Skip to main content
The secrets command helps you set up and manage API keys required for MCPKit to function.

Usage

mcpkit secrets [subcommand]

Subcommands

(none)
default
Run the interactive setup wizard to configure or update your API keys.
show
string
Display your current configuration (without revealing full API keys).

Examples

Initial Setup

Run the interactive setup wizard: 
mcpkit secrets
You’ll be prompted for:
  1. Browserbase API Key 
    ? Enter your Browserbase API key: bb_xxxxxxxxxxxxxxxx
  2. LLM Provider 
    ? Select your LLM provider:
❯ Google Gemini (recommended)
  OpenAI
  Anthropic
  Azure OpenAI
  3. LLM API Key 
    ? Enter your Gemini API key: AIxxxxxxxxxxxxxxxxx
Your secrets are now configured and saved to ~/.mcpkit/secrets.json

View Current Configuration

Check what’s currently configured: 
mcpkit secrets show
Output: 
Current Configuration:
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
LLM Provider: google
LLM Model: gemini-2.0-flash-exp
Browserbase API: Configured ✓
LLM API Key: Configured ✓

Configuration Details

Storage Location

Your secrets are stored in a JSON file at:
  • macOS/Linux
  • Windows
~/.mcpkit/secrets.json
Never commit secrets.json to version control. This file contains sensitive API keys.

File Format

The secrets file has this structure: 
{
  "browserbaseApiKey": "bb_xxxxxxxxxxxxxxxx",
  "llmProvider": "google",
  "llmApiKey": "AIxxxxxxxxxxxxxxxxx",
  "llmModel": "gemini-2.0-flash-exp"
}

Supported LLM Providers

MCPKit supports multiple LLM providers for AI-powered action discovery:

Google Gemini

Best balance of speed, quality, and cost. Free tier available.
Get an API key: Google AI Studio Supported models:
  • gemini-2.0-flash-exp (recommended)
  • gemini-1.5-pro
  • gemini-1.5-flash
Configuration: 
{
  "llmProvider": "google",
  "llmApiKey": "AIxxxxxxxxxxxxxxxxx",
  "llmModel": "gemini-2.0-flash-exp"
}

OpenAI

OpenAI

High quality but more expensive. Good for complex websites.
Get an API key: OpenAI Platform Supported models:
  • gpt-4o
  • gpt-4o-mini
  • gpt-4-turbo
Configuration: 
{
  "llmProvider": "openai",
  "llmApiKey": "sk-xxxxxxxxxxxxxxxx",
  "llmModel": "gpt-4o"
}

Anthropic

Anthropic

Excellent reasoning capabilities for complex page analysis.
Get an API key: Anthropic Console Supported models:
  • claude-3-5-sonnet-20241022
  • claude-3-opus-20240229
Configuration: 
{
  "llmProvider": "anthropic",
  "llmApiKey": "sk-ant-xxxxxxxxxxxxxxxx",
  "llmModel": "claude-3-5-sonnet-20241022"
}

Azure OpenAI

Azure OpenAI

Enterprise option with compliance and data residency.
Configuration: 
{
  "llmProvider": "azure",
  "azureApiKey": "xxxxxxxxxxxxxxxx",
  "azureEndpoint": "https://your-resource.openai.azure.com",
  "azureDeployment": "gpt-4o",
  "llmModel": "gpt-4o"
}

Browserbase Configuration

MCPKit uses Stagehand and Browserbase for serverless browser automation.

Get a Browserbase API Key

1

Sign up

Create a free account at browserbase.com
2

Navigate to settings

Go to your dashboard and click on Settings
3

Copy API key

Find your API key in the API Keys section
4

Configure mcpkit

Run mcpkit secrets and paste your API key when prompted

Browserbase Pricing

  • Free tier: 100 hours/month of browser time
  • Perfect for development and testing
  • Upgrade for production use

Updating Secrets

To update your configuration, simply run the setup wizard again: 
mcpkit secrets
Your existing values will be shown as defaults. Press Enter to keep them, or type new values to update.

Manual Configuration

You can also manually edit the secrets file:
  • macOS/Linux
  • Windows
# Edit with your preferred editor
nano ~/.mcpkit/secrets.json

# Or use vim
vim ~/.mcpkit/secrets.json
Make sure the JSON is valid after manual edits, or MCPKit may fail to read the configuration.

Environment Variables

You can also configure secrets via environment variables (useful for CI/CD): 
export BROWSERBASE_API_KEY="bb_xxxxxxxxxxxxxxxx"
export LLM_PROVIDER="google"
export LLM_API_KEY="AIxxxxxxxxxxxxxxxxx"
export LLM_MODEL="gemini-2.0-flash-exp"

mcpkit create https://example.com
Environment variables take precedence over the secrets file.

Troubleshooting

If you get “Invalid API key” errors:
  1. Verify the key - Make sure you copied it correctly
  2. Check provider - Ensure you’re using the right provider
  3. Test the key directly with the provider’s API
  4. Regenerate - Create a new API key if needed
If MCPKit can’t find your secrets:
  1. Run setup again: 
    mcpkit secrets
  2. Check file permissions: 
    ls -la ~/.mcpkit/
  3. Create directory manually: 
    mkdir -p ~/.mcpkit
mcpkit secrets
If you hit rate limits:
  1. Check your usage on the provider’s dashboard
  2. Upgrade your plan if needed
  3. Switch providers temporarily: 
    mcpkit secrets
# Select a different provider
If your secrets file is corrupted:
  1. Backup the file: 
    cp ~/.mcpkit/secrets.json ~/.mcpkit/secrets.json.bak
  2. Delete and recreate: 
    rm ~/.mcpkit/secrets.json
mcpkit secrets
  3. Validate JSON: 
    cat ~/.mcpkit/secrets.json | python -m json.tool

Security Best Practices

Protect Your API Keys

Your API keys provide access to paid services. Follow these practices to keep them secure:
  • ✅ Never commit secrets files to git
  • ✅ Use environment variables in CI/CD
  • ✅ Rotate keys regularly
  • ✅ Use separate keys for development and production
  • ✅ Set spending limits on provider dashboards
  • ❌ Don’t share secrets files
  • ❌ Don’t expose keys in logs or screenshots
  • ❌ Don’t use production keys in public repositories

Next Steps

Create MCP Server

Use your configured secrets to create an MCP server

Manage Contexts

Learn about authentication contexts