Corcava logoLe seul outil métier dont vous avez besoinCorcava
Menu
Solutions
Secteurs
DesignersRH & recrutementCabinets d'avocatsImmobilierConseilMarketing digitalComptabilitéE‑commerceDéveloppement logiciel
Produit
FonctionnalitésIntégrations
BlogTélécharger
Ressources
TemplatesDocsMCPFAQAPIComparaisonsFeuille de routeQuoi de neuf$ Programme d'affiliation
Tarifs
Essai gratuit de 14 jours

Aucune carte bancaire requise

Liste de sécurité MCP : une intégration assistant sûre

Use this printable checklist to ensure your MCP integration is secure. This resource covers authentication, key rotation, least privilege, confirmation flows, logging, monitoring, and incident response—with links to detailed guides for each topic.

📄 Printable Checklist

Print this page or save as PDF to use as a security audit checklist for your MCP setup.

Authentication & API Keys

API Key Management

  • API key stored securely (not in version control, not hardcoded)
  • Separate API key per client/machine for better tracking
  • API key named descriptively (e.g., "Claude Desktop - Work Laptop")
  • Key rotation schedule established (e.g., every 90 days)
  • Revocation process documented and tested
  • Environment separation: different keys for dev/staging/prod

API Key Management Guide →

Least Privilege & Access Control

Access Control

  • API key has minimum required permissions (read-only if possible)
  • Write permissions only granted when necessary
  • Workspace access limited to necessary projects
  • Team roles and permissions reviewed for MCP usage
  • Access reviewed regularly (quarterly recommended)

Least Privilege Guide →

Confirmation Flows & Write Safety

Write Operation Safety

  • All write operations require explicit confirmation
  • Preview/diff shown before create/update/delete
  • Confirmation tokens used for critical operations
  • Read-first pattern: always fetch before updating
  • Task ID verification before acting on tasks
  • Delete operations require extra confirmation

Write Approval Patterns →

Write Safety Guide →

Logging & Monitoring

Observability

  • MCP tool calls logged with: tool name, timestamp, user, status
  • Write operations logged with full context
  • Error logging enabled and monitored
  • Alerting configured for unusual patterns (spikes, failures)
  • Regular review of write action logs (weekly recommended)
  • Audit trail maintained for compliance requirements

Observability Guide →

Incident Response

Response Preparedness

  • Incident response plan documented
  • Key revocation process tested and documented
  • Contact information for security team available
  • Rollback procedure for accidental writes documented
  • Post-incident review process established

Data Privacy & Compliance

Privacy & Compliance

  • PII excluded from prompts and comments
  • Data minimization: only necessary data in prompts
  • Redaction patterns used for sensitive information
  • Compliance requirements reviewed (GDPR, HIPAA, etc.)
  • Data retention policies understood and followed

Privacy Guide →

Team Training & Documentation

Training & Documentation

  • Team trained on safe MCP prompt patterns
  • Security best practices documented and accessible
  • Approval workflows understood by all users
  • Regular security reviews scheduled (quarterly recommended)
  • Security checklist reviewed and updated regularly

Quick Security Audit

Critical Security Items

These items are critical for security—address immediately if unchecked:

  • ✅ API keys not in version control
  • ✅ Write operations require confirmation
  • ✅ Least privilege: minimum required permissions
  • ✅ Key rotation schedule in place
  • ✅ Logging enabled for write operations

Related Resources

MCP Security Guide

Comprehensive security guide

API Key Management

Key rotation and management

Least Privilege

Safe write workflows

Write Approval Patterns

Confirmation patterns

Secure Your MCP Integration

Use this checklist to ensure your MCP setup follows security best practices

Security Guide →API Keys