Server data from the Official MCP Registry
Self-hosted NVIDIA NIM API-key manager with a Claude MCP connector; deploy your own instance.
Self-hosted NVIDIA NIM API-key manager with a Claude MCP connector; deploy your own instance.
Valid MCP server (0 strong, 3 medium validity signals). 1 code issue detected. No known CVEs in dependencies. Imported from the Official MCP Registry. 1 finding(s) downgraded by scanner intelligence.
8 files analyzed · 1 issue found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
From the project's GitHub README.
Self-hosted, production-ready manager for the API keys of your own NVIDIA Build/NIM account — encrypted storage, assisted rotation, expiry detection, usage stats, projects, RBAC, audit, a web dashboard, and a Claude MCP connector. Deploy your own instance in a few minutes; everything is configured through environment variables.
NVIDIA Terms of Service. NVIDIA Build offers no public API to create or rotate keys programmatically (you generate them at build.nvidia.com), and API keys must not be shared or redistributed to third parties. This project is therefore designed for you to manage your own keys on your own instance: the only outbound call is the official read-only validation endpoint
GET https://integrate.api.nvidia.com/v1/models. It does not automate or scrape the NVIDIA portal, and it is not a service for handing your keys to other people.
render.yaml and provisions everything automatically:
JWT_SECRET, ENCRYPTION_MASTER_KEY and MCP_OAUTH_JWT_SIGNING_KEY (generated and stored by Render's secret manager),DATABASE_URL injected from the database.FIRST_ADMIN_EMAIL and FIRST_ADMIN_PASSWORD (your initial admin, created on first boot)./, explore the API at /docs.main runs CI (lint + types + tests + build) and redeploys automatically. Migrations (alembic upgrade head) run on container start.Prefer another host? Any platform that runs a Docker container + PostgreSQL works — see docs/deployment.md.
The same deployment exposes a Model Context Protocol server at ‹BASE›/mcp so you can add it to Claude as a custom connector. Claude authenticates with OAuth 2.1 (GitHub by default, Google optional) and can list/inspect keys, dispense a ready-to-use key, register/rotate/revoke and manage projects — with the same RBAC and audit trail as the REST API. Only identities in MCP_ALLOWED_IDENTITIES may connect (fail-closed).
‹BASE›/auth/callback; copy the Client ID/Secret.MCP_GITHUB_CLIENT_ID, MCP_GITHUB_CLIENT_SECRET and MCP_ALLOWED_IDENTITIES (your GitHub login/e-mail). The rest is already in render.yaml.‹BASE›/mcp → Connect.Full guide (Google, tool reference, security, troubleshooting): docs/connector.md.
rotated_from_id lineage link).expiring_soon flag.GET /api/v1/keys/dispense returns the least-recently-used active key (LRU), globally or per project, recording usage.admin/manager/viewer, rate limiting, immutable audit of every sensitive operation./mcp (see above)./metrics, health check at /health, OpenAPI at /docs.app/
├── domain/ # Enums and domain exceptions (no dependencies)
├── application/ # Use cases (services) and ports (interfaces)
│ └── services/ # auth, users, keys, projects, stats, audit
├── infrastructure/ # Adapters: SQLAlchemy (repositories) and NVIDIA gateway
├── api/ # FastAPI: routers, schemas, deps, rate limiting
├── mcp/ # Claude connector: MCP server, OAuth and identity mapping
├── dashboard/ # Lightweight SPA served at /
├── tasks/ # Scheduled jobs (APScheduler)
└── core/ # Config, crypto, security, logging
Pragmatic Clean Architecture: dependencies point inward; the application layer knows nothing about FastAPI and reaches NVIDIA through the KeyValidator port. Details and decisions in docs/architecture.md.
Stack: Python 3.12 · FastAPI · FastMCP (Claude connector) · SQLAlchemy 2 (async) · managed PostgreSQL · Alembic · Docker · GitHub Actions · Render (Blueprint) · structlog · Prometheus · slowapi · APScheduler.
BASE=https://your-service.onrender.com
# Log in (the admin was created on first boot)
TOKEN=$(curl -s $BASE/api/v1/auth/login -H 'Content-Type: application/json' \
-d '{"email":"you@example.com","password":"your-password"}' | jq -r .access_token)
# Register a key created at build.nvidia.com (validating it against NVIDIA)
curl -s $BASE/api/v1/keys -H "Authorization: Bearer $TOKEN" -H 'Content-Type: application/json' \
-d '{"name":"prod-1","api_key":"nvapi-...","validate_remote":true}'
# Get an available key (LRU) to use in your application
curl -s "$BASE/api/v1/keys/dispense" -H "Authorization: Bearer $TOKEN"
More examples (rotation, projects, stats, audit) in docs/api-examples.md. Interactive OpenAPI at /docs.
| Operation | viewer | manager | admin |
|---|---|---|---|
| View keys, projects and stats | ✅ | ✅ | ✅ |
| Register / validate / rotate / revoke / dispense keys | ❌ | ✅ | ✅ |
| Manage projects | ❌ | ✅ | ✅ |
| Delete keys, manage users, read the audit log | ❌ | ❌ | ✅ |
Not required to deploy, but fully supported:
pip install -e ".[dev]"
pytest --cov=app # required coverage gate: 85% (currently ~94%)
ruff check . && mypy app
docker compose up # local stack with PostgreSQL
Threat model, cryptographic details and design decisions in docs/security.md. Key points: AES-256-GCM encryption with a key derived (HKDF) from the secret manager, SHA-256 fingerprints to deduplicate without exposing the secret, short-lived signed JWTs, argon2 password hashing, per-IP rate limiting, audit of every sensitive operation, and no plaintext keys in logs or responses except the explicit dispense endpoint. To report a vulnerability, see SECURITY.md.
Contributions are welcome — see CONTRIBUTING.md and the Code of Conduct. A short Spanish overview is available in README.es.md.
MIT — see LICENSE.
Be the first to review this server!
by Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
by mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.