MCP servers often rely on plaintext secrets in configuration files, like the common mcp.json, which can expose sensitive information if the repository is shared or mismanaged. The article highlights a secure method developed by a user named @codekiln to prevent credential leaks when using tools such as Cursor or Claude Code. By integrating 1Password with the command-line interface (CLI), developers can reference secrets stored in 1Password vaults instead of hardcoding them directly into their files. The process involves creating vault items for each token and using a specific command structure to inject these tokens at runtime. For example, developers can set environment variables in a .env file using references like `op://AI/GitHub Access Token/token`. When executing commands, the `op run` command fetches these secrets, decrypts them in memory, and sets them as environment variables for that session. Once the process ends, the secrets are cleared, reducing the risk of leakage. This approach eliminates common security pitfalls such as plaintext secrets, shared .env files, and manual token management. It allows developers to maintain clean configuration files that can be safely version-controlled, without exposing any sensitive data. The method enhances security without complicating the developers' workflow, ensuring that they can focus on building rather than worrying about credential management.