Gke Cred Audit
FreeNot checkedDefensive credential-exposure auditor for GKE that inventories workload identity, service account tokens, and RBAC posture, exposing findings via an MCP server
About
Defensive credential-exposure auditor for GKE that inventories workload identity, service account tokens, and RBAC posture, exposing findings via an MCP server at /mcp.
README
Defensive credential-exposure auditor for GKE. Deployed in-cluster as a single
Pod (Deployment + Service); fronted by Natoma at /mcp.
The server uses its own ServiceAccount to:
- Inventory its own GCE/GKE workload-identity exposure (project, instance, SA scopes/tokens).
- Decode its own projected ServiceAccount token (claims only) and walk its mounted secret files.
- Inventory the pods + ConfigMaps in its namespace (and, opt-in, secret metadata) so Natoma can ask follow-up questions about workloads that share the namespace.
- Compute its own RBAC posture via
SelfSubjectRulesReviewand a curatedSelfSubjectAccessReviewmatrix.
Surfaces
- REST with an OpenAPI 3.1 spec at
/openapi.json(Swagger UI at/docs, ReDoc at/redoc). - MCP server over Streamable HTTP, mounted at
/mcp(per MCP spec rev 2025-03-26).
Both surfaces share the same redacted pydantic models. Raw bearer tokens, JWT signatures, PEM
private keys, and Secret values are never returned. The break-glass RAW_REVEAL flag exists for
debugging individual tokens; it never extends to namespace Secret values.
Deploying via Natoma
Natoma is the auth boundary for /mcp. The server itself has no native auth; this is intentional
and surfaced in /version, audit://server-info, and the OpenAPI spec via x-auth=none (gateway-managed).
Dockerfile path (recommended)
This repo has a root Dockerfile. Point Natoma at this repo and it will build and run the
container. The server reads $PORT (default 8080) and binds 0.0.0.0. uvicorn is configured
with --proxy-headers --forwarded-allow-ips="*" so X-Forwarded-* from the gateway is honored.
Direct cluster deployment
kubectl apply -f manifests/rbac.yaml
kubectl apply -f manifests/deployment.yaml
kubectl apply -f manifests/service.yaml
kubectl apply -f manifests/networkpolicy.yaml
Then point Natoma's gateway at http://gke-cred-audit.<namespace>.svc:8080/mcp.
The bundled NetworkPolicy only permits ingress from namespaces labeled natoma-gateway: "true";
adjust to match your installation. Egress is restricted to the Kubernetes API server and the GCE
metadata IP.
Granting secret enumeration
AUDIT_ENABLE_SECRET_LISTING=true opts in to namespace Secret enumeration. Even when enabled, the
server returns metadata only -- name, type, key names, per-key size, per-key SHA-256 prefix.
Values are never returned. A property-based test (tests/test_redaction_invariant.py)
runs against mocked Secrets containing real-looking base64 data to enforce this.
The trade-off: granting secrets:list to the audit ServiceAccount makes the audit pod a high-trust
target. Default is OFF. When enabling, prefer:
- A dedicated namespace for the audit Deployment, with no other workloads.
- Tightening the bundled Role with
resourceNames: [...]to specific Secret names. - A
NS-SECRETS-LIST-GRANTEDfinding will appear in/findingsto make this visible.
Running locally
pip install -e '.[dev]'
gke-cred-audit --bind 127.0.0.1 --port 8080
Then:
curl http://127.0.0.1:8080/openapi.json-- OpenAPI 3.1 documentcurl http://127.0.0.1:8080/findings?severity=HIGH-- JSON findingscurl http://127.0.0.1:8080/server-info-- capability manifest- MCP clients connect to
http://127.0.0.1:8080/mcp
What's intentionally NOT in scope
- Cross-namespace reads (would require ClusterRole; not used).
- Returning Secret
data/stringDataunder any flag. - Native auth on the server (Natoma owns auth).
Install Gke Cred Audit in Claude Desktop, Claude Code & Cursor
unyly install gke-cred-auditInstalls into Claude Desktop, Claude Code, Cursor & VS Code — handles npx, uvx and build-from-source repos for you.
First time? Get the CLI: curl -fsSL https://unyly.org/install | sh
Or configure manually
Run in your terminal:
claude mcp add gke-cred-audit -- uvx --from git+https://github.com/rrupesh/mcp-test gke-cred-auditFAQ
Is Gke Cred Audit MCP free?
Yes, Gke Cred Audit MCP is free — one-click install via Unyly at no cost.
Does Gke Cred Audit need an API key?
No, Gke Cred Audit runs without API keys or environment variables.
Is Gke Cred Audit hosted or self-hosted?
A hosted option is available: Unyly runs the server in the cloud, no local setup required.
How do I install Gke Cred Audit in Claude Desktop, Claude Code or Cursor?
Open Gke Cred Audit on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.
Related MCPs
GitHub
PRs, issues, code search, CI status
by GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
by mcpdotdirectCompare Gke Cred Audit with
Not sure what to pick?
Find your stack in 60 seconds
Author?
Embed badge for your README
Browse similar
All development MCPs
