Early access — founding teams get the Free tier locked in permanently.
Sirr is in public beta — APIs may change before 1.0
← Back to Docs

MCP Integration

Give AI assistants direct access to your Sirr vault. One command, no install — works with Claude Code, Cursor, Windsurf, and any MCP client.

Claude Code

Paste your principal key from the dashboard and run:

claude mcp add --transport http sirr https://sirr.sirrlock.com/mcp \
  --header "Authorization: Bearer <your-principal-key>"

No npm. No npx. No Node.js. Claude connects directly over HTTP.

Other MCP Clients

For Cursor, Windsurf, VS Code Copilot, or any client that supports MCP over HTTP — point it at:

URL:    https://sirr.sirrlock.com/mcp
Header: Authorization: Bearer <your-principal-key>

If your client uses .mcp.json:

{
  "mcpServers": {
    "sirr": {
      "type": "http",
      "url": "https://sirr.sirrlock.com/mcp",
      "headers": {
        "Authorization": "Bearer <your-principal-key>"
      }
    }
  }
}

Available Tools

ToolDescription
store_secretStore a secret. With name: org-scoped. Without: anonymous dead drop.
read_secretRead by ID (public) or by name (org-scoped).
check_secretCheck metadata without consuming a read.
share_secretCreate a burn-after-read link. No account needed.
auditQuery the audit log.

Everything else (webhooks, API keys, orgs, roles, principals) is managed via the CLI or web dashboard.

Inline Secret References

Reference secrets inline in any prompt using the sirr: prefix:

"Use sirr:DATABASE_URL to run a migration"
"Deploy with sirr:DEPLOY_TOKEN"

Claude automatically fetches the secret from your vault when it sees the sirr:KEYNAME pattern.

Security Notes

  • Claude only sees secret values when you explicitly ask it to fetch via read_secret
  • Set max_reads=1 on any secret shared for a single AI session
  • The MCP server never logs secret values
  • Your principal key authenticates every request — scope it to the permissions you need

Troubleshooting

SymptomFix
401 UnauthorizedCheck your principal key — copy it fresh from Settings → API Keys
402 Payment RequiredFree-tier limit reached — delete unused secrets or upgrade
Secret not foundSecret expired, was burned, or key was mistyped — re-store if needed
Connection timeoutVerify the URL is reachable — try curl https://sirr.sirrlock.com/health

Alternative: stdio transport

For offline or air-gapped environments, the @sirrlock/mcp npm package runs locally via stdio. Requires Node.js.

claude mcp add --transport stdio sirr -- npx -y @sirrlock/mcp

See the GitHub README for env var configuration and self-hosted setup.