Security and Best Practices
- Use single-user mode: A single instance of the H3 MCP server is designed to use a single H3 API key.
- Pass keys securely: The only way to pass the API key to the server is via the
-e H3_API_KEY={your-key-here}
option on thedocker run
command. - Restrict network: Run locally or behind VPN/firewall.
- Stop/remove containers when not in use.
- Rotate keys regularly and test before use in production.
- Create GraphQL examples: Prepare sample queries for fetching test data or triggering NodeZero assessments.
- Leverage system prompts: Tailor system prompts to your specific use cases to improve response accuracy and reduce token usage.