Security Guidelines
Keep your MCP servers secure on agnexus.
Overview
Security is important for protecting your data and your users. Follow these guidelines to keep your servers secure.
Access Control
Use Access Keys
For private servers, always use access keys:
- Generate strong access keys
- Rotate keys regularly
- Revoke unused keys
- Never share keys publicly
Environment Variables
Store sensitive data in environment variables:
- API keys
- Database credentials
- Service tokens
- Configuration secrets
Never commit secrets to version control.
Code Security
Dependencies
- Keep dependencies updated
- Review dependency security advisories
- Use trusted packages
- Remove unused dependencies
Input Validation
- Validate all inputs
- Sanitize user data
- Use parameterized queries
- Implement rate limiting
Network Security
HTTPS Only
All agnexus subdomains use HTTPS:
- Encrypted connections
- SSL/TLS certificates
- Secure data transmission
Authentication
Implement proper authentication:
- Use bearer tokens
- Validate all requests
- Implement authorization checks
- Log access attempts
Best Practices
- Principle of Least Privilege: Grant minimum necessary permissions
- Defense in Depth: Use multiple security layers
- Regular Updates: Keep everything updated
- Monitor Access: Watch for suspicious activity
- Backup Data: Keep backups of important data
Incident Response
If you suspect a security issue:
- Revoke affected access keys immediately
- Review logs for suspicious activity
- Update credentials
- Contact support if needed