`MCPX_CONFIG_MISSING_SECRET`

Severity: error Domain: Config

What happened

The upstream config references a secret (typically via ${SECRET:NAME} in env or headers), but the secret was not found in the active secret store when mcpproxy tried to start that server.

How to fix

List what's defined

mcpproxy secret list

If the name you referenced isn't there, add it.

Add the missing secret

mcpproxy secret set <NAME>           # prompts for the value, never echoed

Secrets are stored in the OS keychain on macOS / Windows and in an encrypted file on Linux.

Check the reference syntax

{
  // env values support ${SECRET:NAME} expansion:
  "env": { "GITHUB_TOKEN": "${SECRET:github_personal_token}" },

  // headers do too:
  "headers": { "Authorization": "Bearer ${SECRET:my_api_key}" }
}

Plain string values are used as-is (no expansion).

Migration from inline secrets

If you previously stored secrets inline and want to move them into the secret store:

mcpproxy secret set github_personal_token < /dev/stdin <<<"ghp_xxx"
# Then update the config to use ${SECRET:github_personal_token}

What happened​

How to fix​

List what's defined​

Add the missing secret​

Check the reference syntax​

Migration from inline secrets​

Related​