74
/ 100
23 days ago
mcp_so

Illumio MCP Server

The first MCP server for cybersecurity

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
No credential exfiltration, no sensitive file access, no obfuscation
Static analysis found nothing flowing your secrets to unexpected places.
Open source with a license and README
Anyone can audit the code, the license is declared, and the publisher documents what it does.
🔐
You'll be asked for 3 credentials: MCP_CONFIRM_HMAC_KEY, API_KEY, API_SECRET
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
configMCP_HTTP_HOST
configMCP_HTTP_PORT
configMCP_AUDIT_LOG_PATHexport =/var/lib/illumio-mcp/audit.db
configMCP_KEYSTORE_PATHexport =/var/lib/illumio-mcp/keys.db # default: ./data/keys.db
configMCP_OAUTH_ISSUERexport =https://login.microsoftonline.com/<tenant-id>/v2.0
configMCP_OAUTH_JWKS_URLexport =https://login.microsoftonline.com/<tenant-id>/discovery/v2.0/keys
configMCP_OAUTH_AUDIENCEexport =https://mcp.illumio.example
configMCP_OAUTH_REQUIRED_SCOPEexport =illumio-mcp.use # default; override if needed
configMCP_PUBLIC_URLexport =https://mcp.illumio.example
configMCP_DEV_INSECUREThe server refuses to start without these env vars (unless =1).
🔐 secretMCP_CONFIRM_HMAC_KEYexport =$(python -c 'import os, base64; print(base64.b64encode(os.urandom(32)).decode())')
configMCP_CONFIRM_TTL_SECONDSexport =120
configMCP_CONFIRM_JTI_PATHexport =/var/lib/illumio-mcp/jti.db
configMCP_KEKerror, and is not required. SSO + JWT + role-based authz + audit
configMCP_PCE_MODEMode PCE creds Onboarding PCE-side audit
configMCP_ROLE_DEFAULTexport =reader
configMCP_ROLE_GROUPS_ADMINexport =sg-illumio-mcp-admin
configMCP_ROLE_GROUPS_OPERATORexport =sg-illumio-mcp-operator,sg-illumio-mcp-admin
configMCP_ROLE_GROUPS_READERexport =sg-illumio-mcp-readonly,sg-illumio-mcp-operator,sg-illumio-mcp-admin
configPCE_HOST"": "your-pce-host",
configPCE_PORT"": "your-pce-port",
configPCE_ORG_ID
🔐 secretAPI_KEY"": "api_key",
🔐 secretAPI_SECRET"": "api_secret"
configPCE_TLS_VERIFY
configDOCKER_CONTAINER
configMCP_CONFIRM_FRESH_AUTH_SECONDSexport =300 # require JWT auth_time within 5 min
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 3 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/alexgoller-illumio-mcp-server-iywgt6)](https://m8ven.ai/mcp/alexgoller-illumio-mcp-server-iywgt6)
commit: 50767c41b0e0a2778fa24846601afe8596936d19
code hash: 1c100c36b9c769bbba6c676a24d741de83667ae547796c34b333e1c4dc8ab20d
verified: 6/16/2026, 12:21:49 PM
view raw JSON →