Edit of README and loading of env variable (#9)

msafarik · Marek Safarik · web-flow · commit bf817632f100 · 2025-11-12T13:42:27.000+01:00
* Edit of README and loading of env variable

---------

Signed-off-by: Marek Safarik &lt;msafarik@redhat.com&gt;
Co-authored-by: Marek Safarik &lt;msafarik@redhat.com&gt;
diff --git a/README.md b/README.md
@@ -4,12 +4,12 @@ A Model Context Protocol (MCP) server for [Keylime](https://keylime.dev), the re
 
 ## Requirements
 
-This MCP server is a helper tool for working with Keylime. To actually interact with a Keylime deployment, you need:
+This MCP server is a helper tool for working with Keylime. You need:
 
 - A running [Keylime verifier](https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/security_hardening/assembly_ensuring-system-integrity-with-keylime_security-hardening#configuring-keylime-verifier_assembly_ensuring-system-integrity-with-keylime) and [Keylime registrar](https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/security_hardening/assembly_ensuring-system-integrity-with-keylime_security-hardening#configuring-keylime-registrar_assembly_ensuring-system-integrity-with-keylime)
 - [Keylime agents](https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/security_hardening/assembly_ensuring-system-integrity-with-keylime_security-hardening#configuring-keylime-agent_assembly_ensuring-system-integrity-with-keylime) to monitor
 - Network access to the Keylime API endpoints
-- [Podman](https://podman.io/getting-started/installation) must be installed on your system.
+- **MCP Client** (Claude Desktop, Cline, etc.) OR **[Podman](https://podman.io/getting-started/installation)** for containers
 
 ## Usage
 
@@ -19,8 +19,7 @@ There are two ways to use this MCP server:
 
 Build the server:
 ```bash
-cd backend
-go build -o server *.go
+make mcp
 ```
 
 You can move the binary anywhere you want (e.g., `/usr/local/bin/server).
@@ -31,17 +30,21 @@ Add to your MCP client config (e.g., `~/.config/Claude/claude_desktop_config.jso
   "mcpServers": {
     "keylime": {
       "command": "/full/path/to/keylime-mcp/backend/server",
-      "args": []
+      "env": {
+        "KEYLIME_CERT_DIR": "/full/path/to/keylime/certs/dir"
+      }
     }
   }
 }
 ```
 
 **Replace `/full/path/to/keylime-mcp` with your actual path!**
 
+**Replace `/full/path/to/keylime/certs/dir` with your cert directory!** Certs should be in `/var/lib/keylime/cv_ca` but need read permissions.
+
 Restart your MCP client. Done.
 
-### Option 2: Web UI (Docker)
+### Option 2: Web UI (Podman)
 
 ```bash
 make build
@@ -70,6 +73,7 @@ cd frontend && pnpm dev
 - `make clean` - Remove everything
 - `make ps` - List containers
 - `make help` - Show all commands
+- `make mcp` - Build MCP server binary file
 
 ## Stack
 
diff --git a/backend/main.go b/backend/main.go
@@ -5,7 +5,6 @@ import (
 	"log"
 	"net/http"
 	"os"
-	"path/filepath"
 
 	"github.com/joho/godotenv"
 	"github.com/modelcontextprotocol/go-sdk/mcp"
@@ -59,7 +58,7 @@ func main() {
 }
 
 func loadConfig() {
-	certDir := getEnv("KEYLIME_CERT_DIR", filepath.Join(os.Getenv("HOME"), ".keylime/certs")) // TODO: Make this configurable or better way to set this
+	certDir := getEnv("KEYLIME_CERT_DIR", "/var/lib/keylime/cv_ca")
 
 	config = Config{
 		VerifierURL:    getEnv("KEYLIME_VERIFIER_URL", "https://localhost:8881"),
