Docker MCP Gateway is an open-source secure gateway between AI agents and MCP servers with built-in secret blocking. Its --block-secrets flag scans all inbound/outbound payloads for credentials, while secrets are injected at runtime into isolated containers — never visible in agent context windows. Early adopters report a 60% reduction in security incidents.
Why It Matters for AI-Assisted Development
MCP servers are a new attack surface — 66% of 1,808 scanned servers had security findings, and 30 CVEs were reported in 60 days in early 2026. The Docker MCP Gateway is the leading mitigation:
- Secret Blocking:
--block-secretsscans all payloads for credentials before they cross the agent/server boundary. - Runtime Secret Injection: Secrets are injected into isolated containers at runtime, never exposed in agent context windows or logs.
- Container Isolation: Each MCP server runs in its own container with zero-trust network policies.
- Audit Logging: Comprehensive logging of all agent-to-server interactions.
Strengths
- Directly addresses the MCP secret exfiltration threat
- Container isolation provides defense in depth
- Open source
- 60% reduction in security incidents (Docker case study)
Limitations
- Requires Docker Desktop 4.62+ with MCP Toolkit
- Very new — limited production track record
- Only covers MCP server interactions, not other secret leakage vectors
Why Assess
The MCP security space is evolving rapidly and Docker MCP Gateway is the most promising solution, but it's very new with limited production data. Worth evaluating immediately if you're using MCP servers in AI workflows.