name: decrypt-secrets description: Decrypt MCP tokens for remote sessions
Decrypt Secrets
Decrypt your encrypted MCP tokens at the start of a remote session.
When to Use
- At the start of a remote/web session when MCP servers need tokens
- When you see "Encrypted secrets found but not decrypted" in session startup
- When MCP servers fail due to missing authentication
How It Works
- Your tokens are stored encrypted in
.env.local.encrypted(safe to commit) - Running this decrypts them to
.env.local(gitignored) - MCP servers then use the tokens automatically
Instructions
Run the decryption script and enter your passphrase:
node scripts/secrets/decrypt-secrets.js
You'll be prompted for the passphrase you set when encrypting.
First-Time Setup
If you haven't encrypted your secrets yet:
-
Add your tokens to
.env.local:GITHUB_TOKEN=ghp_your_token SONAR_TOKEN=sqp_your_token CONTEXT7_API_KEY=your_key -
Encrypt them:
node scripts/secrets/encrypt-secrets.js -
Commit
.env.local.encryptedto your repo -
In future sessions, just run the decrypt script
Security Notes
.env.localis gitignored - your actual tokens are never committed.env.local.encrypteduses AES-256-GCM encryption- Choose a strong passphrase (8+ characters)
- Your passphrase is never stored anywhere