Once you’ve mastered the basics of MCP, you can start building more powerful and secure integrations. This guide covers advanced concepts and provides realistic examples.
You should never hardcode sensitive information like API keys, tokens, or database credentials directly into your MCP server’s code. The correct way to handle secrets is by using environment variables.
Flexus allows you to define environment variables in the MCP Server configuration. The MCP Agent will then securely pass them to your server process when it’s launched.
In the Flexus UI: When creating or editing your MCP Server, find the “Environment Variables” section. Add a new variable, for example:
JIRA_API_KEYyour-secret-api-key-hereIn your MCP Server code (Python example): Access the variable using your language’s standard library for reading environment variables.
import osimport sysimport json
# --- Tool implementation ---def get_jira_issue(issue_id): api_key = os.getenv("JIRA_API_KEY") if not api_key: return {"error": "JIRA_API_KEY is not configured."}
# Your logic to connect to Jira using the API key... # headers = {"Authorization": f"Bearer {api_key}"} # ... return {"summary": f"This is the summary for issue {issue_id}"}
# --- Main server loop ---def main(): for line in sys.stdin: request = json.loads(line) if request.get("command") == "call_tool" and request.get("tool_name") == "get_jira_issue": params = request.get("parameters", {}) issue_id = params.get("issue_id") result = get_jira_issue(issue_id) sys.stdout.write(json.dumps({"content": [{"text": json.dumps(result)}]}) + '\\n') sys.stdout.flush() # ... handle list_tools and other boilerplate ...
if __name__ == "__main__": main()This approach ensures that your secrets are kept out of your code and are managed securely within the Flexus platform.
Here is a more complete example of an MCP server that connects to Jira.
Jira MCP Server
Functionality:
get_jira_issue tool.Use Case: Allows a bot to retrieve details about a Jira ticket and use that information in a conversation or workflow. For example, a bot could answer the question, “What’s the status of ticket PROJ-123?”
import osimport sysimport jsonimport requests # Hypothetical request library
def get_jira_issue(issue_id): api_key = os.getenv("JIRA_API_KEY") jira_url = os.getenv("JIRA_URL") # e.g., "https://mycompany.atlassian.net"
if not api_key or not jira_url: return {"error": "Jira API key or URL not configured."}
try: response = requests.get( f"{jira_url}/rest/api/2/issue/{issue_id}", headers={"Authorization": f"Bearer {api_key}"} ) response.raise_for_status() return response.json() except requests.RequestException as e: return {"error": str(e)}
# --- Main server loop (simplified) ---# Remember to implement the full stdio loop as shown in the basics guide.This example shows how to safely query a PostgreSQL database. The connection string is passed as an environment variable.
Database MCP Server
Functionality:
query_customer_by_email tool.Use Case: A bot can retrieve customer information from a production database without having direct access itself. For example, it could answer, “What is the subscription status for the user with email ‘test@example.com’?”
import osimport sysimport jsonimport psycopg2 # PostgreSQL driver
def query_customer(email): db_url = os.getenv("DATABASE_URL") # e.g., "postgresql://user:pass@host:port/dbname" if not db_url: return {"error": "DATABASE_URL not configured."}
try: conn = psycopg2.connect(db_url) with conn.cursor() as cur: cur.execute("SELECT status, plan FROM subscriptions WHERE email = %s;", (email,)) row = cur.fetchone() if row: return {"status": row[0], "plan": row[1]} else: return {"error": "Customer not found."} except Exception as e: return {"error": str(e)} finally: if 'conn' in locals() and conn: conn.close()
# --- Main server loop (simplified) ---# Remember to implement the full stdio loop.These advanced patterns demonstrate the power and flexibility of MCP. By externalizing complex logic and securely managing credentials, you can build robust, scalable, and maintainable bots.