Overview Configuration commands manage MCP configurations, servers, and their associated guardrails policies. Each configuration is a collection of MCP servers with their settings.
Configuration Management List Configurations List all MCP configurations in the system.
secure-mcp-gateway config list
[ { "mcp_config_id" : "fcbd4508-1432-4f13-abb9-c495c946f638" , "mcp_config_name" : "default_config" , "servers" : 2 , "used_by_projects" : [ { "project_id" : "3c09f06c-1f0d-4153-9ac5-366397937641" , "project_name" : "default_project" } ] } ]
Add Configuration Create a new MCP configuration.
secure-mcp-gateway config add --config-name "production-config"
Name for the new configuration (must be unique)
mcp_config_id: f957f1b2-c77a-4de6-a53a-3d09784be777
Get Configuration Retrieve details of a specific configuration.
# By name secure-mcp-gateway config get --config-name "production-config" # By ID secure-mcp-gateway config get --config-id "f957f1b2-c77a-4de6-a53a-3d09784be777"
You must provide either --config-name or --config-id, not both.
Copy Configuration Duplicate an existing configuration with a new name.
secure-mcp-gateway config copy \ --source-config "production-config" \ --target-config "staging-config"
Name or ID of the source configuration
Name for the new configuration copy
Rename Configuration Change the name of an existing configuration.
secure-mcp-gateway config rename \ --config-name "old-name" \ --new-name "new-name"
Current configuration name or ID
New name for the configuration
Remove Configuration Delete a configuration (must not be in use by any projects).
secure-mcp-gateway config remove --config-name "old-config"
You cannot remove a configuration that is assigned to projects. Unassign it from all projects first.
Server Management List Servers List all servers in a configuration.
secure-mcp-gateway config list-servers --config-name "production-config"
[ { "server_name" : "github-mcp" , "description" : "GitHub MCP Server" , "command" : "npx" , "args" : [ "-y" , "@modelcontextprotocol/server-github" ], "tools" : 0 , "input_guardrails_enabled" : true , "output_guardrails_enabled" : true } ]
Add Server Add a new MCP server to a configuration.
secure-mcp-gateway config add-server \ --config-name "production-config" \ --server-name "web-server" \ --server-command "python" \ --args= "server.py" \ --description "Web server"
secure-mcp-gateway config add-server \ --config-name "production-config" \ --server-name "github-mcp" \ --server-command "npx" \ --args= "-y,@modelcontextprotocol/server-github" \ --description "GitHub MCP Server"
Use comma-separated values for multiple arguments. The = sign is required when args start with -.
secure-mcp-gateway config add-server \ --config-name "production-config" \ --server-name "db-server" \ --server-command "python" \ --args= "db.py" \ --env '{"DB_HOST": "localhost", "DB_PORT": "5432", "DEBUG": "true"}' \ --description "Database server with env vars"
secure-mcp-gateway config add-server \ --config-name "production-config" \ --server-name "secure-server" \ --server-command "python" \ --args= "secure.py" \ --input-guardrails-policy '{"enabled": true, "policy_name": "Input Security Policy", "additional_config": {"pii_redaction": true}, "block": ["policy_violation", "injection_attack"]}' \ --description "Server with input guardrails"
Unique server name within the configuration
Command to execute (e.g., python, npx, node)
Comma-separated command arguments
Environment variables as JSON object
Tool configuration as JSON object
Input guardrails configuration
Output guardrails configuration
Get Server Retrieve details of a specific server.
secure-mcp-gateway config get-server \ --config-name "production-config" \ --server-name "github-mcp"
Update Server Modify server configuration.
secure-mcp-gateway config update-server \ --config-name "production-config" \ --server-name "web-server" \ --server-command "node" \ --args= "app.js" \ --description "Updated web server"
Remove Server Delete a server from configuration.
secure-mcp-gateway config remove-server \ --config-name "production-config" \ --server-name "old-server"
Remove All Servers Remove all servers from a configuration.
secure-mcp-gateway config remove-all-servers --config-name "production-config"
Guardrails Management Configure input protection for a server.
secure-mcp-gateway config update-server-input-guardrails \ --config-name "production-config" \ --server-name "github-mcp" \ --policy '{"enabled": true, "policy_name": "Custom Policy", "additional_config": {"pii_redaction": true}, "block": ["policy_violation", "injection_attack"]}'
secure-mcp-gateway config update-server-input-guardrails \ --config-name "production-config" \ --server-name "github-mcp" \ --policy-file "input_policy.json"
input_policy.json: { "enabled" : true , "policy_name" : "Input Security Policy" , "additional_config" : { "pii_redaction" : true , "content_filtering" : true }, "block" : [ "policy_violation" , "injection_attack" , "topic_detector" , "nsfw" , "toxicity" , "pii" ] }
Policy configuration as JSON string
Path to JSON file containing policy
Provide either --policy or --policy-file, not both.
