Skip to main content

Overview

The Secure MCP Gateway caches discovered tools to improve performance. Two tools help you monitor and manage this cache:
  • enkrypt_get_cache_status - View cache status and statistics
  • enkrypt_clear_cache - Clear cached data to force re-discovery
Cache management tools are primarily used for debugging and troubleshooting. Normal operation doesn’t require manual cache management.

enkrypt_get_cache_status

Tool Signature

async def enkrypt_get_cache_status(
    ctx: Context
) -> dict
No parameters required - returns cache status for the authenticated user.

Return Value

status
string
required
Operation status: "success" or "error"
cache_status
object
required
Detailed cache statistics

Usage Examples

User: Show me the cache status

Claude: Let me check the cache status for you.
[Uses enkrypt_get_cache_status]

Cache Status:
- Gateway config: Cached, expires in 18.5 hours
- Tools:
  - github: 12 tools cached, expires in 2.3 hours
  - weather: 3 tools from config (no cache needed)
  - database: Not cached, needs discovery

Response Structure

{
  "status": "success",
  "cache_status": {
    "gateway_specific": {
      "config": {
        "exists": true,
        "expires_at": "2026-03-05 14:30:00 UTC",
        "expires_in_hours": 18.5,
        "is_expired": false
      },
      "tools": {
        "server_count": 3,
        "servers": {
          "github": {
            "tool_count": 12,
            "error": null,
            "are_tools_explicitly_defined": false,
            "needs_discovery": false,
            "exists": true,
            "expires_at": "2026-03-04 22:15:00 UTC",
            "expires_in_hours": 2.3,
            "is_expired": false
          },
          "weather": {
            "tool_count": 3,
            "error": null,
            "are_tools_explicitly_defined": true,
            "needs_discovery": false,
            "exists": false,
            "expires_at": null,
            "expires_in_hours": null,
            "is_expired": true
          },
          "database": {
            "tool_count": 0,
            "error": null,
            "are_tools_explicitly_defined": false,
            "needs_discovery": true,
            "exists": false,
            "expires_at": null,
            "expires_in_hours": null,
            "is_expired": true
          }
        }
      }
    },
    "global": {
      "total_gateways": 5,
      "total_tool_caches": 8,
      "total_config_caches": 5,
      "tool_cache_expiration_hours": 4,
      "config_cache_expiration_hours": 24,
      "cache_type": "local"
    }
  }
}

Understanding Cache States

Tools were discovered and are cached:
{
  "exists": true,
  "tool_count": 12,
  "expires_in_hours": 2.3
}
These tools are served from cache until expiration.
Tools are defined in the configuration file:
{
  "exists": false,
  "are_tools_explicitly_defined": true,
  "needs_discovery": false
}
These tools don’t need caching - they’re always available from config.
Server has no cached or configured tools:
{
  "exists": false,
  "needs_discovery": true,
  "tool_count": 0
}
Use enkrypt_discover_all_tools to discover and cache tools.
Cached tools have expired:
{
  "exists": false,
  "is_expired": true
}
Next tool discovery will refresh the cache.

Tool Annotations

annotations={
    "title": "Get Cache Status",
    "readOnlyHint": True,
    "destructiveHint": False,
    "idempotentHint": True,
    "openWorldHint": False
}

enkrypt_clear_cache

Tool Signature

async def enkrypt_clear_cache(
    ctx: Context,
    id: str = None,
    server_name: str = None,
    cache_type: str = None
) -> dict

Parameters

ctx
Context
required
MCP context (automatically provided)
id
str
default:"None"
Gateway/User ID whose cache to clear.
  • None: Uses authenticated user’s ID
  • Specific ID: Clears cache for that ID (requires permissions)
server_name
str
default:"None"
Name of server whose cache to clear.
  • None: Clears cache for all servers
  • Specific name: Clears cache for that server only
cache_type
str
default:"None"
Type of cache to clear.
  • None or "all": Clears all caches (tools + config)
  • "gateway_config": Clears gateway configuration cache only
  • "server_config": Clears server tools cache only
Aliases: "gateway", "gateway_cache", "gateway_config_cache"

Return Value

status
string
required
Operation status: "success" or "info"
message
string
required
Description of what was cleared

