Model Context Protocol (MCP) Support

Ephos provides a native bridge for the Model Context Protocol, allowing AI agents (like Claude Desktop or local LLMs) to securely access your Phantom Keys through standardized tool definitions.

What is MCP?

MCP is an open standard that enables AI models to interact with external tools and data sources. By integrating Ephos with MCP, you can give your agents specific "capabilities" (e.g., "Post to Slack" or "Query Stripe") without ever sharing the raw API keys with the model or its environment.

The Ephos MCP Bridge

Ephos acts as an MCP Server. Instead of configuring local secrets in your `claude_desktop_config.json`, you point the agent to the Ephos MCP endpoint using an Ephos Token.

Configuration Example

Add the following to your MCP configuration file. For best security, use header-based authentication:

// Recommended: Header-based authentication
{
  "mcpServers": {
    "ephos": {
      "url": "https://mcp.phantom-projects.com/sse",
      "headers": {
        "X-Ephos-Token": "et_live_...",
        "X-Ephos-Secret": "ps_live_..."
      }
    }
  }
}
      

⚠️ Fallback: If your MCP client does not support custom headers, you may pass credentials as query parameters: ?token=et_live_...&secret=ps_live_.... This method is deprecated and may expose credentials in access logs.

How it Works

Discovery: When the agent starts, it queries Ephos for available tools.
Tool Mapping: Ephos returns a list of tools based on the Phantom Keys and Scopes associated with your token.
Execution: When the agent calls a tool, the request is routed through the Ephos Enclave, the secret is injected in RAM, the call is executed, and the results are returned to the agent.

Benefits

Zero Exposure: Secrets never exist on your local machine or in the agent's memory.
Centralized Control: Manage tool access and rotation through the Ephos Dashboard.
Full Auditing: Every MCP tool call is recorded in your Ephos Audit Logs with complete agent attribution.