@sirrlock/mcp — Sirr MCP Server

Gives AI assistants like Claude direct access to your Sirr secret vault. Store, read, and share ephemeral secrets without leaving a conversation.

Demo

Anonymous dead drop — store and burn

Session 1 — store a secret (no name, no org needed)

❯ stash this deploy token: 123asdzxc

⏺ sirr-mcp - store_secret (MCP)(value: "123asdzxc")
  ⎿  Secret pushed.
     ID: a1b2c3d4e5f6…
     URL: https://sirr.sirrlock.com/s/a1b2c3d4e5f6…
     Burns after 1 read(s).

⏺ Stored. Share the URL — it burns after one read.

Session 2 — retrieve by ID (the vault burns it)

❯ get the secret at a1b2c3d4e5f6…

⏺ sirr-mcp - read_secret (MCP)(id: "a1b2c3d4e5f6…")
  ⎿  123asdzxc

⏺ Got it. Deploying to staging with the token. Done.

Session 3 — secret is already gone

❯ get that secret again

⏺ sirr-mcp - read_secret (MCP)(id: "a1b2c3d4e5f6…")
  ⎿  Secret not found, expired, or already burned.

⏺ The secret no longer exists on the server.

Org-scoped named secret — store and read by name

❯ store the BITBUCKET_TOKEN as 123asdzxc

⏺ sirr-mcp - store_secret (MCP)(value: "123asdzxc", name: "BITBUCKET_TOKEN")
  ⎿  Secret 'BITBUCKET_TOKEN' stored in org 'acme'.

❯ deploy to staging using sirr:BITBUCKET_TOKEN

⏺ sirr-mcp - read_secret (MCP)(name: "BITBUCKET_TOKEN")
  ⎿  123asdzxc

The secret existed just long enough to be used. The vault enforces expiry server-side. Claude is instructed by the tool description not to memorize or repeat the value. Even if a different agent, session, or attacker asks — there is nothing left to return.

Install

One-liner for Claude Code:

claude mcp add --transport stdio sirr -- npx -y @sirrlock/mcp

Or install globally:

npm install -g @sirrlock/mcp

Both methods work with Claude Code, Cursor, Windsurf, and any MCP client.

Quick start

Zero config (public dead drops + share links)

Works immediately. No account, no token, no org needed:

❯ stash this API key: sk-abc123
⏺ [calls store_secret] → burn URL

❯ share this password with the contractor: hunter2
⏺ [calls share_secret] → sirrlock.com burn link

Sirr Cloud (org-scoped named secrets)

1. Sign up at sirrlock.com — free tier includes 3 seats and unlimited secrets.
2. Get your principal key from the dashboard (Settings → API Keys).
3. Add to .mcp.json — paste the config block below with your key and org ID.
4. Verify — run sirr-mcp --health to confirm the connection.

Self-Hosted

1. Start Sirr — run sirrd serve and note the SIRR_MASTER_API_KEY you set.
2. Set your token — SIRR_TOKEN in your MCP config must equal that key value.
3. Add to .mcp.json — use the self-hosted config block below.
4. Verify — run sirr-mcp --health to confirm the connection.

Configuration

Sirr Cloud (default)

No SIRR_SERVER needed — defaults to https://sirr.sirrlock.com.

# Claude Code one-liner
claude mcp add --transport stdio --env SIRR_TOKEN=your-principal-key --env SIRR_ORG=your-org-id sirr -- npx -y @sirrlock/mcp

{
  "mcpServers": {
    "sirr": {
      "command": "npx",
      "args": ["-y", "@sirrlock/mcp"],
      "env": {
        "SIRR_TOKEN": "your-principal-key",
        "SIRR_ORG": "your-org-id"
      }
    }
  }
}

Self-Hosted

Point SIRR_SERVER at your own sirrd instance:

# Claude Code one-liner
claude mcp add --transport stdio --env SIRR_SERVER=http://localhost:39999 --env SIRR_TOKEN=your-master-key sirr -- npx -y @sirrlock/mcp

{
  "mcpServers": {
    "sirr": {
      "command": "npx",
      "args": ["-y", "@sirrlock/mcp"],
      "env": {
        "SIRR_SERVER": "http://localhost:39999",
        "SIRR_TOKEN": "your-master-api-key"
      }
    }
  }
}

What is SIRR_TOKEN? On Sirr Cloud, use a principal key from the sirrlock.com dashboard. For self-hosted, use the SIRR_MASTER_API_KEY value (full access) or a principal key for org-scoped access. A mismatch is the most common cause of 401 errors. See sirr.dev/errors#401.

