- Getting started
- Best practices
- Tenant
- About the Tenant Context
- Searching for Resources in a Tenant
- Managing Robots
- Connecting Robots to Orchestrator
- Storing Robot Credentials in CyberArk
- Storing Unattended Robot Passwords in Azure Key Vault (read only)
- Storing Unattended Robot Credentials in HashiCorp Vault (read only)
- Storing Unattended Robot Credentials in AWS Secrets Manager (read only)
- Deleting Disconnected and Unresponsive Unattended Sessions
- Robot Authentication
- Robot Authentication With Client Credentials
- Configuring automation capabilities
- Solutions
- Audit
- Settings
- Registry
- Cloud robots
- Automation Suite Robots
- Folders Context
- Processes
- Jobs
- Apps
- Triggers
- Logs
- Monitoring
- Indexes
- Queues
- Assets
- Connections
- Business Rules
- Storage Buckets
- MCP Servers
- About MCP Servers
- MCP Server shared foundation
- Getting the MCP Server URL
- Using Orchestrator Assets in MCP Servers
- MCP compliance guidelines
- Orchestrator testing
- Resource Catalog Service
- Integrations
- Troubleshooting
Orchestrator user guide
MCP Servers often need secrets, such as API keys, database credentials, or service tokens, to connect to external systems. Instead of hardcoding these values into MCP Server configuration, you can reference Orchestrator Assets using the %ASSETS/AssetName% syntax.
Asset references are resolved differently depending on the MCP Server type:
- Command and Coded MCP Servers use robot/runtime asset inference. Asset references are resolved as part of the Serverless job runtime before the MCP Server process starts.
- Remote MCP Servers use asset API inference. Asset references in custom headers are resolved through Orchestrator before the request is forwarded to the remote endpoint, without requiring a robot or robot key.
Create the asset in Orchestrator
Go to your folder in Orchestrator > Assets > Create Asset. For example:
- Name:
MyApiKey - Type: Secret, or Credential for username/password pairs
- Value:
sk-abc123...
The asset must be in the same folder as the MCP Server.
Reference assets in Command and Coded MCP Servers
Command and Coded MCP Servers reference assets in environment variables. The location of the environment variables differs:
| Server type | Where to configure environment variables |
|---|---|
| Command MCP Server | Directly on the MCP Server, in the Environment Variables field of the create or edit form in Orchestrator. |
| Coded MCP Server | On the process in Orchestrator: Settings > Environment Variables. |
In both cases, entries take the form KEY=VALUE, with %ASSETS/AssetName% as the value:
API_KEY=%ASSETS/MyApiKey%
DATABASE_URL=%ASSETS/MyDatabaseUrl%
REGION=us-east-1
API_KEY=%ASSETS/MyApiKey%
DATABASE_URL=%ASSETS/MyDatabaseUrl%
REGION=us-east-1
Asset references and plain values can be mixed. Each variable goes on its own line.
Orchestrator stores the raw environment variables, including the %ASSETS/...% placeholders, in the database, encrypted at rest. When a session starts, Orchestrator forwards them to the Serverless runtime, which resolves the asset references to their actual values before passing them to the MCP Server process.
In the MCP Server code, the variables are then available as standard environment variables. For example:
import os
api_key = os.environ.get("API_KEY") # Resolved to the asset value at runtime
import os
api_key = os.environ.get("API_KEY") # Resolved to the asset value at runtime
Reference assets in Remote MCP Server headers
Remote MCP Servers do not start a UiPath runtime job, so they do not use robot/runtime asset inference. Instead, you can reference assets in custom HTTP headers. Orchestrator resolves the asset values before forwarding the request to the remote MCP Server.
Use %ASSETS/AssetName% as the full header value:
Authorization: %ASSETS/RemoteBearerToken%
X-Api-Key: %ASSETS/MyApiKey%
X-Region: us-east-1
Authorization: %ASSETS/RemoteBearerToken%
X-Api-Key: %ASSETS/MyApiKey%
X-Region: us-east-1
If the remote endpoint expects a prefix such as Bearer, store the full header value in the asset. For example, store Bearer <token> in the RemoteBearerToken asset, then configure the header as Authorization: %ASSETS/RemoteBearerToken%.
Remote header asset references are resolved through Orchestrator using the caller's UiPath identity and the MCP Server folder context. Orchestrator enforces the required asset permissions and direct API access eligibility. This path works without a robot or robot key.
The caller must have access to the MCP Server folder and permission to view the referenced asset. If the asset is missing, inaccessible, or not eligible for direct API access, the remote MCP request fails instead of forwarding an unresolved placeholder.
Supported asset values
The following behaviors apply to asset inference in MCP Servers:
- Asset names are case-insensitive in the
%ASSETS/...%syntax. - For Command and Coded MCP Servers, the environment-variable key determines secret masking in the UI. Keys matching patterns such as
API_KEY,SECRET,PASSWORD,TOKEN, orAuthorizationare automatically masked with****. The%ASSETS/...%reference itself is always visible. - For Remote MCP Server headers, text, secret, boolean, integer, credential, and Windows credential assets are supported. For credential assets, the password value is used for substitution.
- Configure asset-backed headers only for trusted remote endpoints, because the resolved value is sent to that endpoint.
Key-value-list assets are not supported for MCP Server asset substitution.