Security Best Practices
For additional information on how we built this locally hosted MCP server with security by design, check out our NodeZero MCP Server blog.
- Use single-user mode: A single instance of the Horizon3.ai MCP Server is designed to use a single Horizon3.ai API key.
- Pass keys securely: The only way to pass the API key to the server is via the
-e H3_API_KEY={your-key-here}
option on thedocker run
command. - Restrict network: Run locally or behind VPN/firewall.
- Stop/remove containers when not in use.
- Rotate keys regularly and test before use in production.
- Create GraphQL examples: Prepare sample queries for fetching test data or triggering NodeZero assessments.