docs/errors/MCPX_CONFIG_MISSING_SECRET.md
MCPX_CONFIG_MISSING_SECRETSeverity: error Domain: Config
The upstream config references a secret (typically via ${SECRET:NAME} in
env or headers), but the secret was not found in the active secret store
when mcpproxy tried to start that server.
mcpproxy secret list
If the name you referenced isn't there, add it.
mcpproxy secret set <NAME> # prompts for the value, never echoed
Secrets are stored in the OS keychain on macOS / Windows and in an encrypted file on Linux.
{
// env values support ${SECRET:NAME} expansion:
"env": { "GITHUB_TOKEN": "${SECRET:github_personal_token}" },
// headers do too:
"headers": { "Authorization": "Bearer ${SECRET:my_api_key}" }
}
Plain string values are used as-is (no expansion).
If you previously stored secrets inline and want to move them into the secret store:
mcpproxy secret set github_personal_token < /dev/stdin <<<"ghp_xxx"
# Then update the config to use ${SECRET:github_personal_token}