Help
Help
Breadcrumbs

Essential Security Practices for MCP Clients

When utilizing MCP Clients (AI Agents, Chatbots, Automation Platforms) to connect to sensitive business tools, especially for domain management, adhering to strong security practices is critical due to the power and conversational nature of these integrations.

Here are 5 important security practices we highly recommend to any user:

1. Strictly Apply the Principle of Least Privilege via API Scopes

  • Practice: Always generate API keys with the minimum required scopes (permissions) necessary for the AI Agent's function. Never use an ‘all-access’ API key for a single, narrow task.

  • Example: An AI Agent intended only for checking domain expiration dates should only be granted domains:read access, not domains:write or any billing scopes (account:read/write, products:read/write). This limits potential damage if the key is compromised or the agent misinterprets a command.

2. Use Short-Lived or Rotated API Keys

  • Practice: Configure API keys with the shortest practical expiration period (e.g., three months or less) and implement a mandatory key rotation schedule.

  • Rationale: Since MCP Clients use the API key directly as the bearer token, a compromised key grants immediate access. Regularly rotating keys minimizes the window of opportunity for attackers to exploit a stolen credential.

3. Implement Guardrails and “Human in the Loop” Confirmation Prompts in the AI Application

  • Practice: For AI Agents that possess write permissions, build in a mandatory human confirmation step for high-impact actions (e.g., domain transfers, bulk DNS changes, or contact updates).

  • Rationale: This protects against hallucinations or misinterpretations by the AI model. For example, before executing an action that deletes DNS records, the AI should explicitly ask, "I am about to delete 15 A records on example.com . Do you wish to proceed? (Yes/No)"

4. Isolate and Separate Keys for Different Functions/Teams:

  • Practice: Issue a unique API key for each distinct function, team, or application (e.g., one key for the DevOps DNS automation pipeline, a separate key for the finance department's accounting integration).

  • Benefit: This allows administrators to quickly revoke access for one compromised application without affecting mission-critical systems and makes it easier to trace actions back to the source using audit logs.

5. Securely Store and Manage the API Key

  • Practice: Never hardcode API keys directly into public repositories or configuration files accessible to unauthorized users. Use secure secret management tools (e.g., Azure Key Vault, AWS Secrets Manager, HashiCorp Vault) or environment variables in production.

  • Rationale: The API key is equivalent to a password. Storing it securely prevents unauthorized internal or external access to the organization's domain portfolio.