Usage Examples

User: Clear all cache

Claude: I'll clear all cached data.
[Uses enkrypt_clear_cache with no arguments]

Cache cleared for all servers (3 servers) and gateway config (cleared)

Response Examples

{
  "status": "success",
  "message": "Cache cleared for all servers (3 servers) and gateway config (cleared)"
}

Tool Annotations

annotations={
    "title": "Clear Cache",
    "readOnlyHint": False,
    "destructiveHint": True,   # Removes cached data
    "idempotentHint": False,
    "openWorldHint": True      # May refresh remote config
}

Cache Configuration

Configure cache behavior in enkrypt_mcp_config.json: 
{
  "common_mcp_gateway_config": {
    "enkrypt_tool_cache_expiration": 4,
    "enkrypt_gateway_cache_expiration": 24,
    "enkrypt_mcp_use_external_cache": false,
    "enkrypt_cache_host": "localhost",
    "enkrypt_cache_port": 6379,
    "enkrypt_cache_db": 0,
    "enkrypt_cache_password": null
  }
}

Configuration Options

enkrypt_tool_cache_expiration
integer
default:"4"
Hours to cache discovered tools
enkrypt_gateway_cache_expiration
integer
default:"24"
Hours to cache gateway configuration
enkrypt_mcp_use_external_cache
boolean
default:"false"
Whether to use external cache (Redis/KeyDB)
  • false: Use local in-memory cache
  • true: Use external Redis/KeyDB
enkrypt_cache_host
string
default:"localhost"
Redis/KeyDB host (when external cache is enabled)
enkrypt_cache_port
integer
default:"6379"
Redis/KeyDB port
enkrypt_cache_db
integer
default:"0"
Redis database number
enkrypt_cache_password
string
default:"null"
Redis password (if required)

Cache Types Comparison

Local Cache

Pros:
  • No external dependencies
  • Fastest access
  • Simple setup
Cons:
  • Not shared across instances
  • Lost on restart
  • Limited by memory

External Cache (Redis/KeyDB)

Pros:
  • Shared across instances
  • Persists across restarts
  • Scalable
Cons:
  • Requires external service
  • Network latency
  • Additional infrastructure

Common Use Cases

If tools aren’t showing up as expected:
1. Check cache status
2. Clear cache for the server
3. Discover tools again
This forces a fresh discovery.
After changing cache settings:
Show cache status and confirm it's using external cache
When a server is updated with new tools:
Clear cache for updated_server and discover its tools
Regular cache health checks:
Show cache status and check for expired entries

Implementation Details

Service Locations

  • Cache Status: src/secure_mcp_gateway/services/cache/cache_status_service.py:55
  • Cache Management: src/secure_mcp_gateway/services/cache/cache_management_service.py:71
  • Core Cache: src/secure_mcp_gateway/services/cache/cache_service.py

Cache Key Format

Cache keys are hashed for security: 
# Tool cache key
key = f"tools_{gateway_id}_{server_name}"
hashed_key = hashlib.md5(key.encode()).hexdigest()

# Gateway config key
key = f"gateway_config_{gateway_id}"
hashed_key = hashlib.md5(key.encode()).hexdigest()

Cache Registry

The gateway maintains a registry of all cache entries for efficient clearing: 
cache_registry = {
    "gateway_123": {
        "tool_caches": ["github", "weather"],
        "config_cache": True
    }
}

Performance Impact

Cached tools are retrieved in less than 10ms vs 1-5 seconds for fresh discovery.

Cache Hit Rates

Monitor cache effectiveness: 
# Via telemetry
telemetry_manager.cache_hit_counter.add(1)
telemetry_manager.cache_miss_counter.add(1)

# Via timeout metrics
await session.call_tool("enkrypt_get_timeout_metrics")

Best Practices

Regular Monitoring

Check cache status periodically to ensure healthy operation.

Selective Clearing

Clear specific servers rather than all caches when possible.

External Cache for Production

Use Redis/KeyDB for production deployments with multiple instances.

Appropriate TTLs

Set cache expiration based on how frequently tools change.

List Servers

See which servers have cached tools

Discover Tools

Force fresh tool discovery

Timeout Metrics

Monitor cache performance metrics

Configuration

Configure cache settings

Build docs developers (and LLMs) love

Get started for freeTalk to us