Missing from the MCP debate: Who holds the keys when 50 agents access 50 APIs?

There are two debates happening right now: CLI vs MCP - should agents call the existing CLIs or use an MCP server? And API vs MCP - does wrapping a REST API in an MCP server add value, or just complexity? Both focus on how agents call tools. What both aren't asking is, who holds the credentials when they do. Fifty agents, fifty sets of keys When one developer runs one agent on one laptop, credentials are simple. You store them locally, maybe rotate them, and move on. But that's not where we're heading. Dozens of agents per team, each needing access to Slack, GitHub, Jira, Office 365, that legacy CRM, multiple SaaS tools, and all your internal APIs. Some of those have CLIs. Most don't - they're SaaS products with REST APIs. If you're lucky - who knows how many production systems still use a global, password-protected admin account. So every agent needs a separate API key, OAuth token, or username/password pair. For each downstream system. On every machine. And if you've ever managed API