← Back to MCP servers

Docker

Docker MCP Server

Docker MCP Gateway orchestrates MCP servers in isolated containers, providing secure discovery and execution of Model Context Protocol servers across AI coding tools.

Last reviewed Feb 28, 2026

What it does

The Docker MCP Gateway is an open-source proxy that runs MCP servers inside isolated Docker containers. Instead of spawning servers directly with npx on the host, the gateway manages container lifecycle, injects credentials, and routes requests. This approach improves security by restricting network access, verifying images, and isolating server execution from host resources.

Available tools

The gateway itself does not expose tools directly. It provides access to the MCP servers you configure through it. The Docker MCP Catalog includes 300+ verified servers that you can run via the gateway. Each catalog server exposes its own tools (e.g., filesystem, postgres, slack).

Gateway capability What it does
Server lifecycle Start, stop, and manage MCP server containers
Credential injection Pass tokens and secrets into containers securely
Request routing Route client requests to the correct server container
Image verification Use cryptographically signed, SBOM-verified images

Setup by tool

Cursor

Install the Docker MCP CLI plugin or use Docker Desktop's built-in MCP support. Configure the gateway as your MCP host:

{
  "mcpServers": {
    "docker-gateway": {
      "command": "docker",
      "args": ["mcp"]
    }
  }
}

Alternatively, use the gateway binary from GitHub releases placed at ~/.docker/cli-plugins/docker-mcp for Docker Engine without Desktop.

Claude Code

Add the Docker MCP gateway to your Claude configuration. See Docker docs for the exact command and args for your platform.

VS Code / GitHub Copilot

Configure the Docker MCP gateway as an MCP server in your client settings. The gateway will manage which underlying MCP servers (postgres, filesystem, etc.) are available.

When to use this

  • Security-first MCP: Run third-party MCP servers in containers instead of directly on the host
  • Centralized config: Manage all MCP servers from one gateway instead of per-client config
  • Verified servers: Use Docker's catalog of signed, SBOM-verified server images
  • Credential isolation: Inject secrets into containers without exposing them to the host
  • Multi-client: Share the same gateway config across Cursor, Claude, and VS Code

Security considerations

  • Container isolation limits host access compared to running npx directly
  • Use verified images from the Docker MCP Catalog when possible
  • Avoid granting broad Docker socket access to the gateway
  • Rotate credentials passed into containers regularly
  • Audit which servers are enabled and what permissions they receive

Compatibility

Official docs →Homepage →Pricing →

Related MCP servers

AWS MCP Server

Open source MCP servers from AWS Labs that give AI coding agents access to AWS documentation, best practices, and contextual guidance for building on AWS.

Figma MCP Server

Official Figma MCP server that brings design context, variables, components, and Code Connect data into AI coding sessions for design-to-code workflows.

Firebase MCP Server

Experimental Firebase MCP server that gives AI coding agents access to Firestore, Auth, security rules, Cloud Messaging, and project management through the Firebase CLI.