Three public MCP tools manage encrypted secrets tied to your NEUS Profile. Values are sealed with AES-256-GCM and never returned in plaintext through MCP.
Sign in first — OAuth or a Profile access key (Auth). Use the signed-in profile context from neus_context before create or revoke.
| Tool | Purpose |
|---|
neus_secret_create | Store a named secret as an encrypted proof |
neus_secret_list | List secret metadata (alias, qHash, type) — no values |
neus_secret_revoke | Revoke a secret proof by qHash |
Create (neus_secret_create)
{
"walletAddress": "0x...",
"alias": "OPENAI_API_KEY",
"secretType": "single",
"content": "<your-secret-value>"
}
| Field | Notes |
|---|
walletAddress | Must match your authenticated Profile wallet |
alias | Letters, numbers, underscore; must start with a letter |
secretType | single (default) or bundle (JSON object string in content) |
content | Plaintext input — encrypted at rest; never echoed back via MCP |
List (neus_secret_list)
{
"walletAddress": "0x...",
"limit": 50,
"offset": 0
}
authRequired: true — it does not leak metadata.
Revoke (neus_secret_revoke)
{
"walletAddress": "0x...",
"qHash": "..."
}
Security
- Never paste secret values into chat logs or public issues.
- Prefer OAuth or Profile keys in MCP config only — not in app browser bundles.
- Rotate or revoke through
neus_secret_revoke and re-create if a value is exposed.
Last modified on May 29, 2026
