Skip to main content
Configure your MCP client to connect to Prowler MCP Server.

Step 1: Get Your API Key (Optional)

Authentication is optional: Prowler Hub and Prowler Documentation features work without authentication. An API key is only required for Prowler Cloud and Prowler App (Self-Managed) features.
To use Prowler Cloud or Prowler App (Self-Managed) features. To get the API key, please refer to the API Keys guide.
Keep the API key secure. Never share it publicly or commit it to version control.

Step 2: Configure Your MCP Client

Choose the configuration based on your deployment:
  • STDIO Mode: Local installation only (runs as subprocess).
  • HTTP Mode: Prowler Cloud MCP Server or self-hosted Prowler MCP Server.

HTTP Mode (Prowler Cloud MCP Server or self-hosted Prowler MCP Server)

  • Native HTTP Support (Cursor, VSCode)
  • Using mcp-remote (Claude Desktop)
Clients that support HTTP with custom headers nativelyFor example: Cursor, VSCode, LobeChat, etc.Configuration:
{
  "mcpServers": {
    "prowler": {
      "url": "https://mcp.prowler.com/mcp", // or your self-hosted Prowler MCP Server URL
      "headers": {
        "Authorization": "Bearer pk_your_api_key_here"
      }
    }
  }
}

STDIO Mode (Local Installation Only)

STDIO mode is only available when running the MCP server locally.
  • Using uvx
  • Using Docker
Run from source or local installation
{
  "mcpServers": {
    "prowler": {
      "command": "uvx",
      "args": ["/absolute/path/to/prowler/mcp_server/"],
      "env": {
        "PROWLER_APP_API_KEY": "pk_your_api_key_here",
        "PROWLER_API_BASE_URL": "https://api.prowler.com"
      }
    }
  }
}
Replace /absolute/path/to/prowler/mcp_server/ with the actual path. The PROWLER_API_BASE_URL is optional and defaults to Prowler Cloud API.

Step 3: Start Using Prowler MCP

Restart your MCP client and start asking questions:
  • “Show me all critical findings from my AWS accounts”
  • “What does the S3 bucket public access check do?”
  • “Onboard this new AWS account in my Prowler Organization”

Authentication Methods

Prowler MCP Server supports two authentication methods to connect to Prowler Cloud or Prowler App (Self-Managed): Use your Prowler API key directly in the Bearer token: 
Authorization: Bearer pk_your_api_key_here
This is the recommended method for most users.

JWT Token

Alternatively, obtain a JWT token from Prowler: 
curl -X POST https://api.prowler.com/api/v1/tokens \
  -H "Content-Type: application/vnd.api+json" \
  -H "Accept: application/vnd.api+json" \
  -d '{
    "data": {
      "type": "tokens",
      "attributes": {
        "email": "your-email@example.com",
        "password": "your-password"
      }
    }
  }'
Use the returned JWT token in place of the API key: 
Authorization: Bearer eyJhbGciOiJIUzI1NiIs...
JWT tokens are only valid for 30 minutes. You need to generate a new token if you want to continue using the MCP server.

Troubleshooting

Server Not Detected

  • Restart your MCP client after configuration changes
  • Check the configuration file syntax (valid JSON)
  • Review client logs for specific error messages
  • Verify the server URL is correct

Authentication Failures

Error: Unauthorized (401)
  • Verify your API key is correct
  • Ensure the key hasn’t expired
  • Check you’re using the right API endpoint

Connection Issues

Cannot Reach Server:
  • Verify the server URL is correct
  • Check network connectivity
  • For local servers, ensure the server is running
  • Check firewall settings

Security Best Practices

  1. Protect Your API Key
    • Never commit API keys to version control.
    • Use environment variables or secure vaults.
    • Rotate keys regularly.
  2. Network Security
    • Use HTTPS for production deployments.
    • Restrict network access to the MCP server.
    • Consider VPN for remote access.
  3. Least Privilege
    • API key gives the permission of the user who created the key, make sure to use the key with the minimal required permissions.
    • Review the tools that are gonna be used and how they are gonna be used to avoid prompt injections or unintended behavior.

Next Steps

Now that your MCP server is configured:

Tools Reference

Explore all available tools

Getting Help

Need assistance with configuration?
I