.mjs"],
"env": {
"ACCESS_BASE_URL": "http://localhost:3000",
"GLOBAL_AGENT_TOKEN": "your-bearer-token-here"
}
}
}
}Access Examples
Client configuration
Claude Desktop configuration for the Access credential proxy server.
{
"mcpServers": {
"access": {
"command": "node",
"args": ["/path/to/access/mcp-server.mjs"],
"env": {
"ACCESS_BASE_URL": "http://localhost:3000",
"GLOBAL_AGENT_TOKEN": "agt_your_token_here"
}
}
}
}Prompts to try
Example prompts for managing credentials and proxying API calls through Access.
- "Bootstrap my session and list all the services I have access to."
- "Retrieve the decrypted secret for the GITHUB_TOKEN credential."
- "Search my Gmail inbox for emails from [email protected] using Access."
- "Show me the audit log for credential accesses in the last 24 hours."
- "Which services is this AI agent currently authorised to use?"Troubleshooting Access
Database migration fails with connection refused
Verify DATABASE_URL is correctly set and that your PostgreSQL instance is running and accessible. Test with 'psql $DATABASE_URL -c "SELECT 1"' before running migrations.
Agent token returns 401 Unauthorized when the MCP server calls Access
Ensure GLOBAL_AGENT_TOKEN in claude_desktop_config.json matches a valid token generated in the Access web UI. Tokens are hashed via CONSUMER_TOKEN_HASH_SECRET — regenerate a fresh token if unsure.
OAuth tokens expire and API calls start failing mid-session
Access automatically refreshes OAuth tokens, but requires the OAuth provider's client ID and client secret to be configured in its environment. Check that the relevant OAuth env vars (e.g. GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET) are set and that the refresh token was captured during the initial OAuth flow.
Frequently Asked Questions about Access
What is Access?
Access is a Model Context Protocol (MCP) server that self-hosted credential store and api proxy for ai agents. one bearer token, all your services. handles oauth refresh, encrypted storage, audit logging, and per-agent permissioning. It connects AI assistants to external tools and data sources through a standardized interface.
How do I install Access?
Follow the installation instructions on the Access GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with Access?
Access works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is Access free to use?
Yes, Access is open source and available under the MIT License license. You can use it freely in both personal and commercial projects.
Access Alternatives — Similar Security Servers
Looking for alternatives to Access? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up Access in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use Access?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.