The governance problem MCP created without asking

My team adopted MCP fast. I encouraged it — the productivity gains were real and visible. Engineers connecting Sentry, Slack, Grafana, GitHub directly into their workflow, no friction. The kind of thing you want to happen organically.

Then one day I asked a simple question: who has a Sentry token? Who has Slack? Grafana?

The answer was: everyone. Each engineer had generated their own. No inventory. No rotation policy. No single revocation point. We had traded operational security for developer experience — and nobody had made that trade explicitly. It just happened, one mcp add at a time.