Delinea has introduced a new solution that enables AI agents to securely access credentials stored within the Delinea Secret Server and the broader Delinea Platform. This system enforces strict identity verification and policy enforcement on every request, ensuring that sensitive secrets are never retained in the agent’s memory while maintaining comprehensive audit trails.
Key Features and Enhancements
The DelineaXPM/delinea-mcp project, released under the MIT license, offers a streamlined subset of the MCP (Machine Credential Provider) interface designed specifically for credential retrieval and account management tasks. It supports OAuth 2.0 dynamic client registration in line with the MCP specification and provides flexible communication options via STDIO and HTTP/SSE protocols. The repository also includes ready-to-use Docker images and sample configurations to facilitate seamless integration with editors and AI agents.
Operational Mechanics
This MCP server acts as a proxy layer to the Secret Server and optionally the Delinea Platform, enabling operations such as secret and folder retrieval, search functions, inbox and access request management, user and session administration, and report generation. Importantly, the actual secrets remain securely vaulted and are never exposed directly to the AI agents. Configuration management distinctly separates sensitive credentials-such as DELINEA_PASSWORD-into environment variables, while non-sensitive settings reside in a config.json file. Administrators can enforce granular access controls through parameters like enabled_tools and permitted object types, alongside TLS certificate management and optional pre-shared keys for client registration.
Why This Matters for Your Organization
As enterprises increasingly integrate AI agents into their operational workflows via MCP, security risks have escalated. Recent security breaches involving malicious MCP packages extracting sensitive data highlight the critical need for robust safeguards such as enforced registration protocols, encrypted TLS communication, minimal privilege access, and detailed identity tracking on every interaction. Delinea’s approach aligns with Privileged Access Management (PAM) best practices by combining ephemeral authentication tokens, rigorous policy enforcement, and full auditability. This framework significantly reduces the risk of credential proliferation and simplifies the process of credential revocation.
In Conclusion
Delinea’s MIT-licensed MCP server delivers a standardized, secure, and auditable method for AI agents to access credentials with minimal exposure. By leveraging short-lived tokens, comprehensive policy checks, and a limited toolset, it integrates tightly with Secret Server and the Delinea Platform to enhance security posture. The solution is currently available with detailed documentation covering OAuth 2.0 support, multiple transport protocols (STDIO and HTTP/SSE), and scoped operational capabilities.
