mcp icon indicating copy to clipboard operation
mcp copied to clipboard
verified publisher icon microsoft

Look at replacing MCP's go based publisher tool with powershell

Open hallipr opened this issue 1 month ago • 2 comments

Our deployment steps for the central mcp registry have is cloning a 3rd party repo and building a go tool to publish server.json files. I suspect the API call is just signed with our keyvault based private key or we're using the key to mint a bearer token.

Replacing that process with powershell scripts in our repo would reduce our security exposure at the cost of owning maintenance for our own publishing script.

hallipr avatar Nov 26 '25 20:11 hallipr

I implemented the Go based authentication code for ECDSA P-384 in both the publish tool and auth endpoint. It should be possible to do this in PowerShell. Something needs to compute a timestamp, hash it using SHA-384, and sign the digest with Azure KV sign endpoint. There are other parameters but that's the "tricky" part.

joelverhagen avatar Nov 26 '25 20:11 joelverhagen

I think we have some existing powershell scripts that do token minting and KV signing for doing GitHub app installation auth. Maybe that's also sha-384 and we can just borrow that.

hallipr avatar Nov 26 '25 20:11 hallipr