> ## Documentation Index
> Fetch the complete documentation index at: https://docs.prowler.com/llms.txt
> Use this file to discover all available pages before exploring further.
## Submitting Feedback
If you encounter incorrect, outdated, or confusing documentation on this page, submit feedback:
POST https://docs.prowler.com/feedback
```json
{
"path": "/getting-started/basic-usage/prowler-mcp",
"feedback": "Description of the issue"
}
```
Only submit feedback when you have something specific and actionable to report.
# Configuration
Configure your MCP client to connect to Prowler MCP Server.
## Step 1: Get Your API Key
**Authentication is optional**: Prowler Hub and Prowler Documentation features work without authentication. An API key is only required for Prowler Cloud and Prowler App (Self-Managed) features.
To use Prowler Cloud or Prowler App (Self-Managed) features. To get the API key, please refer to the [API Keys](/user-guide/tutorials/prowler-app-api-keys) guide.
Keep the API key secure. Never share it publicly or commit it to version control.
## Step 2: Configure Your MCP Host/Client
Choose the configuration based on your deployment:
* **HTTP Mode**: Prowler Cloud MCP Server or self-hosted Prowler MCP Server.
* **STDIO Mode**: Local installation only (runs as subprocess of your MCP client).
### HTTP Mode
**Configuration:**
```json theme={null}
{
"mcpServers": {
"prowler": {
"url": "https://mcp.prowler.com/mcp", // or your self-hosted Prowler MCP Server URL
"headers": {
"Authorization": "Bearer "
}
}
}
}
```
**Configuration:**
```json theme={null}
{
"mcpServers": {
"prowler": {
"command": "npx",
"args": [
"mcp-remote",
"https://mcp.prowler.com/mcp", // or your self-hosted Prowler MCP Server URL
"--header",
"Authorization: Bearer ${PROWLER_APP_API_KEY}"
],
"env": {
"PROWLER_APP_API_KEY": ""
}
}
}
}
```
The `mcp-remote` tool acts as a bridge for clients that don't support HTTP natively. Learn more at [mcp-remote on npm](https://www.npmjs.com/package/mcp-remote).
1. Open Claude Desktop settings
2. Go to "Developer" tab
3. Click in "Edit Config" button
4. Edit the `claude_desktop_config.json` file with your favorite editor
5. Add the following configuration:
```json theme={null}
{
"mcpServers": {
"prowler": {
"command": "npx",
"args": [
"mcp-remote",
"https://mcp.prowler.com/mcp",
"--header",
"Authorization: Bearer ${PROWLER_APP_API_KEY}"
],
"env": {
"PROWLER_APP_API_KEY": ""
}
}
}
}
```
Run the following command:
```bash theme={null}
export PROWLER_APP_API_KEY=""
claude mcp add --transport http prowler https://mcp.prowler.com/mcp --header "Authorization: Bearer $PROWLER_APP_API_KEY" --scope user
```
1. Open Cursor settings
2. Go to "Tools & MCP"
3. Click in "New MCP Server" button
4. Add to the JSON Configuration the following:
```json theme={null}
{
"mcpServers": {
"prowler": {
"url": "https://mcp.prowler.com/mcp",
"headers": {
"Authorization": "Bearer "
}
}
}
}
```
### STDIO Mode
STDIO mode is only available when running the MCP server locally.
**Run from source or local installation**
```json theme={null}
{
"mcpServers": {
"prowler": {
"command": "uvx",
"args": ["/absolute/path/to/prowler/mcp_server/"],
"env": {
"PROWLER_APP_API_KEY": "",
"API_BASE_URL": "https://api.prowler.com/api/v1"
}
}
}
}
```
Replace `/absolute/path/to/prowler/mcp_server/` with the actual path. The `API_BASE_URL` is optional and defaults to Prowler Cloud API.
**Run with Docker image**
```json theme={null}
{
"mcpServers": {
"prowler": {
"command": "docker",
"args": [
"run",
"--rm",
"-i",
"--env",
"PROWLER_APP_API_KEY=",
"--env",
"API_BASE_URL=https://api.prowler.com/api/v1",
"prowlercloud/prowler-mcp"
]
}
}
}
```
The `API_BASE_URL` is optional and defaults to Prowler Cloud API.
## Step 3: Start Using Prowler MCP
Restart your MCP client and start asking questions:
* *"Show me all critical findings from my AWS accounts"*
* *"What does the S3 bucket public access check do?"*
* *"Onboard this new AWS account in my Prowler Organization"*
## Authentication Methods
Prowler MCP Server supports two authentication methods to connect to Prowler Cloud or Prowler App (Self-Managed):
### API Key (Recommended)
Use your Prowler API key directly in the Bearer token:
```
Authorization: Bearer
```
This is the recommended method for most users.
### JWT Token
Alternatively, obtain a JWT token from Prowler:
```bash theme={null}
curl -X POST https://api.prowler.com/api/v1/tokens \
-H "Content-Type: application/vnd.api+json" \
-H "Accept: application/vnd.api+json" \
-d '{
"data": {
"type": "tokens",
"attributes": {
"email": "your-email@example.com",
"password": "your-password"
}
}
}'
```
Use the returned JWT token in place of the API key:
```
Authorization: Bearer eyJhbGciOiJIUzI1NiIs...
```
JWT tokens are only valid for 30 minutes. You need to generate a new token if you want to continue using the MCP server.
## Troubleshooting
### Server Not Detected
* Restart your MCP client after configuration changes
* Check the configuration file syntax (valid JSON)
* Review client logs for specific error messages
* Verify the server URL is correct
### Authentication Failures
**Error: Unauthorized (401)**
* Verify your API key is correct
* Ensure the key hasn't expired
* Check you're using the right API endpoint
### Connection Issues
**Cannot Reach Server:**
* Verify the server URL is correct
* Check network connectivity
* For local servers, ensure the server is running
* Check firewall settings
## Security Best Practices
1. **Protect Your API Key**
* Never commit API keys to version control.
* Use environment variables or secure vaults.
* Rotate keys regularly.
2. **Network Security**
* Use HTTPS for production deployments.
* Restrict network access to the MCP server.
* Consider VPN for remote access.
3. **Least Privilege**
* API key gives the permission of the user who created the key, make sure to use the key with the minimal required permissions.
* Review the tools that are gonna be used and how they are gonna be used to avoid prompt injections or unintended behavior.
## Next Steps
Now that your MCP server is configured:
Explore all available tools
## Getting Help
Need assistance with configuration?
* Search for existing [GitHub issues](https://github.com/prowler-cloud/prowler/issues)
* Ask for help in our [Slack community](https://goto.prowler.com/slack)
* Report a new issue on [GitHub](https://github.com/prowler-cloud/prowler/issues/new)