The plaintext storage problem is real, but migrating to a secrets manager still leaves agents carrying long-lived tokens they don't need. Even if the key isn't in a config file, the agent has it in memory for the duration of the session.

The pattern that actually closes the gap: issue short-lived scoped tokens at request time, never hand the real key to the agent at all. The agent gets a proxy credential that expires after the session. If it leaks, it's already stale. We wrote up the full implementation here: https://apistronghold.com/blog/phantom-token-pattern-product...

53% of MCP servers store API keys as plaintext in config files. They get committed to git, shared across machines, exposed in breaches.

MCPGuard is a local-first CLI that: - Scans your MCP configs for plaintext credentials - Migrates them to your OS keychain (macOS/Linux/Windows) - Replaces values with mcpguard:// references - Injects credentials at runtime — never on disk

One command to audit, one to migrate. No cloud, no account, free and open source.