Set MCP secret in Docker engine

Docker Engine General
1

Greetings,

I installed the MCP toolkit on a headless machine running Docker engine (so no Docker Desktop) as explained here. I added the google-maps-comprehensive server, and I now need to add an API key for that. However, I failed so far:

$ docker mcp secret set GOOGLE_MAPS_API_KEY=my_api_key
Post "http://localhost/secrets": dial unix /root/.docker/desktop/jfs.sock: connect: no such file or directory

Note that, to avoid typing sudo docker every time, I aliased docker to sudo docker, but I donā€™t think this matters here. I know you can give permission to your user to run it without sudo, but this way seems to work just as well without requiring a relogin.

Any idea how I can fix this?
Thank you for your help,

GTP

Edit: herā€™s some more information

$ docker info                                                                                                                                                          [13/1857]
Client: Docker Engine - Community                                                                                                                                                           
 Version:    29.1.5                                                                                                                                                                         
 Context:    default                                                                                                                                                                        
 Debug Mode: false                                                                                                                                                                          
 Plugins:                                                                                                                                                                                   
  buildx: Docker Buildx (Docker Inc.)                                                                                                                                                       
    Version:  v0.30.1                                                                                                                                                                       
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx                                                                                                                                 
  compose: Docker Compose (Docker Inc.)                                                                                                                                                     
    Version:  v5.0.1                                                                                                                                                                        
    Path:     /usr/libexec/docker/cli-plugins/docker-compose                                                                                                                                
  mcp: Docker MCP Plugin (Docker Inc.)                                                                                                                                                      
    Version:  6c7ffeea484ed3e301cd20eb6b5b38c162895f33                                                                                                                                      
    Path:     /usr/libexec/docker/cli-plugins/docker-mcp                                      

Server:                                        
 Containers: 1                                 
  Running: 0                                   
  Paused: 0                                    
  Stopped: 1                                   
 Images: 3                                     
 Server Version: 29.1.5                        
 Storage Driver: overlayfs                     
  driver-type: io.containerd.snapshotter.v1                                                   
 Logging Driver: json-file                     
 Cgroup Driver: systemd                        
 Cgroup Version: 2                             
 Plugins:                                      
  Volume: local                                
  Network: bridge host ipvlan macvlan null overlay                                            
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog                    
 CDI spec directories:                         
  /etc/cdi                                     
  /var/run/cdi                                 
 Swarm: inactive                               
 Runtimes: io.containerd.runc.v2 runc          
 Default Runtime: runc                         
 Init Binary: docker-init                      
 containerd version: dea7da592f5d1d2b7755e3a161be07f43fad8f75                                 
 runc version: v1.3.4-0-gd6d73eb8              
 init version: de40ad0                         
 Security Options:                             
  apparmor                                     
  seccomp                                      
   Profile: builtin                            
  cgroupns                                     
 Kernel Version: 6.8.0-1041-oracle             
 Operating System: Ubuntu 22.04.5 LTS          
 OSType: linux                                 
 Architecture: x86_64                          
 CPUs: 2              
 Total Memory: 956.7MiB                        
 Name: irc                                     
 ID: 8e7cad3e-6f19-4dbb-8c68-b0f812290f2b      
 Docker Root Dir: /var/lib/docker              
 Debug Mode: false                             
 Experimental: false                           
 Insecure Registries:                          
  ::1/128                                      
  127.0.0.0/8                                  
 Live Restore Enabled: false                   
 Firewall Backend: iptables
2 
docker mcp secret --help

says

Available Commands:
  ls          List all secret names in Docker Desktop's secret store
  rm          Remove secrets from Docker Desktop's secret store
  set         Set a secret in Docker Desktop's secret store

So all commands are for Docker Desktop. That seems to be one limitation for the mcp command with Docker Engine.

I also found a discussion about this where users shared some workarounds. You could check if that helps. Following some links I also found this comment:

https://github.com/docker/mcp-gateway/pull/149#issuecomment-3404851111

So it looks like this will be supported in the future.

3

Hello rimelek,

A couple of quick searches on this forum didnā€™t turn up the discussion you are referring to, would you be so kind to share a link to it?
Thank your for your help,

GTP

4

Oh, sorry, I was sure I added it in my previous post, but somehow I didnā€™t.

But I see you already found it and referred to it in your new ticket:

1 Like
5

Thank you for the link. At the end of that discussion, thereā€™s the suggestion of using a file like this:

"mcp-gateway": {
"command": "docker",
"args": [
"mcp",
"gateway",
"run",
"--secrets=/home/myuser/.config/Code/User/.env"
],
"env": {
"GITHUB_PERSONAL_ACCESS_TOKEN": "github_pat_12BCB6CMQ0aU2dcHF6BBQX_"
}
}

But it isnā€™t clear to me where I should put it and how should the file called. Looking at other discussions online, I tried looking on my machine for a file named mcp.json, but thereā€™s no file with that name on my system. Could you please halp with this?
Thank you again,

GTP

6

In your mcp client on the host. Only you can tell us what mcp client you want to give access to the tools registered in the mcp gateway.

7

Thank you for pointing me to the right direction. Iā€™m trying to set up Gemini CLI, so, after looking at the example provided here, this is my full settings.json file for Gemini CLI:

{
  "security": {
    "auth": {
      "selectedType": "oauth-personal"
    }
  },
   "mcpServers": {
    "Maps": {
     "command": "docker",
       "args": ["mcp", "gateway", "run", "--secrets=/home/ubuntu/gta/.env"],
       "env": {"GOOGLE_MAPS_API_KEY": "my_api_key"}
    }
    }
}

Iā€™ve also enabled MCP use for Gemini with $ docker mcp client connect --global gemini. Unfortunately, when I start Gemini CLI I get Error during discovery for MCP server 'Maps': MCP error -32000: Connection closed.
Any ideas on how I could fix this?

Edit: /home/ubuntu/gta/.env contains GOOGLE_MAPS_API_KEY=my_api_key

8

Just to be sure: Is the user ubuntu allowed to execute docker commands on your host?

9

That was indeed the problem, after adding my user to the docker group it seems to work. Thank you!