MySQL database integration in NodeJS with configurable access controls and schema inspection.
4.8K
Description: MySQL database integration in NodeJS with configurable access controls and schema inspection.
Packaged by Acuvity and published to our curated MCP server registry from @benborla29/mcp-server-mysql original sources.
Quick links:
At Acuvity, security is central to our mission—especially for critical systems like MCP servers and integration in agentic systems. To address this need, we've created a secure and robust Docker image designed to ensure @benborla29/mcp-server-mysql run reliably and safely.
Minibridge Integration: Minibridge establishes secure Agent-to-MCP connectivity, supports Rego/HTTP-based policy enforcement 🕵️, and simplifies orchestration.
The ARC container includes a built-in Rego policy that enables a set of runtime "guardrails"" to help enforce security, privacy, and correct usage of your services. Below is an overview of each guardrail provided.
Mitigates MCP Rug Pull Attacks
Monitors incoming requests for hidden or obfuscated directives that could alter policy behavior.
Block user-defined sensitive data patterns (credential paths, filesystem references).
.env files, RSA key paths, directory traversal sequences.Detects and blocks "shadowing" attacks, where a malicious MCP server sneaks hidden directives into its own tool descriptions to hijack or override the behavior of other, trusted tools.
send_email tool).<IMPORTANT> sections referencing other tool names, hidden side‐effects, or directives that apply to a different server’s API. Any description that attempts to shadow or extend instructions for a tool outside its own namespace triggers a policy violation and is rejected.Enforces strict adherence to MCP input schemas.
Controls whether tools may invoke tools or services from external origins.
Automatically masks sensitive values so they never appear in logs or responses.
[REDACTED] before the response is sent or recorded.These controls ensure robust runtime integrity, prevent unauthorized behavior, and provide a foundation for secure-by-design system operations.
To activate guardrails in your Docker containers, define the GUARDRAILS environment variable with the protections you need.
| Guardrail | Summary |
|---|---|
covert-instruction-detection | Detects hidden or obfuscated directives in requests. |
sensitive-pattern-detection | Flags patterns suggesting sensitive data or filesystem exposure. |
shadowing-pattern-detection | Identifies tool descriptions that override or influence others. |
schema-misuse-prevention | Enforces strict schema compliance on input data. |
cross-origin-tool-access | Controls calls to external services or APIs. |
secrets-redaction | Prevents exposure of credentials or sensitive values. |
Example: add -e GUARDRAILS="secrets-redaction sensitive-pattern-detection" to enable those guardrails.
Provides a lightweight auth layer using a single shared token.
Authorization header with the predefined secret.To turn on Basic Authentication, define BASIC_AUTH_SECRET environment variable with a shared secret.
Example: add -e BASIC_AUTH_SECRET="supersecret" to enable the basic authentication.
While basic auth will protect against unauthorized access, you should use it only in controlled environment, rotate credentials frequently and always use TLS.
Note
By default, all guardrails are turned off. You can enable or disable each one individually, ensuring that only the protections your environment needs are active.
Maintained by:
Where to get help:
Where to file issues:
Supported architectures:
amd64arm64Base image:
node:23.11.0-alpine3.21Resources:
Latest tags:
latest -> 1.0.0-2.0.2 -> 2.0.2Verify signature with cosign:
cosign verify --certificate-oidc-issuer "https://token.actions.githubusercontent.com" --certificate-identity "https://github.com/acuvity/mcp-servers-registry/.github/workflows/release.yaml@refs/heads/main" docker.io/acuvity/mcp-server-benborla-mysql:latestcosign verify --certificate-oidc-issuer "https://token.actions.githubusercontent.com" --certificate-identity "https://github.com/acuvity/mcp-servers-registry/.github/workflows/release.yaml@refs/heads/main" docker.io/acuvity/mcp-server-benborla-mysql:2.0.2cosign verify --certificate-oidc-issuer "https://token.actions.githubusercontent.com" --certificate-identity "https://github.com/acuvity/mcp-servers-registry/.github/workflows/release.yaml@refs/heads/main" docker.io/acuvity/mcp-server-benborla-mysql:1.0.0-2.0.2Tip
Given mcp-server-benborla-mysql scope of operation it can be hosted anywhere.
Environment variables and secrets:
MYSQL_HOST required to be setMYSQL_PORT optional (3306)MYSQL_USER required to be setMYSQL_PASS required to be setMYSQL_DB required to be setALLOW_INSERT_OPERATION optional (true)ALLOW_UPDATE_OPERATION optional (true)ALLOW_DELETE_OPERATION optional (true)For more information and extra configuration you can consult the package documentation.
