MCP Key2OAuth is an open-source
OAuth 2.1 shim. It wraps API-key authenticated MCP servers so they work with any OAuth-only
MCP client (claude.ai, Cursor, etc.). Your API key is encrypted (AES-GCM) within the OAuth token
and never stored in plaintext.
This is a shared public deployment. The operator can technically decrypt API keys in OAuth tokens.
For sensitive keys, self-deploy your own
instance in under 5 minutes (Cloudflare Workers free tier).