Environment variables

| Variable | Default | Description | |---|---|---| | SIRR_SERVER | https://sirr.sirrlock.com | Sirr server URL. Omit for Cloud; set to your instance URL for self-hosted. | | SIRR_TOKEN | — | Bearer token — a principal key (Cloud or org-scoped) or SIRR_MASTER_API_KEY (self-hosted full access) | | SIRR_ORG | — | Organization ID. Required for named secrets (store/read by name). Optional for anonymous dead drops. |

CLI flags

# Print the installed version and exit
sirr-mcp --version

# Check connectivity (Cloud)
SIRR_TOKEN=your-principal-key SIRR_ORG=your-org-id sirr-mcp --health

# Check connectivity (self-hosted)
SIRR_SERVER=http://localhost:39999 SIRR_TOKEN=your-master-key sirr-mcp --health

--health exits with code 0 on success and 1 on failure, making it safe to use in scripts and CI.

Available tools

| Tool | Description | |---|---| | store_secret(value, name?, ttl_seconds?, max_reads?) | Store a secret. With name: org-scoped named secret. Without: anonymous burn-after-read dead drop. | | read_secret(id?) or read_secret(name?) | Read a secret. By id: public dead drop. By name: org-scoped (requires SIRR_ORG). | | check_secret(name) | Check if a secret exists and view metadata — without consuming a read. | | share_secret(value) | Create a burn-after-read link via sirrlock.com. Burns after 1 read or 24h. No account needed. | | audit(since?, action?, limit?) | Query the audit log — secret creates, reads, deletes. |

That's it. Five tools. Everything else (webhooks, keys, orgs, roles, principals) is managed via the CLI or web dashboard.

Inline secret references

You can reference org-scoped secrets inline in any prompt:

"Use sirr:DATABASE_URL to run a migration"
"Deploy with sirr:DEPLOY_TOKEN"

The sirr:KEYNAME prefix tells Claude to fetch from the vault automatically (requires SIRR_ORG to be set).

Secret lifecycle

Sirr secrets expire by design. store_secret supports expiry controls:

| Option | Behavior | |---|---| | ttl_seconds: 3600 | Secret expires after 1 hour, regardless of reads | | max_reads: 1 | Secret is deleted after the first read (default for anonymous dead drops) | | No options | Secret persists until explicitly deleted |

Use check_secret to inspect a secret's status without consuming a read — useful when you want to verify a secret is still available before fetching it.

Security notes

• Claude only sees secret values when you explicitly ask it to fetch via read_secret
• Set max_reads=1 on any secret shared for a single AI session
• The MCP server never logs secret values
• SIRR_TOKEN lives in your MCP config's env block — it is never passed as a tool argument or in prompts
• Use HTTPS (https://) when SIRR_SERVER points to a remote host — plain HTTP transmits secrets unencrypted

Troubleshooting

| Symptom | Cause | Fix | |---|---|---| | Error: Sirr 401 | SIRR_TOKEN doesn't match server key | Verify both values match exactly — no extra spaces or newlines. sirr.dev/errors#401 | | Error: Sirr 402 | Free-tier limit reached | Delete unused secrets or upgrade. sirr.dev/errors#402 | | Error: Sirr 403 | Token lacks the required permission | Use a token with the needed scope. sirr.dev/errors#403 | | Error: Sirr 409 | Name already exists (store_secret) | Delete the existing secret first, or choose a different name. sirr.dev/errors#409 | | Secret '…' not found | Secret expired, was burned, or name was mistyped | Re-store the secret if you still need it. sirr.dev/errors#404 | | did not respond within 10s | Sirr server is unreachable | Check SIRR_SERVER URL and confirm Sirr is running (sirr-mcp --health). | | [sirr-mcp] Warning: SIRR_TOKEN is not set | Token missing from MCP config | Add SIRR_TOKEN to the env block in .mcp.json. Anonymous dead drops and share links still work without it. | | MCP server not found by Claude | sirr-mcp not on PATH | Install globally (npm install -g @sirrlock/mcp) or use the npx config variant. |

Related

| Package | Description | |---------|-------------| | sirr | Rust monorepo: sirrd server + sirr CLI | | @sirrlock/node | Node.js / TypeScript SDK | | sirr (PyPI) | Python SDK | | Sirr.Client (NuGet) | .NET SDK | | sirr.dev | Documentation | | sirrlock.com | Managed cloud + license keys |