docs(extensions): clarify env var sanitization policy for MCP and ext… (#22854)

Co-authored-by: Jack Wotherspoon <jackwoth@google.com>
Co-authored-by: Jenna Inouye <jinouye@google.com>
This commit is contained in:
Gal Zahavi
2026-05-14 14:23:38 -07:00
committed by GitHub
parent 2151653133
commit 0c0d88d90b
3 changed files with 47 additions and 3 deletions
+24 -3
View File
@@ -221,8 +221,10 @@ spawning MCP server processes.
#### Automatic redaction
By default, the CLI redacts sensitive environment variables from the base
environment (inherited from the host process) to prevent unintended exposure to
third-party MCP servers. This includes:
environment (inherited from the host process). This prevents the accidental
leakage of sensitive host environment variables (like AWS keys or GitHub tokens)
to arbitrary third-party MCP servers that might execute malicious code or log
your environment. This includes:
- Core project keys: `GEMINI_API_KEY`, `GOOGLE_API_KEY`, etc.
- Variables matching sensitive patterns: `*TOKEN*`, `*SECRET*`, `*PASSWORD*`,
@@ -232,7 +234,8 @@ third-party MCP servers. This includes:
#### Explicit overrides
If an environment variable must be passed to an MCP server, you must explicitly
state it in the `env` property of the server configuration in `settings.json`.
state it in the `env` property of the server configuration in `settings.json`
(or `mcp_config.json` if configuring standard MCP clients or remote skills).
Explicitly defined variables (including those from extensions) are trusted and
are **not** subjected to the automatic redaction process.
@@ -247,6 +250,24 @@ specific data with that server.
> (for example, `"MY_KEY": "$MY_KEY"`) to securely pull the value from your host
> environment at runtime.
**Example: Passing a GitHub Token securely to the
[official GitHub MCP server](https://github.com/github/github-mcp-server) via
`mcp_config.json`**
```json
{
"mcpServers": {
"github": {
"command": "npx",
"args": ["-y", "@github/github-mcp-server"],
"env": {
"GITHUB_PERSONAL_ACCESS_TOKEN": "$GITHUB_PERSONAL_ACCESS_TOKEN"
}
}
}
}
```
### OAuth support for remote MCP servers
Gemini CLI supports OAuth 2.0 authentication for remote MCP servers using SSE or