Hermes Agent Security Guide
July 8, 2026 ยท 5 min read
1. Restrict Platform Users
TELEGRAM_ALLOWED_USERS=123456789
DISCORD_ALLOWED_USERS=987654321
2. Limit Toolsets
CLI: all tools. Telegram/Discord public bots: only web, memory, skills. Never expose terminal access publicly.
3. Disable YOLO Mode
approvals:
mode: manual
4. Secure API Keys
Store in ~/.hermes/.env, add to .gitignore, use environment variables for team deployments.
5. Firewall
$ sudo ufw allow 22/tcp
$ sudo ufw allow 443/tcp
$ sudo ufw enable
๐ก๏ธ Hermes is only as secure as the server it runs on. Isolate it, limit permissions, and never run as root on production.