Below are the steps for configuring most clients that use MCP to elevate their Copilot experience.
Note
These integrations function natively across all Minibridge modes. To keep things brief, only the docker local-run setup is covered here.
To get started immediately, you can use the "one-click" link below:
Press ctrl + shift + p and type Preferences: Open User Settings JSON to add the following section:
{
"mcp": {
"servers": {
"acuvity-mcp-server-benborla-mysql": {
"env": {
"MYSQL_DB": "TO_BE_SET",
"MYSQL_HOST": "TO_BE_SET",
"MYSQL_PASS": "TO_BE_SET",
"MYSQL_USER": "TO_BE_SET"
},
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"--read-only",
"-e",
"MYSQL_HOST",
"-e",
"MYSQL_USER",
"-e",
"MYSQL_PASS",
"-e",
"MYSQL_DB",
"docker.io/acuvity/mcp-server-benborla-mysql:2.0.2"
]
}
}
}
}
In your workspace create a file called .vscode/mcp.json and add the following section:
{
"servers": {
"acuvity-mcp-server-benborla-mysql": {
"env": {
"MYSQL_DB": "TO_BE_SET",
"MYSQL_HOST": "TO_BE_SET",
"MYSQL_PASS": "TO_BE_SET",
"MYSQL_USER": "TO_BE_SET"
},
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"--read-only",
"-e",
"MYSQL_HOST",
"-e",
"MYSQL_USER",
"-e",
"MYSQL_PASS",
"-e",
"MYSQL_DB",
"docker.io/acuvity/mcp-server-benborla-mysql:2.0.2"
]
}
}
}
To pass secrets you should use the
promptStringinput type described in the Visual Studio Code documentation.
In ~/.codeium/windsurf/mcp_config.json add the following section:
{
"mcpServers": {
"acuvity-mcp-server-benborla-mysql": {
"env": {
"MYSQL_DB": "TO_BE_SET",
"MYSQL_HOST": "TO_BE_SET",
"MYSQL_PASS": "TO_BE_SET",
"MYSQL_USER": "TO_BE_SET"
},
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"--read-only",
"-e",
"MYSQL_HOST",
"-e",
"MYSQL_USER",
"-e",
"MYSQL_PASS",
"-e",
"MYSQL_DB",
"docker.io/acuvity/mcp-server-benborla-mysql:2.0.2"
]
}
}
}
See Windsurf documentation for more info.
Add the following JSON block to your mcp configuration file:
~/.cursor/mcp.json for global scope.cursor/mcp.json for project scope{
"mcpServers": {
"acuvity-mcp-server-benborla-mysql": {
"env": {
"MYSQL_DB": "TO_BE_SET",
"MYSQL_HOST": "TO_BE_SET",
"MYSQL_PASS": "TO_BE_SET",
"MYSQL_USER": "TO_BE_SET"
},
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"--read-only",
"-e",
"MYSQL_HOST",
"-e",
"MYSQL_USER",
"-e",
"MYSQL_PASS",
"-e",
"MYSQL_DB",
"docker.io/acuvity/mcp-server-benborla-mysql:2.0.2"
]
}
}
}
See cursor documentation for more information.
In the claude_desktop_config.json configuration file add the following section:
{
"mcpServers": {
"acuvity-mcp-server-benborla-mysql": {
"env": {
"MYSQL_DB": "TO_BE_SET",
"MYSQL_HOST": "TO_BE_SET",
"MYSQL_PASS": "TO_BE_SET",
"MYSQL_USER": "TO_BE_SET"
},
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"--read-only",
"-e",
"MYSQL_HOST",
"-e",
"MYSQL_USER",
"-e",
"MYSQL_PASS",
"-e",
"MYSQL_DB",
"docker.io/acuvity/mcp-server-benborla-mysql:2.0.2"
]
}
}
}
See Anthropic documentation for more information.
async with MCPServerStdio(
params={
"env": {"MYSQL_DB":"TO_BE_SET","MYSQL_HOST":"TO_BE_SET","MYSQL_PASS":"TO_BE_SET","MYSQL_USER":"TO_BE_SET"},
"command": "docker",
"args": ["run","-i","--rm","--read-only","-e","MYSQL_HOST","-e","MYSQL_USER","-e","MYSQL_PASS","-e","MYSQL_DB","docker.io/acuvity/mcp-server-benborla-mysql:2.0.2"]
}
) as server:
tools = await server.list_tools()
async with MCPServerSse(
params={
"url": "http://<ip>:<port>/sse",
}
) as server:
tools = await server.list_tools()
See OpenAI Agents SDK docs for more info.
