The credentials_helper.py module provides secure runtime password retrieval from the Locker environment. Instead of hardcoding passwords in source files, all MCP servers and helpers call get_environment_config() to retrieve passwords at startup.
Key Benefits: - No passwords in source code (except bootstrap password) - Passwords can be rotated in Locker without code changes - Each environment has its own locker ID for isolation - Fallback pattern ensures graceful degradation
Location: /opt/mcp-servers/shared/credentials_helper.py
Bootstrap Exception: The Locker server itself must have one hardcoded password (4dsCi8 at l_a7d6) to access the Locker system. This will be protected via LUKS encryption.