Trusted Mcp Server
What is Trusted Mcp Server
trusted-mcp-server is a secure Gmail MCP server that operates within an AWS Nitro Enclave, providing a trusted execution environment for enhanced security.
Use cases
Use cases include secure email notifications, automated email processing, and integration with applications that require reliable and secure access to Gmail services.
How to use
To use trusted-mcp-server, obtain an app-specific password from your Google account and add the provided URL block to your client’s mcp.json file, replacing the placeholders with your email and password.
Key features
Key features include operation within a secure AWS Nitro Enclave, support for SSE transport, and enhanced security through hardware-based attestation.
Where to use
trusted-mcp-server is suitable for applications requiring secure email processing, particularly in environments where data privacy and security are paramount.
Clients Supporting MCP
The following are the main client software that supports the Model Context Protocol. Click the link to visit the official website for more information.
Overview
What is Trusted Mcp Server
trusted-mcp-server is a secure Gmail MCP server that operates within an AWS Nitro Enclave, providing a trusted execution environment for enhanced security.
Use cases
Use cases include secure email notifications, automated email processing, and integration with applications that require reliable and secure access to Gmail services.
How to use
To use trusted-mcp-server, obtain an app-specific password from your Google account and add the provided URL block to your client’s mcp.json file, replacing the placeholders with your email and password.
Key features
Key features include operation within a secure AWS Nitro Enclave, support for SSE transport, and enhanced security through hardware-based attestation.
Where to use
trusted-mcp-server is suitable for applications requiring secure email processing, particularly in environments where data privacy and security are paramount.
Clients Supporting MCP
The following are the main client software that supports the Model Context Protocol. Click the link to visit the official website for more information.
Content
Trusted GMail MCP Server
This is a gmail MCP server running inside a secure AWS Nitro enclave instance. It was originally forked from the Claude Post MCP server. Most MCP servers are run locally via the stdio transport; we followed this guide to implement a remote MCP server using sse transport.
Connect to the MCP Server
To use this MCP server, you will need an app-specific password.
Then simply add the following block to your client’s mcp.json file.
Note that you might have to restart your client.
Security Notice
This implementation is a proof of concept. Passing app-specific passwords in URLs is not a secure pattern because:
- URLs can be logged by proxies, browsers and servers
- URLs may appear in browser history
- URLs can be leaked via the Referer header to third-party sites
Unfortunately, current MCP clients have limitations on how they connect to servers. At the moment of release, MCP specification does not define a standard authentication mechanism for SSE servers. This means we can’t use more secure patterns like bearer tokens or other authorization headers that would normally be preferred.
For additional security, consider:
- Using a dedicated app-specific password just for this purpose
- Accessing this over a secure VPN or private network
- Running your own instance with the provided instructions
Concept
AWS Nitro Enclaves provide isolated compute environments that enhance security through hardware-based attestation. When code runs in a Nitro Enclave, the platform generates cryptographic measurements of the code’s identity and state. These measurements serve as a verifiable guarantee that the code has not been modified and is executing exactly as intended, protecting against tampering or unauthorized modifications. For more information, see this blog post.
We use Nitriding to quickly deploy code in an AWS Nitro TEE.
Verify the code attestation
To verify that the intended codebase is the one running in our TEE, you must reproduce running it in an AWS Nitro enclave yourself. Instructions to do so are below. Once you have it running, you can verify it using this repository as follows.
- First build the code.
cd verifier
pnpm install && pnpm run build
- Then run the verifier locally.
cd mcp/react-ts-webpack pnpm i && pnpm run dev
- Then open
http://localhost:8080/in your browser. You will be prompted to add two fields
(a) the PCR2 hash, which is a hash of the codebase
(b) the Code attestation, which is signed by AWS
- Click the “Verify Attestation” button
Run your own instance in a TEE
You can reproduce running this server in a TEE as follows.
-
Use the AWS EC2 console to select a sufficiently large instance and be sure to enable Nitro.
-
Make sure that the ports needed by your application are open by checking the security group, in “security” tab of the instance in the ec2 console.
-
Clone this repo to your ec2 instance.
-
Run the setup script to download all necessary dependencies.
sudo /setup.sh
- Allocate more memory for the enclave if necessary.
sudo nano /etc/nitro_enclaves/allocator.yaml
sudo systemctl restart nitro-enclaves-allocator.service
- Run the enclave.
make
- Run in production mode.
make run
Use your MCP server
To actually use the MCP server, you will also need to run the gvproxy, as follows.
screen ./gvproxy.sh
Then you can curl the healthcheck endpoint to confirm that the MCP server is running in the enclave.
curl http://127.0.0.1:7047/
Dev Tools Supporting MCP
The following are the main code editors that support the Model Context Protocol. Click the link to visit the official website for more information.
