Security Best Practices

For additional information on how we built this locally hosted MCP server with security by design, check out our NodeZero MCP Server blog.

  • Use single-user mode: A single instance of the Horizon3.ai MCP Server is designed to use a single Horizon3.ai API key.
  • Pass keys securely: The only way to pass the API key to the server is via the -e H3_API_KEY={your-key-here} option on the docker run command.
  • Restrict network: Run locally or behind VPN/firewall.
  • Stop/remove containers when not in use.
  • Rotate keys regularly and test before use in production.
  • Create GraphQL examples: Prepare sample queries for fetching test data or triggering NodeZero assessments.