Docker Compose guide
Use the Agent Guide compose template with data mounts, local port binding, and backup notes.
Container-first operation
Hermes Agent Docker guide
Use Docker when you want a clearer data volume, repeatable updates, and a stronger operational boundary than a local host install. Keep one data directory per profile or deployment.
Agent Guide is an independent editorial resource. It is not affiliated with, endorsed by, or sponsored by Nous Research, Hermes Agent, or Hermes/Hermes brand owners. Product names and marks belong to their respective owners.
First-run shape
The official Docker guide uses a mounted data directory so config, API keys, sessions, skills, and memories survive image updates.
mkdir -p ~/.hermes
docker run -it --rm \
-v ~/.hermes:/opt/data \
nousresearch/hermes-agentSafer deployment checklist
- Use a dedicated host directory per profile or deployment.
- Avoid mounting broad home directories unless the workflow requires it.
- Keep
.envownership and backup rules explicit. - Record the image tag or digest used for production.
- Test updates by pulling the new image and recreating the container against a backed-up data directory.
Running on a VPS
| Concern | Default stance |
|---|---|
| Ports | Expose only the gateway/API ports you actually need. |
| Backups | Back up /opt/data or the host-mounted data directory before upgrades. |
| Secrets | Prefer environment or secrets-manager injection over loose files. |
| Profiles | Use separate containers and volumes for work/personal identities. |
Docker mode distinction
There are two Docker decisions. You can run Hermes Agent itself inside Docker, or you can configure Docker as the terminal backend while Hermes runs on the host. The official Docker page focuses on running Hermes inside a container and stores user data through a host mount at /opt/data.
Agent Guide treats both paths as security decisions. A container boundary helps, but mounted files, exposed ports, forwarded environment variables, and API keys still define the real blast radius.
Production-like Docker checklist
- Use a dedicated host data directory for each profile or deployment.
- Bind API ports to localhost unless external access is required and protected.
- Generate a strong API server key before enabling external API access.
- Back up the host-mounted data directory before pulling a new image.
- Keep dashboard exposure separate from chat-platform gateway exposure.
When to use Docker Compose
Use Docker Compose when you want a repeatable service definition, checked-in infrastructure notes, and a cleaner upgrade path than remembering a long docker run command.
Official sources reviewed
| Source | Used for | Last checked | Confidence |
|---|---|---|---|
| Hermes Agent Docker guide | Docker run modes, mounted data directory, gateway operation, ports, and production cautions. | 2026-06-02 | high |
| Hermes Agent configuration guide | Provider, model, backend, and environment configuration patterns. | 2026-06-02 | high |
| Hermes Agent security guide | Approval modes, gateway authorization, Docker terminal backend hardening, and credential cautions. | 2026-06-02 | high |
Known caveats: Docker can mean running Hermes inside a container or using Docker as the terminal backend. Confirm which model you are configuring before copying commands.
FAQ
Does Docker make Hermes Agent automatically safe?
No. Docker improves the boundary, but mounted volumes, forwarded environment variables, exposed ports, and gateway tokens still need review.
Operator checklist
Get the Agent Guide launch checklist
Receive the smoke-test order for install path, sandbox boundary, provider setup, source review, and production checks.