MCP server for running sudo commands with encrypted password storage.
Exposes 4 tools to persist a sudo password (encrypted with a machine-bound key) and invoke privileged commands without re-entering credentials. Designed for single-user Linux workstations.
| Tool | Purpose |
|---|---|
store_password |
Store sudo password (encrypted, one-time) |
sudo_exec |
Run shell command with sudo |
has_password |
Check if password is stored |
clear_password |
Remove stored password |
- Password is encrypted with Fernet (AES-128-CBC + HMAC-SHA256).
- Encryption key is derived from
machine-id+USER— never stored on disk. - Decryption only succeeds on the same machine with the same user.
- Encrypted blob lives at
~/.config/claude-sudo-mcp/credential.enc(chmod 600).
This is not a secrets manager. Treat this as "remember my sudo password for this session on this box." If your machine-id is copied to another box or another user reads the MCP process, the password can be recovered.
cd /path/to/mcp-sudo
uv venv --python 3.12 .venv
uv pip install --python .venv/bin/python mcp cryptography
claude mcp add sudo -s user -- \
/path/to/mcp-sudo/.venv/bin/python /path/to/mcp-sudo/server.pyOn first use, call store_password once to cache credentials.
- Ko-fi: https://ko-fi.com/kamaru
- Portfolio / general: k.kamarux@gmail.com
- Commercial / licensing: contact@likezara.com
Copyright © 2026 likezara™. All rights reserved. Developed by Kamaru (pen name).