Hermes Agent Security Guide

July 8, 2026 ยท 5 min read

1. Restrict Platform Users

TELEGRAM_ALLOWED_USERS=123456789 DISCORD_ALLOWED_USERS=987654321

2. Limit Toolsets

CLI: all tools. Telegram/Discord public bots: only web, memory, skills. Never expose terminal access publicly.

3. Disable YOLO Mode

approvals: mode: manual

4. Secure API Keys

Store in ~/.hermes/.env, add to .gitignore, use environment variables for team deployments.

5. Firewall

$ sudo ufw allow 22/tcp $ sudo ufw allow 443/tcp $ sudo ufw enable
๐Ÿ›ก๏ธ Hermes is only as secure as the server it runs on. Isolate it, limit permissions, and never run as root on production.

โ† Back to Blog