Security Hardening

Recommended hardening steps for a public BoltMCP deployment.

With public access enabled, consider:

Rate limiting via ingress annotations:

nginx.ingress.kubernetes.io/limit-rps: "10"
nginx.ingress.kubernetes.io/limit-connections: "5"

Brute force protection in Keycloak: Realm Settings > Security Defenses > Enable Brute Force Detection
DDoS protection via your cloud provider's WAF/shield service
Monitoring with uptime checks on public endpoints

Authentication Setup

How BoltMCP's Keycloak realm, OIDC clients, and first user are provisioned automatically on first install.

Manual Upgrade

Upgrade BoltMCP to a new chart release with helm upgrade.