Enterprise DNA
M MCP Servers Developer low

luisgf/infrabroker

by Various

Infrastructure access broker for AI agents — SSH & Kubernetes. Per-operation ephemeral credentials minted by a separate signer; the model never touches one. MCP stdio / HTTP+OIDC.

L

MCP

luisgf/infrabroker

Added 13 July 2026

#ai-agents #golang #kubernetes #mcp #mcp-server #prompt-injection #security #ssh

Overview

Open-source infrastructure access broker that provides AI agents with ephemeral SSH and Kubernetes credentials. Credentials are minted per operation by a separate signer, keeping long-lived secrets away from the model. Integrates via MCP stdio or HTTP with OIDC.

Best for

Best for
Developers building AI agents that need secure, temporary access to infrastructure

Use cases

  • Granting temporary SSH access to servers for automated tasks
  • Providing short-lived Kubernetes credentials for AI-driven operations
  • Enforcing least-privilege access with per-operation authentication

How to use

Install

infrabroker serve-mcp

Tools exposed

  • ssh_execute
  • ssh_session_open
  • ssh_session_exec
  • ssh_session_close
  • ssh_list_servers
  • ssh_put_file
  • ssh_get_file
  • k8s_get
  • k8s_list
  • k8s_logs
  • k8s_apply
  • k8s_delete
  • k8s_list_clusters

Notes

Open-source infrastructure access broker that provides AI agents with ephemeral SSH and Kubernetes credentials. Credentials are minted per operation by a separate signer, keeping long-lived secrets away from the model. Integrates via MCP stdio or HTTP with OIDC.

5 stars on GitHub. Last updated 2026-07-13. Licensed GPL-3.0.

Use cases

  • Granting temporary SSH access to servers for automated tasks
  • Providing short-lived Kubernetes credentials for AI-driven operations
  • Enforcing least-privilege access with per-operation authentication

Pros

  • Ephemeral credentials reduce the blast radius of a compromise
  • Separate signer ensures the model never touches long-lived secrets
  • Supports both SSH and Kubernetes access out of the box

Cons

  • Very new project with few stars and limited community support
  • Requires setting up and maintaining a separate signer service
  • Lacks proven production track record due to early stage

Indexed from awesome-mcp-servers-punkpeye and enriched against its public facts.

Pros

  • Ephemeral credentials reduce the blast radius of a compromise
  • Separate signer ensures the model never touches long-lived secrets
  • Supports both SSH and Kubernetes access out of the box

Cons

  • Very new project with few stars and limited community support
  • Requires setting up and maintaining a separate signer service
  • Lacks proven production track record due to early stage

Pairs with

Other entries in the index that connect to this one. Click through to see the chain.

Free 27-page guide

Get the free Developer’s Field Guide

A 27-page field guide to the AI coding workflow with Claude. Claude Code, MCP servers, the prompt patterns that work, and what to delegate. Free.

Enter your work email. We send it straight over, plus a few short notes worth knowing. Unsubscribe any time.

No spam. Unsubscribe any time.

Running a business, not writing the code? See the MCP servers picked for operators, and get your first one wired up with us.

Operator picks