In this blog, we're delving into ToolHive, a small tool that makes managing and deploying MCP servers remarkably simple and safe. ToolHive transforms your development process by integrating container security and configuration automation, regardless of whether you're using Cursor, GitHub Copilot, or other tools. Let's install and run it on a brand-new Ubuntu virtual machine. Now let's begin! Prefer watching instead of reading? Here’s a quick video guide Prefer watching instead of reading? Here’s a quick video guide Prefer watching instead of reading? Here’s a quick video guide Prefer watching instead of reading? Here’s a quick video guide https://youtu.be/0xXatoDfuF8?embedable=true https://youtu.be/0xXatoDfuF8?embedable=true Requirements Requirements Requirements ToolHive uses containerization, so make sure you have Docker or Podman installed. Here I'll use Docker. Run the following commands to install Docker if you haven't already: sudo apt update
sudo apt install -y docker.io
sudo systemctl enable docker
sudo systemctl start docker sudo apt update
sudo apt install -y docker.io
sudo systemctl enable docker
sudo systemctl start docker "Let's make sure Docker is operating." docker --version docker --version Setting Up ToolHive "ToolHive is a CLI tool that runs on Go. Downloading the binary or building from source will allow you to install it. We will build it from source for this demonstration. sudo apt install -y golang git make
git clone https://github.com/stacklok/toolhive.git
cd toolhive
go build ./cmd/thv
sudo cp thv /usr/local/bin/ sudo apt install -y golang git make
git clone https://github.com/stacklok/toolhive.git
cd toolhive
go build ./cmd/thv
sudo cp thv /usr/local/bin/ "Let's make sure it was installed correctly." thv version thv version Configuring Your Initial MCP Server Configuring Your Initial MCP Server Configuring Your Initial MCP Server Let's now use ToolHive to launch our first MCP server. In order for it to connect to clients that are compatible, first enable auto-discovery. thv config auto-discovery true thv config auto-discovery true "Now launch the Fetch MCP server—this tool enables LLMs to retrieve content from websites." thv run fetch thv run fetch You'll observe the server booting up and the container being pulled. You can use this to check servers that are currently in use: thv list thv list Use Case: GitHub Token with Encrypted Secrets Use Case: GitHub Token with Encrypted Secrets Use Case: GitHub Token with Encrypted Secrets "As an example, let's try configuring a GitHub MCP server that needs an authentication token. We will use ToolHive's encrypted provider to safely handle secrets. thv config secrets-provider encrypted
thv secret set github thv config secrets-provider encrypted
thv secret set github You will be asked to enter your GitHub token. Let's launch the GitHub MCP server after it is finished: thv run --secret github,target=GITHUB_PERSONAL_ACCESS_TOKEN github thv run --secret github,target=GITHUB_PERSONAL_ACCESS_TOKEN github Examine the Registry ToolHive has an integrated MCP registry. You can look through and find information about the servers that are available here: thv registry list
thv search github
thv registry info github thv registry list
thv search github
thv registry info github Configuring a Custom MCP Server Configuring a Custom MCP Server Configuring a Custom MCP Server Now let's use an image to run a custom MCP server. As an illustration: thv run --transport sse --name myserver --port 8080 my-mcp-image:latest -- some-args thv run --transport sse --name myserver --port 8080 my-mcp-image:latest -- some-args "ToolHive adds labels, builds a proxy on a random port, and securely wraps your container." Utilising Package Managers to Run MCP Utilising Package Managers to Run MCP Utilising Package Managers to Run MCP Protocol schemes such as uvx://, npx://, and go:// are supported by ToolHive. Let's launch a Python-based MCP straight from uvx: thv run uvx://awslabs.core-mcp-server@latest thv run uvx://awslabs.core-mcp-server@latest "Or a server built with Node.js:" thv run npx://@pulumi/mcp-server@latest thv run npx://@pulumi/mcp-server@latest "Or even local Go projects:" cd my-go-mcp-project
thv run go://. cd my-go-mcp-project
thv run go://. Personalize Permissions Personalize Permissions Personalize Permissions Using JSON profiles, ToolHive enables permission customisation. Example: {
  "read": ["/var/run/mcp.sock"],
  "network": {
    "outbound": {
      "allow_host": ["localhost", "google.com"],
      "allow_port": [80, 443]
    }
  }
} {
  "read": ["/var/run/mcp.sock"],
  "network": {
    "outbound": {
      "allow_host": ["localhost", "google.com"],
      "allow_port": [80, 443]
    }
  }
} "Save it as profile.json, then use it as follows:" thv run --permission-profile profile.json fetch thv run --permission-profile profile.json fetch Deployment of Kubernetes (Preview) Deployment of Kubernetes (Preview) Deployment of Kubernetes (Preview) ToolHive now allows you to use an Operator to run MCP servers in Kubernetes. Create a Kind cluster and follow the instructions in the repository if you want to test this out locally. Bonus: Manual Client Enrollment "You can manually register a client if auto-discovery isn't functioning:" thv config register-client copilot
thv config list-registered-clients thv config register-client copilot
thv config list-registered-clients Final Remarks This is a comprehensive tutorial on using ToolHive! As you can see, it's an effective tool for deploying MCP servers in a safe and repeatable manner. ToolHive can help you with running custom tools or integrating with GitHub Copilot. Recommended Resources: GitHub: https://github.com/stacklok/toolhive
ToolHive Documentation: the repository's /docs folder
Discord: Participate in the community by visiting the ToolHive GitHub page. GitHub: https://github.com/stacklok/toolhive https://github.com/stacklok/toolhive ToolHive Documentation: the repository's /docs folder Discord: Participate in the community by visiting the ToolHive GitHub page.

Discord

Bug Bounty Recon Made Easy with Hakrawler

New Plugin Brings Auditing to kubectl exec—No More Blind Shell Access

Read My Stories

Too Long; Didn't Read

Boost your HackerNoon story @ $159.99! 🚀

Mastering MCP Server Management with ToolHive

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

A Beginner’s Guide to Reconnaissance in PenTesting

Windows Sticky Keys Exploit: The War Veteran That Never Dies

06/02/2018: Biggest Stories in the Cryptosphere

0-Days are on the Rise and that Means a Lot More Work for SOC Teams

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

A Beginner’s Guide to Reconnaissance in PenTesting

Windows Sticky Keys Exploit: The War Veteran That Never Dies

06/02/2018: Biggest Stories in the Cryptosphere

0-Days are on the Rise and that Means a Lot More Work for SOC Teams

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps