This release adds 3 notable features for engineering teams evaluating rollout.
✓ No known CVEs patched in this version
Topics
+3 more
Affected surfaces
Summary
AI summaryOptional API key authentication added to secure MCP endpoints.
Full changelog
What's New
🔐 API Key Authentication
The server now supports optional API key authentication to secure your MCP endpoints.
Features:
- New
API_KEYenvironment variable to enable authentication - Support for Bearer token via
Authorizationheader - Support for
api_keyquery parameter - Health endpoint shows auth status (
enabled/disabled) - Fully backward compatible - auth disabled when
API_KEYnot set
Protected endpoints: /sse (GET/POST), /message (POST)
Public endpoint: /health (GET)
Usage
# Docker
docker run -d \
-v /path/to/vault:/vault:rw \
-p 3001:3000 \
-e VAULT_PATH=/vault \
-e API_KEY=your-secret-key \
ghcr.io/smith-and-web/obsidian-mcp-server:latest
# npx
API_KEY=your-secret-key VAULT_PATH=/path/to/vault npx @smith-and-web/obsidian-mcp-server
Client Configuration
{
"mcpServers": {
"obsidian": {
"command": "npx",
"args": ["-y", "mcp-remote", "https://your-domain.com/sse?api_key=your-secret-key"]
}
}
}
See the Authentication section in the README for full documentation.
Full Changelog: https://github.com/smith-and-web/obsidian-mcp-server/compare/v1.2.2...v1.3.0
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About smith-and-web/obsidian-mcp-server
SSE-enabled MCP server for remote Obsidian vault management with 29 tools for notes, directories, frontmatter, tags, search, and link operations. Docker-ready with health monitoring.
Related context
Beta — feedback welcome: [email protected]