Documentation

Get SecureContext running in your environment in under an hour.

Installation

Choose your preferred deployment method. Docker is recommended for most teams.

DockerRecommended

terminal
# Pull the latest image
docker pull ghcr.io/securecontext/gateway:latest

# Run with your config
docker run -d \
  --name securecontext \
  -p 8080:8080 \
  -v /path/to/config:/config \
  -e CONFIG_PATH=/config/securecontext.yaml \
  ghcr.io/securecontext/gateway:latest

Kubernetes / Helm

terminal
# Add the Helm repository
helm repo add securecontext https://charts.securecontext.org
helm repo update

# Install with custom values
helm install securecontext securecontext/gateway \
  --namespace securecontext \
  --create-namespace \
  -f values.yaml

Binary

terminal
# Download the latest release
curl -LO https://releases.securecontext.org/latest/securecontext-linux-amd64

# Make executable and run
chmod +x securecontext-linux-amd64
./securecontext-linux-amd64 --config /path/to/securecontext.yaml

Configuration

Configure your tenant name, tool prefix, and basic settings.

securecontext.yaml
# securecontext.yaml
tenant:
  # The display name shown to users
  display_name: "Atlas"
  
  # Prefix for all MCP tools (e.g., Atlas.ask, Atlas.searchSlack)
  mcp_prefix: "Atlas"
  
  # Optional: Custom branding
  branding:
    logo_url: "https://internal.acme.com/Atlas-logo.svg"
    primary_color: "#0ea5e9"

server:
  host: "0.0.0.0"
  port: 8080
  
  # TLS configuration (recommended for production)
  tls:
    enabled: true
    cert_file: "/certs/server.crt"
    key_file: "/certs/server.key"

logging:
  level: "info"
  format: "json"
  
  # Audit logging for compliance
  audit:
    enabled: true
    destination: "stdout"  # or file path, or syslog URL

Connectors

Add connectors to expose your company's knowledge systems.

AWS Bedrock

Use IAM role assumption for secure access.

connectors:
  - type: bedrock
    name: "AI Models"
    config:
      region: "us-east-1"
      model_id: "anthropic.claude-v2"
      
      # IAM role to assume (recommended)
      assume_role_arn: "arn:aws:iam::123456789:role/SecureContextBedrock"
      
      # Or use instance profile / environment credentials
      # use_default_credentials: true

Amazon Q Business

Use Q as an aggregated knowledge connector.

connectors:
  - type: amazon-q-business
    name: "Company Knowledge"
    config:
      application_id: "your-q-application-id"
      region: "us-east-1"
      
      # IAM role with Q Business permissions
      assume_role_arn: "arn:aws:iam::123456789:role/SecureContextQ"

Slack

Configure OAuth token for Slack access.

connectors:
  - type: slack
    name: "Slack"
    config:
      # Bot OAuth token (xoxb-...)
      token: "${SLACK_BOT_TOKEN}"
      
      # Restrict to specific channels (optional)
      allowed_channels:
        - "engineering"
        - "incidents"
        - "product"
      
      # Enable search and posting
      capabilities:
        - search
        - read_messages
        - post_messages  # optional

Jira

Connect to Jira Cloud or Server.

connectors:
  - type: jira
    name: "Jira"
    config:
      base_url: "https://acme.atlassian.net"
      
      # API token authentication
      email: "${JIRA_EMAIL}"
      api_token: "${JIRA_API_TOKEN}"
      
      # Restrict to specific projects
      allowed_projects:
        - "PAYMENTS"
        - "PLATFORM"
        - "INFRA"
      
      capabilities:
        - search
        - read_issues
        - create_issues
        - update_issues

Authentication

SecureContext supports multiple authentication modes.

API Key

Simple authentication for internal deployments.

auth:
  mode: api_key
  
  # Keys can be defined inline or via environment
  api_keys:
    - key: "${SECURECONTEXT_API_KEY_1}"
      name: "Engineering Team"
      permissions:
        - "*"  # all connectors
        
    - key: "${SECURECONTEXT_API_KEY_2}"
      name: "Support Team"
      permissions:
        - "slack:read"
        - "jira:read"

SSO (OIDC)

Integrate with your identity provider.

auth:
  mode: oidc
  
  oidc:
    issuer: "https://auth.acme.com"
    client_id: "${OIDC_CLIENT_ID}"
    client_secret: "${OIDC_CLIENT_SECRET}"
    
    # Map groups to permissions
    group_mappings:
      "engineering":
        - "*"
      "support":
        - "slack:read"
        - "jira:read"
        - "jira:create"

mTLS

Certificate-based authentication for high-security environments.

auth:
  mode: mtls
  
  mtls:
    # CA certificate for client validation
    ca_cert_file: "/certs/ca.crt"
    
    # Map certificate CNs to permissions
    cn_mappings:
      "developer-workstation":
        - "*"
      "ci-runner":
        - "jira:read"
        - "jira:create"

IDE Setup

Add SecureContext as an MCP server in your IDE.

Generic MCP Server Configuration

Most MCP-compatible IDEs support adding servers via settings or config files.

mcp-config.json
{
  "mcp_servers": [
    {
      "name": "Atlas",
      "url": "https://securecontext.internal.acme.com:8080",
      "auth": {
        "type": "bearer",
        "token": "${SECURECONTEXT_TOKEN}"
      }
    }
  ]
}

Tip: After adding the server, your IDE should auto-discover tools like Atlas.ask, Atlas.searchSlack, and Atlas.createJiraTicket.

Next Steps

Review our security documentation for best practices
Check the knowledge base for tutorials and advanced configurations
Contact sales for custom connector development