In your client configuration set:
dockerrun -i --rm --read-only -e MYSQL_HOST -e MYSQL_USER -e MYSQL_PASS -e MYSQL_DB docker.io/acuvity/mcp-server-benborla-mysql:2.0.2Simply run as:
docker run -it -p 8000:8000 --rm --read-only -e MYSQL_HOST -e MYSQL_USER -e MYSQL_PASS -e MYSQL_DB docker.io/acuvity/mcp-server-benborla-mysql:2.0.2
Then on your application/client, you can configure to use it like:
{
"mcpServers": {
"acuvity-mcp-server-benborla-mysql": {
"url": "http://localhost:8000/sse"
}
}
}
You might have to use different ports for different tools.
This section assume you are familiar with TLS and certificates and will require:
- a server certificate with proper DNS/IP field matching your tool deployment.
- a client-ca used to sign client certificates
backend mode-e MINIBRIDGE_MODE=backend/certs ex (-v $PWD/certs:/certs)-e MINIBRIDGE_TLS_SERVER_CERT=/certs/server-cert.pem-e MINIBRIDGE_TLS_SERVER_KEY=/certs/server-key.pem-e MINIBRIDGE_TLS_SERVER_KEY_PASS=optional-e MINIBRIDGE_TLS_SERVER_CLIENT_CA=/certs/client-ca.pemminibridge locally in frontend mode:In your client configuration, Minibridge works like any other STDIO command.
Example for Claude Desktop:
{
"mcpServers": {
"acuvity-mcp-server-benborla-mysql": {
"command": "minibridge",
"args": ["frontend", "--backend", "wss://<remote-url>:8000/ws", "--tls-client-backend-ca", "/path/to/ca/that/signed/the/server-cert.pem/ca.pem", "--tls-client-cert", "/path/to/client-cert.pem", "--tls-client-key", "/path/to/client-key.pem"]
}
}
}
That's it.
Minibridge offers a host of additional features. For step-by-step guidance, please visit the wiki. And if anything’s unclear, don’t hesitate to reach out!
This chart requires some mandatory information to be installed.
Mandatory Secrets:
MYSQL_USER secret to be set as secrets.MYSQL_USER either by .value or from existing with .valueFromMYSQL_PASS secret to be set as secrets.MYSQL_PASS either by .value or from existing with .valueFromMandatory Environment variables:
MYSQL_HOST environment variable to be set by env.MYSQL_HOSTMYSQL_DB environment variable to be set by env.MYSQL_DBOptional Environment variables:
MYSQL_PORT="%!s(int=3306)" environment variable can be changed with env.MYSQL_PORT="%!s(int=3306)"ALLOW_INSERT_OPERATION="%!s(bool=true)" environment variable can be changed with env.ALLOW_INSERT_OPERATION="%!s(bool=true)"ALLOW_UPDATE_OPERATION="%!s(bool=true)" environment variable can be changed with env.ALLOW_UPDATE_OPERATION="%!s(bool=true)"ALLOW_DELETE_OPERATION="%!s(bool=true)" environment variable can be changed with env.ALLOW_DELETE_OPERATION="%!s(bool=true)"You can inspect the chart README:
helm show readme oci://docker.io/acuvity/mcp-server-benborla-mysql --version 1.0.0
You can inspect the values that you can configure:
helm show values oci://docker.io/acuvity/mcp-server-benborla-mysql --version 1.0.0
Install with helm
helm install mcp-server-benborla-mysql oci://docker.io/acuvity/mcp-server-benborla-mysql --version 1.0.0
From there your MCP server mcp-server-benborla-mysql will be reachable by default through http/sse from inside the cluster using the Kubernetes Service mcp-server-benborla-mysql on port 8000 by default. You can change that by looking at the service section of the values.yaml file.
The deployment will create a Kubernetes service with a healthPort, that is used for liveness probes and readiness probes. This health port can also be used by the monitoring stack of your choice and exposes metrics under the /metrics path.
See full charts Readme for more details about settings and runtime security including guardrails activation.
For detailed list of all features, tools, arguments and SBOM hashes provided by this server please consult the readme
💬 Questions? Open an issue or contact us [email protected] . 📦 Contributions welcome!
Content type
Image
Digest
sha256:8e5da79a2…
Size
265 Bytes
Last updated
about 1 year ago
docker pull acuvity/mcp-server-benborla-mysql:sha256-bf70960218956f7a70e9519b32bd61fc9ed8c59051d88064bf046e6915f0b95b.sig