The Docker MCP Toolkit is a gateway that lets you set up, manage, and runcontainerized MCP servers and connect them to AI agents. It removes frictionfrom tool usage by offering secure defaults, one-click setup, and support for agrowing ecosystem of LLM-based clients. It is the fastest way from MCP tooldiscovery to local execution.

Note

If you need to run your own MCP gateway,seeDocker MCP Gateway.

Key features

• Cross-LLM compatibility: Instantly works with Claude Desktop, Cursor, Continue.dev, andGordon.
• Integrated tool discovery: Browse and launch MCP servers from the Docker MCP Catalog directly in Docker Desktop.
• Zero manual setup: No dependency management, runtime configuration, or server setup required.
• Functions as both an MCP server aggregator and a gateway for clients to access installed MCP servers.

How the MCP Toolkit works

MCP introduces two core concepts: MCP clients and MCP servers.

• MCP clients are typically embedded in LLM-based applications, such as theClaude Desktop app. They request resources or actions.
• MCP servers are launched by the client to perform the requested tasks, usingany necessary tools, languages, or processes.

Docker standardizes the development, packaging, and distribution ofapplications, including MCP servers. By packaging MCP servers as containers,Docker eliminates issues related to isolation and environment differences. Youcan run a container directly, without managing dependencies or configuringruntimes.

Depending on the MCP server, the tools it provides might run within the samecontainer as the server or in dedicated containers:

Single containerSeparate containers

Note

The Docker MCP Toolkit was originally released as an extension. This extension is now deprecated and should be uninstalled.

Security

The Docker MCP Toolkit combines passive and active measures to reduce attacksurfaces and ensure safe runtime behavior.

Passive security

• Image signing and attestation: All MCP server images undermcp/ in thecatalogare built by Docker and digitallysigned to verify their source and integrity. Each image includes a SoftwareBill of Materials (SBOM) for full transparency.

Active security

Security at runtime is enforced through resource and access limitations:

• CPU allocation: MCP tools are run in their own container. They arerestricted to 1 CPU, limiting the impact of potential misuse of computingresources.

• Memory allocation: Containers for MCP tools are limited to 2 GB.

• Filesystem access: By default, MCP Servers have no access to the host filesystem.The user explicitly selects the servers that will be granted file mounts.

• Interception of tool requests: Requests to and from tools that contain sensitiveinformation such as secrets are blocked.

To learn more about the MCP server catalog, seeCatalog.

Example: Use theGitHub Official MCP server

Imagine you want to enableAsk Gordon to interact with your GitHub account:

1. From theMCP Toolkit menu, select theCatalog tab and findtheGitHub Official server and add it.

2. In the server'sConfig tab,connect via OAuth.

3. In theClients tab, ensure Gordon is connected.

4. From theAsk Gordon menu, you can now send requests related to yourGitHub account, in accordance to the tools provided by the GitHub Official server. To test it, ask Gordon:

   What's my GitHub handle?

   Make sure to allow Gordon to interact with GitHub by selectingAlways allow in Gordon's answer.

Tip

By default, the Gordon client is enabled,which means Gordon can automatically interact with your MCP servers.

Example: Use Claude Desktop as a client

Imagine you have Claude Desktop installed, and you want to use the GitHub MCP server,and the Puppeteer MCP server, you do not have to install the servers in Claude Desktop.You can simply install these 2 MCP servers in the MCP Toolkit,and add Claude Desktop as a client:

1. From theMCP Toolkit menu, select theCatalog tab and find thePuppeteer server and add it.

2. Repeat for theGitHub Official server.

3. From theClients tab, selectConnect next toClaude Desktop. RestartClaude Desktop if it's running, and it can now access all the servers in the MCP Toolkit.

4. Within Claude Desktop, run a test by submitting the following prompt using the Sonnet 3.5 model:

   Take a screenshot of docs.docker.com and then invert the colors

Example: Use Visual Studio Code as a client

You can interact with all your installed MCP servers in Visual Studio Code:

1. To enable the MCP Toolkit:

   Enable globallyEnable for a given project

   1. Insert the following in your Visual Studio Code's Usermcp.json:

      "mcp":{"servers":{"MCP_DOCKER":{"command":"docker","args":["mcp","gateway","run"],"type":"stdio"}}}

   1. In your terminal, navigate to your project's folder.

   2. Run:

      docker mcp client connect vscode

      Note

      This command creates a.vscode/mcp.json file in the current directory. Werecommend you add it to your.gitignore file.

2. In Visual Studio Code, open a new Chat and select theAgent mode:

   

3. You can also check the available MCP tools:

   

For more information about the Agent mode, see theVisual Studio Code documentation.

Authenticate via OAuth

You can connect the MCP Toolkit to your development workflow viaOAuth integration. For now, the MCP Toolkit only supports GitHub OAuth.

1. Onhttps://github.com/, ensure you are signed in.
2. In Docker Desktop, selectMCP Toolkit and select theOAuth tab.
3. In the GitHub entry, selectAuthorize. Your browser opens the GitHub authorization page.
4. In the GitHub authorization page, selectAuthorize Docker. Once the authorizationis successful, you are automatically redirected to Docker Desktop.
5. Install theGitHub Official MCP server, seeInstall an MCP server.

The MCP Toolkit now has access to your GitHub account. To revoke access, selectRevoke in theOAuth tab.See an example inUse theGitHub Official MCP server.

Related pages

• Open-source MCP Gateway