Security and Best Practices

  • Use single-user mode: A single instance of the H3 MCP server is designed to use a single H3 API key.
  • Pass keys securely: The only way to pass the API key to the server is via the -e H3_API_KEY={your-key-here} option on the docker run command.
  • Restrict network: Run locally or behind VPN/firewall.
  • Stop/remove containers when not in use.
  • Rotate keys regularly and test before use in production.
  • Create GraphQL examples: Prepare sample queries for fetching test data or triggering NodeZero assessments.
  • Leverage system prompts: Tailor system prompts to your specific use cases to improve response accuracy and reduce token usage.