Skip to content

Add secure credential handling for browser automation#1

Merged
shawnrushefsky merged 2 commits intomainfrom
feature/secure-credential-handling
Jan 12, 2026
Merged

Add secure credential handling for browser automation#1
shawnrushefsky merged 2 commits intomainfrom
feature/secure-credential-handling

Conversation

@shawnrushefsky
Copy link
Collaborator

@shawnrushefsky shawnrushefsky commented Jan 12, 2026

Summary

  • Adds secure credential handling so AI models can use passwords/API keys without seeing actual values
  • Credentials stored locally (env vars or ~/.mcproxy/credentials.json) and referenced by name
  • All browser responses automatically scrubbed to filter out any credential values

New Tools

Tool Description
browser_list_credentials List credential names (never values)
browser_type_credential Type credential into selector by name
browser_keyboard_type_credential Type credential at focused element
browser_set_credential Store a credential locally
browser_delete_credential Remove a stored credential

How It Works

Model: browser_type_credential(session_id, '#password', 'github_password')
         ↓
MCP Server: Resolves 'github_password' → actual value from local store
         ↓
Browser Server: Types actual value into the form field
         ↓
Model: Gets success confirmation (never sees the actual password)

Security Features

  1. Reference-Only Access: Model only sees credential names, never values
  2. Response Scrubbing: All browser responses filtered to replace credential values with [CREDENTIAL:name]
  3. Local Storage: Credentials stored on MCP server machine, never sent to AI providers
  4. File Permissions: Credentials file created with 600 permissions

Test plan

  • Set credential via env var MCPROXY_CREDENTIAL_TEST=secret
  • Verify browser_list_credentials shows the credential name
  • Verify browser_type_credential types into a form field
  • Verify response scrubbing replaces credential values in HTML content

🤖 Generated with Claude Code

shawnrushefsky and others added 2 commits January 12, 2026 11:17
@shawnrushefsky @claude
Add secure credential handling for browser automation
88053b3 
Allows AI models to use credentials (passwords, API keys) without
seeing the actual values. Credentials are stored locally and
referenced by name.

New features:
- Credential store supporting env vars and ~/.mcproxy/credentials.json
- browser_type_credential: Type credential into selector by name
- browser_keyboard_type_credential: Type credential at focused element
- browser_list_credentials: List available credential names (not values)
- browser_set_credential/browser_delete_credential: Manage credentials
- Automatic response scrubbing: Any credential values in browser
  responses are replaced with [CREDENTIAL:name] placeholders

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@shawnrushefsky @claude
Add browser_has_credential tool and login flow docs
afd6aab 
Addresses PR feedback:
- Add browser_has_credential(name) for checking if a credential exists
- Add login flow example showing the cookies + credentials pattern
- Add guidance table for cookie/credential combination strategies

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@shawnrushefsky shawnrushefsky merged commit 7df0ae2 into main Jan 12, 2026
1 check passed
@shawnrushefsky shawnrushefsky deleted the feature/secure-credential-handling branch January 12, 2026 16:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@shawnrushefsky