MCP Secrets: Two Different Approaches

Day 30 · Week 6 · MCP — System Integration

Slack Message — copy & paste

🤖 Tip #30 — Same API key, two config locations: Claude Code reads settings.local.json, Copilot CLI only sees shell env vars.

#30 Claude Code · CLI

Where Each Tool Reads Secrets

  • **Claude Code**Secrets go in .claude/settings.local.json (per-project, gitignored). Clean, project-scoped, won't leak to git. Format: { "env": { "AXE_API_KEY": "your-key" } }.
  • **Copilot CLI**Only reads shell environment variables. Does NOT read settings.local.json. Secrets must be exported in ~/.bashrc or ~/.zshrc.
  • **The silent failure trap**You configure secrets in settings.local.json, MCP works perfectly in Claude Code. Then you switch to Copilot CLI and MCP connections fail silently. No error tells you the env var is empty — it just doesn't work.
Secrets Environment Variables Config
#30 MCP — System Integration

Avoiding the Silent Failure

  1. 1 **Quick diagnosis**Run 'echo $AXE_API_KEY' in your terminal. If it's empty, your Copilot CLI MCP servers can't see it.
  2. 2 **Cross-tool compatibility**Set secrets in both locations
    • ~/.bashrc or ~/.zshrc → export AXE_API_KEY="your-key"
    • .claude/settings.local.json → { "env": { "AXE_API_KEY": "your-key" } }
  3. 3 **Security reminder**Never commit API keys. Both settings.local.json and ~/.bashrc are outside git. Verify that settings.local.json is in your .gitignore.
Secrets Environment Variables Config
Your screenshot here Optional — add a screenshot from your own workflow
← Back to all tips
KAI by Dragan Filipovic