Skip to content

jackalterman/securenote-link-MCP-server

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

23 Commits
.dockerignore
.dockerignore
Β 
Β 
.gitignore
.gitignore
Β 
Β 
Dockerfile
Dockerfile
Β 
Β 
README.md
README.md
Β 
Β 
requirements.txt
requirements.txt
Β 
Β 
secure_note_mcp.py
secure_note_mcp.py
Β 
Β 
secure_note_mcp_old.py
secure_note_mcp_old.py
Β 
Β 
setup_mcp.sh
setup_mcp.sh
Β 
Β 

Repository files navigation

πŸ” SecureNote.link MCP Server

Give your AI a way to hand you secrets β€” safely.

Encrypted. Self-destructing. Zero-knowledge. Actually fun to use.

Python 3.11+ License: MIT MCP Compatible

🌐 Open the Web App β€’ πŸ› Report an Issue

πŸ‘‹ What's This For?

Picture this: you ask your AI assistant to generate a new password, rotate an API key, or draft some credentials for a teammate. It does β€” and then it just... types it out in the chat window. In plain text. In your chat history. Sitting there forever.

SecureNote.link MCP Server fixes that.

It gives any MCP-compatible AI agent the ability to package a secret into an end-to-end encrypted, self-destructing note and hand you back a link. You click it, you see your secret in the browser, and then it's gone. No plain text in the chat. No server that can read it. No trace.

Think of it as a secure handoff channel between your AI agent and the real world.

πŸ“¬ Someone sent you a secure note link?

Just visit securenote.link β€” no account needed, works in any browser. Click, read, done. The note deletes itself the moment you open it.

✨ The Good Stuff
πŸ›‘οΈ AES-256-GCM encryption The same algorithm used to protect classified government data. Your note is unreadable without the key β€” including to the server.
πŸ’£ Self-destructing notes Notes are deleted the moment they're read. No second chances, no lingering copies.
⏱️ Automatic expiry Set a note to vanish after 1, 24, 72, or 168 hours β€” whether it's been read or not.
πŸ”‘ Optional password protection Add a password for a second layer of security, shared through a separate channel.
🧠 Zero-knowledge architecture The encryption key is never sent to the server. It literally cannot read your data.

πŸš€ Getting Started

Option 1 β€” Docker (Recommended) 🐳

The cleanest way to run this. No dependency headaches, no version conflicts.

# Build the image
docker build -t securenote-mcp .

Then point your MCP client at it. See the configuration section below.

Option 2 β€” Direct Python 🐍

pip install -r requirements.txt

Requires Python 3.11 or higher.

Configuring Your MCP Client

  1. Find your MCP client config file:

    • Windows: %AppData%\Claude\claude_desktop_config.json
    • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json

  2. Add the server block:

Python:

{
  "mcpServers": {
    "securenote": {
      "command": "python3",
      "args": ["C:/absolute/path/to/secure_note_mcp.py"]
    }
  }
}

Docker:

{
  "mcpServers": {
    "securenote": {
      "command": "docker",
      "args": ["run", "--rm", "-i", "securenote-mcp"]
    }
  }
}
  1. Restart your MCP client. That's it β€” your AI agent now knows how to create secure notes.

🎨 How It Works

When you ask your AI agent to create a secure note, here's what actually happens under the hood:

1. The AI agent generates a random 256-bit encryption key  ← stays on your side, never uploaded
2. The AI agent encrypts your message with AES-256-GCM
3. Only the encrypted blob is sent to the server
4. The server stores the ciphertext and returns an ID
5. The AI agent combines the ID + key into a shareable URL
6. You click it β†’ your browser decrypts it locally β†’ note is deleted

The server never has the key. The server never sees the plaintext. Even if someone broke into the server, they'd find nothing useful.

πŸ”— The URL Explained

A secure note URL looks like this:

https://securenote.link?id=abc123#dGVzdGtleQ==
                                  ↑
                     Decryption key lives here (the "fragment")
                     Fragments are never sent to the server by browsers

The part after # is called a URL fragment. Browsers handle it entirely locally β€” it never travels over the network. That's the clever bit that makes one-click sharing possible without compromising security.

πŸ’‘ Real-World Examples

Sharing a password with a teammate

You:      "Generate a strong password for the staging database and
           send it to me as a secure note."

AI Agent: "Done! Here's your secure note:
           πŸ”— https://securenote.link?id=x7k2p#dGVzdGtleQ==

           It expires in 24 hours and deletes itself after you open it."

Sending credentials to a new developer

You:      "Create a secure note with our AWS access keys for the
           new developer starting Monday."

AI Agent: "Created! Send them this link:
           πŸ”— https://securenote.link?id=k9m3x#c2VjcmV0a2V5

           Once they click it, the keys will appear in their browser
           and the note will self-destruct. Nothing left in the chat."

Maximum security mode

You:      "I need to share these database credentials with our contractor
           but I want to be extra careful."

AI Agent: "I've split it into two parts for two-channel delivery:

           πŸ“§ Send this via email:
           https://securenote.link?id=9m4x2#dGVzdGtleXZhbHVl

           πŸ’¬ Send this via text separately:
           password: CorrectHorseBatteryStaple

           They'll need both to read the note. Even if one channel
           is compromised, the data stays safe."

πŸ”§ The Tools

Your AI agent has access to three tools from this server:

create_note

Creates an encrypted note and returns everything you need to share it.

Parameter Type Default Description
text string required The secret message to encrypt
password string optional Extra password protection
expires_in integer 24 Hours until auto-deletion: 1, 24, 72, or 168

Returns a JSON object with the note id, key, one-click url, expires_in_hours, and password_protected status.

get_note

Fetches and decrypts a note. Useful when an AI agent needs to read back a note it (or another agent) created.

Parameter Type Description
secret_id string The note's ID
decryption_key string The base64 key from create_note or the URL fragment
password string Only needed if the note is password-protected

Returns the plain-text message.

get_instructions

Returns a quick reference guide for the AI agent β€” useful for prompting it to explain how the service works or reminding it of the available options.

πŸ”’ Security At a Glance

Property Detail
Encryption AES-256-GCM
Key size 256-bit
IV 96-bit, unique per note
Auth tag 128-bit (integrity + authenticity)
Key storage Never stored on server
Note lifetime Deleted on first read or at expiry
Transport HTTPS only
Input limits Max 100 KB text Β· Max 1 KB password

πŸ†˜ Troubleshooting

"Module not found" errors

pip install fastmcp httpx cryptography

"Note not found" when retrieving The note was probably already read (they self-destruct on first view), or it expired. Notes are one-shot by design.

Decryption failed / garbled output The key was likely truncated when copying. Make sure you're using the full key from the key field in create_note's response, not a manually copied fragment.

MCP server not showing up in your AI agent

  • Use an absolute path in your config, not a relative one
  • Validate your JSON β€” one missing comma breaks the whole config
  • Restart your MCP client fully after any config changes

πŸ“„ License

MIT β€” use it, fork it, ship it.

Made for people who believe "just paste it in the chat" isn't good enough.

🌐 securenote.link

About

An MCP server for securenote.link

securenote.link

Topics

mcp end-to-end-encryption burn-after-reading mcp-servers mcp-server

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages