Docker MCP Gateway for Claude

Safety notes

Docker MCP Gateway can start and route multiple MCP servers, so each connected client inherits the permissions of every enabled server and tool.
Container isolation reduces host exposure, but Docker Engine or Docker socket access is still highly privileged and should be limited to trusted users.
The gateway supports tool allowlists, CPU limits, memory limits, network blocking, secret blocking, image signature verification, and interceptors; review defaults before production use.
Catalog, profile, local-file, and registry references can change which servers run behind the gateway, especially when watch mode or shared profiles are enabled.
Tool-call logging is enabled by default in the documented flags, so avoid routing secrets or sensitive payloads unless logging and retention are controlled.

Privacy notes

Docker MCP Gateway may process MCP server definitions, catalog entries, profile exports, local server files, secrets, OAuth tokens, tool names, tool arguments, tool outputs, logs, container metadata, and Docker Engine metadata.
Secrets may come from Docker Desktop secrets or `.env` fallback files; keep those stores out of version control and restrict filesystem permissions.
Tool outputs can include local files, API responses, credentials, account data, or infrastructure details depending on the enabled downstream MCP servers.
Exported profiles and catalogs can reveal internal server names, image references, allowed tools, configuration values, and service endpoints.

Prerequisites

Docker Desktop `4.59+` with the MCP Toolkit feature enabled, or the Docker MCP CLI plugin built and installed independently.
Docker Engine access for running containerized MCP servers and the gateway.
MCP server sources prepared from Docker MCP Catalog entries, OCI images, MCP Registry entries, or local YAML/JSON server files.
Profiles feature enabled when using `docker mcp profile` and profile-based gateway runs outside Docker Desktop.
Secrets, OAuth flows, allowed tools, network policy, filesystem mounts, CPU, memory, and image signature policy reviewed before sharing a gateway.

Schema details

Install type: cli
Troubleshooting: No

Source repository stats

Scope: Source repo

Collection metadata

Estimated setup: 20 minutes
Difficulty: advanced

Full copyable content

docker mcp gateway run --profile dev-tools

About this resource

Content

Docker MCP Gateway is the open-source Docker CLI plugin and gateway behind Docker Desktop's MCP Toolkit. It runs selected MCP servers in containers, groups them through profiles, and exposes them to MCP clients through one gateway command or network transport.

The repository documents gateway runs over stdio by default, plus SSE or streaming transports when serving one or more clients over a TCP port. Servers can come from Docker MCP Catalog references, OCI images, MCP Registry entries, or local server definition files.

Source Review

These sources were reviewed on 2026-06-06. Prefer the live repository, README, gateway guide, security guide, profiles guide, generated command reference, Docker image page, and license file for current gateway behavior, feature flags, deployment options, and security controls.

Features

Run MCP servers inside Docker containers with CPU and memory limits.
Expose a unified MCP gateway over stdio, SSE, or streaming transports.
Organize MCP servers into reusable profiles for client-specific tool sets.
Pull servers from Docker MCP Catalog, OCI images, MCP Registry entries, or local server files.
Connect clients such as Claude Desktop, Cursor, and VS Code to the selected profile.
Enable or disable selected tools per gateway run or profile.
Manage catalogs, server definitions, profile import/export, and OCI-backed profile sharing.
Handle secrets through Docker Desktop secrets or explicit fallback secret files.
Support OAuth flows for MCP servers that require service authentication.
Use logging, call tracing, network blocking, secret blocking, image signature verification, and interceptors.

Installation

Recent Docker Desktop versions include the Docker MCP CLI plugin when the MCP Toolkit feature is enabled. The repository also documents building and installing the plugin manually:

git clone https://github.com/docker/mcp-gateway.git
cd mcp-gateway
mkdir -p "$HOME/.docker/cli-plugins/"
make docker-mcp

Run the default stdio gateway with:

docker mcp gateway run

Connect Claude Desktop or another stdio MCP client with:

{
  "mcpServers": {
    "MCP_DOCKER": {
      "command": "docker",
      "args": [
        "mcp",
        "gateway",
        "run"
      ]
    }
  }
}

For shared client access, run the gateway with a port and streaming transport, or pass a profile, selected servers, selected tools, secret sources, and other gateway flags from the documented command reference.

Use Cases

Give Claude a single managed entrypoint to a curated Docker MCP Toolkit profile.
Run MCP servers from Docker MCP Catalog in isolated containers instead of directly on the host.
Share a team profile through exported profile files or OCI references.
Test one server image with docker mcp gateway run --server before adding it to a catalog.
Restrict risky tools with explicit tool allowlists before connecting a client.
Use the gateway's SSE or streaming transport for multi-client access.
Keep API keys in Docker Desktop secrets or a controlled secret file instead of ad hoc environment variables.
Review tool-call logs and container limits when evaluating an MCP server for production.

Safety and Privacy

Docker MCP Gateway is a control point for other MCP servers. It can reduce risk by running servers in containers, limiting CPU and memory, blocking secrets, blocking network access, enforcing selected tools, and checking image signatures. Those controls still depend on the chosen catalog entries, profiles, server files, gateway flags, Docker permissions, and client approval settings.

Treat Docker Engine access as privileged. A user or service that can run containers, mount host paths, access the Docker socket, or load arbitrary server definitions can affect the host. Review every server's volume mounts, allowed hosts, secrets, OAuth scopes, and enabled tools before connecting Claude or another agent client.

The gateway and its downstream servers can see tool arguments, tool outputs, logs, traces, catalog metadata, profile exports, container image names, Docker metadata, secrets, OAuth tokens, and local file paths. Keep exported profiles, catalogs, .env files, and logs out of public repositories.

Duplicate Check

No docker/mcp-gateway source entry or Docker MCP Gateway entry was found in content/mcp. The existing Docker MCP Server for Claude entry is distinct content about Docker API management from Claude rather than Docker's MCP Toolkit gateway and catalog runner.

#gateway#docker#orchestration#security#infrastructure

Source citations

Related resources

mcp

Bifrost MCP Gateway

Aggregate MCP tools behind Bifrost's gateway, then expose them through a governed /mcp endpoint with virtual keys, auth, tool filtering, logs, and provider routing.

Review firstSource-backedReview firstAdded 1d ago

Safety ✓ Privacy ✓

mcp

MetaMCP Gateway

Host grouped MCP servers behind managed MetaMCP endpoints with namespaces, API keys, OAuth, tool overrides, inspection, and traffic controls.

Review firstSource-backedReview firstAdded 2d ago

Safety ✓ Privacy ✓

mcp

Microsoft MCP Gateway

Deploy and manage MCP server adapters in Kubernetes, route clients through session-aware gateway endpoints, register tools, and control access with bearer auth and Entra ID app roles.

Review firstSource-backedReview firstAdded 1d ago

Safety ✓ Privacy ✓

mcp

tbxark MCP Proxy Server

Put several stdio, SSE, or Streamable HTTP MCP servers behind one proxy, configure per-server routes, auth tokens, logging, and allow/block tool filters, then serve clients over HTTP.

Review firstSource-backedReview firstAdded 1d ago

Safety ✓ Privacy ✓

Signals

Loading live community signals…