Build with AI

Security

The DaVinci MCP Server gives an AI model access to your DaVinci environment configuration. This page describes the security model and the practices you should follow.

All data returned from tools might be sent to the LLM provider. Only use this server with trusted MCP clients and AI assistants.

Security model

Secure credential storage

Tokens are stored in the OS keychain (macOS Keychain, Windows Credential Manager, Linux Secret Service) and are never written to disk in plain text.

No static secrets

The server does not accept or store a client_secret. All authentication is user-initiated and PKCE-protected.

OAuth 2.0 with PKCE

The Authorization Code flow with PKCE prevents authorization code interception attacks.

User-based authentication

All API calls are made as the authenticated PingOne user, providing a complete audit trail in PingOne.

Human-centric only

Client credentials and non-interactive authentication methods are explicitly forbidden. Every action is tied to a human who signed on interactively.

Principle of least privilege

Assign the authenticating user only the minimum permissions needed. For read-only use cases, assign the DaVinci Admin Read Only role.

Do not authenticate as a PingOne administrator with full privileges unless your use case specifically requires write access. The DaVinci MCP Server currently exposes read-only tools, but the authenticated user’s permissions determine what the underlying API will allow.

Data handling

The DaVinci MCP Server returns DaVinci resource data as tool outputs, including flow definitions, connector configurations, and application settings as tool outputs. This data is passed back to your AI agent and might be included in prompts sent to your LLM provider.

Consider the sensitivity of the data in your environment before using the server with a third-party AI provider.

Best practices

Always review AI-generated configurations or insights before applying them to a live environment. AI-driven operations can make mistakes. Review AI-generated output more carefully than other changes.

  1. Use trusted MCP clients. Do not use the DaVinci MCP Server with untrusted MCP clients, agent code, or LLM inference endpoints.

  2. Follow least privilege. Authenticate as a user with the minimum necessary permissions.

  3. Review before acting. Never apply AI-generated DaVinci flow or configuration changes without reviewing them first.

  4. Use in non-production environments. Given the preview status of this server, treat production environments with extra caution.

Feedback and issues

Report security concerns, bugs, or enhancement requests through the GitHub issue tracker.