Home / Developers / Kolide MCP Server

Kolide MCP Server

The 1Password Device Trust (Kolide) MCP Server lets AI agents query, analyze, and act on device security data using the Kolide API.

With this server, you can:

Integrate real-time Device Trust data into AI tools like Cursor or Claude for interactive analysis.
Identify which users are affected by issues, like failing Checks or non-compliant devices.
Retrieve and analyze device, user, and Check data across your organization efficiently, including large datasets.
Run queries and aggregations to answer questions like which devices are failing Checks, what’s blocking access, and how long issues take to resolve.

Requirements

To use the 1Password Device Trust (Kolide) MCP Server, you need:

A Kolide API key. Learn how to create an API key in Kolide.
1Password Device Trust Connect or Unified Access Pro. Contact Kolide support to upgrade.

To use the 1Password Device Trust MCP Server, you’ll configure your API credentials, start the MCP server locally, and connect your AI tool to the server’s MCP endpoint to begin querying Device Trust data.

Clone the server

Clone the MCP server repository and move into the project directory.

git clone https://github.com/kolide/k2_api_mcp.git
cd k2_api_mcp

Install the server

You can install the MCP server and its dependencies with either uv (recommended) or pip.

Use `uv` to install the server (recommended)

uv sync

Use `pip` to install the server

pip install -e .

Configure environment variables

Before you start the server, configure the required environment variables for authentication, along with optional settings that control how the MCP server runs.

Generate an MCP auth token:

python -c "import secrets; print(secrets.token_hex(32))"

From your cloned project folder, create a copy of the example .env file:
```
cp .env.example .env
```
Add your specific values to the variables in the .env file. KOLIDE_API_KEY and MCP_AUTH_TOKEN require values, while the other variables are optional.

Required variables

Variable	Description
`KOLIDE_API_KEY`	Your Kolide API key. Find it in Dashboard > Settings > API Keys.
`MCP_AUTH_TOKEN`	Bearer token for MCP endpoint access.

Optional variables

Variable	Default value	Description
`MCP_HOST`	`127.0.0.1`	The network address the server binds to. Only change if you need remote access.
`MCP_PORT`	`8000`	The listening port.
`MCP_CORS_ALLOWED_ORIGINS`	`http://localhost` `http://127.0.0.1`	Allowed origins for browser-based MCP clients.
`MCP_MAX_ENRICH_RECORDS`	`500`	Limits how many records are enriched per `enrich_device_owner` call.
`MCP_LOG_FILE`	(unset)	File path to write structured audit logs (in addition to `stdout`).
`MCP_DEBUG`	`false`	Enables Starlette debug mode (development only).

Your .env file should look something like this:

# Required variables
KOLIDE_API_KEY=your_kolide_api_key_here
MCP_AUTH_TOKEN=your_generated_mcp_auth_token_here

# Optional variables
MCP_HOST=127.0.0.1
MCP_PORT=8000
MCP_CORS_ALLOWED_ORIGINS=http://localhost,http://127.0.0.1
MCP_MAX_ENRICH_RECORDS=500
MCP_LOG_FILE=/path/to/kolide-mcp.log
MCP_DEBUG=false

Run the server

From your cloned project folder, start the MCP server locally with either uv or Python.

Use uv to run the server:

uv run kolide-mcp

Use Python to run the server:

python -m kolide_mcp.server

The server will start and display some information, for example:

Starting 1Password Device Trust MCP server on 127.0.0.1:8000
MCP endpoint: http://127.0.0.1:8000/mcp
Health check: http://127.0.0.1:8000/health

Note:

The server won’t start if you haven’t set the MCP_AUTH_TOKEN.

The Kolide API key is read fresh on each tool call (from your .env file or process environment), so you can rotate or update KOLIDE_API_KEY without restarting the MCP server.

Connect AI tools to the MCP server

Connect an AI tool to the MCP server to start querying Device Trust data.

Cursor

Add the MCP server to your .cursor/mcp.json file in your project or global config:

{
  "mcpServers": {
    "kolide": {
      "url": "http://localhost:8000/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_MCP_AUTH_TOKEN"
      }
    }
  }
}

Claude Desktop

Claude Desktop uses stdio-based MCP servers. To connect, use mcp-remote:

{
  "mcpServers": {
    "kolide": {
      "command": "npx",
      "args": [
        "-y", "mcp-remote",
        "http://localhost:8000/mcp",
        "--header", "Authorization: Bearer YOUR_MCP_AUTH_TOKEN"
      ]
    }
  }
}

Other MCP clients

Connect to:

http://localhost:8000/mcp

Include the header:

Authorization: Bearer <MCP_AUTH_TOKEN>

Clients that only support stdio-based MCP servers can use mcp-remote as shown in the Claude example.

Try it

Once connected, you can ask questions about your Device Trust data using natural language.

Category	Example queries
Devices and enrollment	• Show me all macOS devices with disk encryption disabled. • Show me the devices that have not checked in recently. • Which devices remain unregistered but already have failing Checks? • Which devices are currently failing Checks? • Which of my devices are vulnerable to a specific CVE?
Users and ownership	• Who owns the devices failing a specific Check? • Show all devices for a specific user.
Compliance and posture	• Which Checks most often contribute to a device being blocked? • Find devices where a specific app is installed, or compare versions across the organization. • How many devices are running older versions of a specific app? How many of these old app versions are actually used on a regular basis?
Aggregation and analysis	• What is the average time to resolve issues for a Check? • Which devices have the most Chrome extensions installed? • Group devices by operating system and count them. • Show recent audit log entries for changes to Checks, exemptions, or device administration.

Advanced options

The MCP server includes additional capabilities for more efficient querying and deeper analysis, such as automatic pagination, field selection, and built-in aggregation tools.

For full details, see the README.