Update Output Guardrails Configure output protection for a server.
secure-mcp-gateway config update-server-output-guardrails \ --config-name "production-config" \ --server-name "github-mcp" \ --policy-file "output_policy.json"
output_policy.json: { "enabled" : true , "policy_name" : "Output Security Policy" , "additional_config" : { "relevancy" : true , "hallucination" : true , "adherence" : true , "toxicity_filter" : true }, "block" : [ "policy_violation" , "injection_attack" , "harmful_content" ] }
Update Both Guardrails Update input and output guardrails together.
secure-mcp-gateway config update-server-guardrails \ --config-name "production-config" \ --server-name "github-mcp" \ --input-policy-file "input_policy.json" \ --output-policy-file "output_policy.json"
Input policy as JSON string
Path to input policy JSON file
Output policy as JSON string
Path to output policy JSON file
Plugin Configuration Set Enkrypt API Key Configure the API key for Enkrypt guardrails.
secure-mcp-gateway config set-enkrypt-api-key \ --api-key "your-enkrypt-api-key-here"
Get Enkrypt API Key Retrieve the configured Enkrypt API key.
secure-mcp-gateway config get-enkrypt-api-key
Manage OpenTelemetry settings.
# Enable telemetry secure-mcp-gateway config configure-telemetry --enabled true # Set collector URL secure-mcp-gateway config configure-telemetry --url "http://localhost:4317" # Configure for local development secure-mcp-gateway config configure-telemetry \ --enabled true \ --url "http://localhost:4317" \ --insecure true
Enable or disable telemetry
OpenTelemetry collector URL
Allow insecure connections (for local development)
Utility Commands List Projects Using Config Show which projects are using a configuration.
secure-mcp-gateway config list-projects --config-name "production-config"
Validate Configuration Check configuration structure and integrity.
secure-mcp-gateway config validate --config-name "production-config"
INFO: Config 'production-config' is valid
Export Configuration Export configuration to a JSON file.
secure-mcp-gateway config export \ --config-name "production-config" \ --output-file "prod-config.json"
Import Configuration Import configuration from a JSON file.
secure-mcp-gateway config import \ --input-file "prod-config.json" \ --config-name "imported-config"
Search Configurations Search for configurations by name or server name.
secure-mcp-gateway config search --search-term "github"
[ { "mcp_config_id" : "f957f1b2-c77a-4de6-a53a-3d09784be777" , "mcp_config_name" : "production-config" , "match_type" : "server_name" , "servers" : 3 } ]
Best Practices
Use descriptive config names: production-web-servers vs config1
Include environment in name: dev-config, staging-config, prod-config
Use consistent naming across related configs
Group related servers in the same configuration
Separate development and production servers
Document server purposes in descriptions
Enable guardrails for production servers
Test policies in development first
Use PII redaction for sensitive data
Regular policy reviews and updates
Export configs for backup
Store exported configs in version control
Test imports before applying to production
Document configuration changes
Common Workflows Setup Production Configuration # 1. Create configuration secure-mcp-gateway config add --config-name "production-config" # 2. Add servers secure-mcp-gateway config add-server \ --config-name "production-config" \ --server-name "github-mcp" \ --server-command "npx" \ --args= "-y,@modelcontextprotocol/server-github" \ --description "GitHub MCP Server" # 3. Configure guardrails secure-mcp-gateway config update-server-guardrails \ --config-name "production-config" \ --server-name "github-mcp" \ --input-policy-file "input_policy.json" \ --output-policy-file "output_policy.json" # 4. Validate secure-mcp-gateway config validate --config-name "production-config" # 5. Export for backup secure-mcp-gateway config export \ --config-name "production-config" \ --output-file "production-backup.json"
Clone Configuration for Testing # 1. Copy production config secure-mcp-gateway config copy \ --source-config "production-config" \ --target-config "test-config" # 2. Modify test config as needed secure-mcp-gateway config update-server \ --config-name "test-config" \ --server-name "github-mcp" \ --env '{"DEBUG": "true"}'
