http_mcp_headers

Solid

Implement secret-safe HTTP headers for MCP transport in gh-aw.

AI & Automation 4,612 stars 420 forks Updated today MIT

Install

View on GitHub

Quality Score: 91/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# HTTP MCP Header Secret Support - Implementation Summary Use this reference for HTTP MCP header secret support in the copilot engine. ## Problem Statement When HTTP MCP headers include GitHub Actions secrets, `mcp-config.json` must: 1. Extract secrets from headers (e.g., `${{ secrets.DD_API_KEY }}`) 2. Declare those env variables in the execution step 3. Configure the MCP config's "env" section to passthrough those variables 4. Use the passed variables in the headers section ## Example Workflow ```markdown on: workflow_dispatch: permissions: contents: read engine: copilot mcp-servers: datadog: type: http url: "https://mcp.datadoghq.com/api/unstable/mcp-server/mcp" headers: DD_API_KEY: "${{ secrets.DD_API_KEY }}" DD_APPLICATION_KEY: "${{ secrets.DD_APPLICATION_KEY }}" DD_SITE: "${{ secrets.DD_SITE || 'datadoghq.com' }}" allowed: - search_datadog_dashboards - search_datadog_slos - search_datadog_metrics - get_datadog_metric # Datadog Dashboard Search Search for Datadog dashboards and provide a summary. ``` ## Generated Output ### 1. MCP Config (mcp-config.json) ```json { "mcpServers": { "datadog": { "type": "http", "url": "https://mcp.datadoghq.com/api/unstable/mcp-server/mcp", "headers": { "DD_API_KEY": "${DD_API_KEY}", "DD_APPLICATION_KEY": "${DD_APPLICATION_KEY}", "DD_SITE": "${DD_SITE}" }, "tools": [ "search_datadog_dashboards", ...

Details

Author
github
Repository
github/gh-aw
Created
10 months ago
Last Updated
today
Language
Go
License
MIT

Integrates with

GitHub · DevTools Datadog · Monitoring

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Solid

github-mcp-server

GitHub MCP Server Documentation

4,612 Updated today
github
AI & Automation Solid

secret-setup

Extract hardcoded secrets from CLAUDE.md, .mcp.json, and project config into a gitignored env file, then wire a SessionStart hook to load them automatically. Use when user says "separate secrets", "extract API keys", "secret setup", "env var setup", "hardcoded credentials", ".env setup for Claude", "load secrets via hook", "protect credentials", or "clean up mcp secrets".

47 Updated 4 days ago
LeeJuOh
AI & Automation Solid

mcp-operations

Operate and maintain the local MCP server for this project. Use when creating MCP host config, troubleshooting tool connectivity, modifying tool domains, or adjusting safety policy flags.

456 Updated yesterday
hoangsonww