Deployment settings
When deploying, you can configure these options in the deployment dialog.
Branch
Deploy from a specific branch instead of the repository’s default branch.
| Field | Required | Default |
|---|
| Branch | No | Repository default branch |
main or whatever your repository’s default branch is.
Environment variables
Add environment variables your MCP server needs at runtime.
Environment Variables vs Secrets
| Type | Use for | Storage |
|---|
| Environment Variables | Non-sensitive config (DEBUG, LOG_LEVEL) | Plain text |
| Secrets | Sensitive data (API keys, database URLs) | Kubernetes Secrets (encrypted) |
.env format, one variable per line:
# Environment Variables
API_URL=https://api.example.com
DEBUG=true
LOG_LEVEL=info
# Secrets
DATABASE_URL=postgres://user:pass@host:5432/db
OPENAI_API_KEY=sk-xxx
Variable names must be uppercase with underscores only: MY_VAR, not my-var.
Accessing in your code
import os
api_key = os.environ.get("OPENAI_API_KEY")
debug = os.environ.get("DEBUG", "false")
OAuth Authentication
Protect your MCP server with OAuth 2.0 authentication. When disabled, your server is publicly accessible.
Enable OAuth
Toggle Enable OAuth Authentication in the deployment dialog, then configure:
| Field | Required | Description |
|---|
| Authorization Server URL | Yes | Your OAuth provider’s URL |
| Required Scopes | No | Comma-separated scopes (e.g., mcp:read, mcp:write) |
| Audience | No | Expected aud claim (defaults to server URL) |
Supported providers
Any OAuth 2.0 / OpenID Connect provider:
- Supabase Auth:
https://<project>.supabase.co
- Auth0:
https://<tenant>.auth0.com
- Keycloak:
https://<host>/realms/<realm>
- Okta:
https://<domain>.okta.com
How it works
- MCP Deploy adds a token verification layer to your server
- Clients must include
Authorization: Bearer <token> in requests
- Tokens are validated against your authorization server
Client configuration with auth
{
"mcpServers": {
"my-protected-server": {
"url": "https://my-server.mcp.mcpdeploy.dev/mcp",
"headers": {
"Authorization": "Bearer YOUR_ACCESS_TOKEN"
}
}
}
}
If your MCP server already implements its own authentication, MCP Deploy won’t override it.
Supported runtimes
MCP Deploy auto-detects your runtime based on project files.
| Runtime | Detection |
|---|
| Python | requirements.txt or pyproject.toml |
| Node.js | package.json |
| Go | go.mod |
| Rust | Cargo.toml |
| Java | pom.xml (Maven) or build.gradle (Gradle) |
Python example
my-mcp-server/
├── main.py
├── requirements.txt # or pyproject.toml
└── README.md
fastmcp>=0.1.0
httpx>=0.24.0
Resource limits
Resources are managed automatically based on your plan.
| Plan | Servers | Behavior |
|---|
| Free | 1 | Scale-to-zero (sleeps after 15 min inactivity) |
| Starter | 5 | Always-on available |
| Pro | Unlimited | Always-on, priority support |
| Team | Unlimited | Dedicated resources, SLA |
Cold starts on Free plan may take a few seconds when your server wakes up.
Auto-generated endpoints
Every deployed server gets these endpoints automatically:
| Endpoint | Description |
|---|
/mcp | Main MCP endpoint for clients |
/docs | Interactive API documentation |
/health | Health check endpoint |
/.well-known/oauth-protected-resource | OAuth metadata (if auth enabled) |
