Security and Best Practices

For additional information on how we built this locally hosted MCP server with security by design, check out our NodeZero MCP Server blog

• Use single-user mode: A single instance of the H3 MCP server is designed to use a single H3 API key.
• Pass keys securely: The only way to pass the API key to the server is via the -e H3_API_KEY={your-key-here} option on the docker run command.
• Restrict network: Run locally or behind VPN/firewall.
• Stop/remove containers when not in use.
• Rotate keys regularly and test before use in production.
• Create GraphQL examples: Prepare sample queries for fetching test data or triggering NodeZero assessments.
• Leverage system prompts: Tailor system prompts to your specific use cases to improve response accuracy and reduce token usage.