Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/sanyambassi/ciphertrust-manager-mcp-server

MCP Server for Thales CipherTrust Manager
https://github.com/sanyambassi/ciphertrust-manager-mcp-server

cdsp ciphertrust ciphertrustmanager claude-desktop cursor-ai mcp mcp-client mcp-server modelcontextprotocol

Last synced: 2 months ago
JSON representation

MCP Server for Thales CipherTrust Manager

Awesome Lists containing this project

README 

          
# CipherTrust Manager MCP Server



This project implements an independently-developed CipherTrust MCP (Model Context Protocol) server that allows AI Assistants like Claude or Cursor to interact with CipherTrust Manager resources using the ksctl CLI.



## Table of Contents



- [Important Notice](#important-notice)

- [Features](#features)

- [Prerequisites](#prerequisites)

- [Installation](#installation)

- [Configuration](#configuration)

- [Usage](#usage)

- [Testing](#testing)

- [Integration with AI Assistants](#integration-with-ai-assistants)

- [Environment Variables](#environment-variables)

- [Troubleshooting](#troubleshooting)

- [Project Structure](#project-structure)

- [Contributing](#contributing)

- [Legal](#legal)

- [License](#license)



## Important Notice



This is an **independent, open-source project**. Please note:



- โš ๏ธ **Not officially supported** by Thales

- โœ… **Uses public APIs** and documented interfaces

- ๐Ÿ”ง **Independently maintained** 

- ๐Ÿ“ **Use at your own risk** - test thoroughly in your environment

- ๐Ÿ’ผ **No warranty** - see license for full terms



For official CipherTrust Manager support, please contact Thales directly.



## Features



The MCP server exposes a set of tools and endpoints for clients (such as Claude Desktop and Cursor) to interact with CipherTrust resources. Supported operations include:



- Key management

- CTE client management

- User management

- Connection management

- And more



**Benefits:**

- Unified interface for AI assistants to interact with CipherTrust Manager

- Support for key management, connection management, CTE client management, and more

- JSON-RPC communication over stdin/stdout

- Configurable via environment variables



## Prerequisites



- **Git**

- **Python 3.11 or higher**

- **uv** for dependency management

- **Access to a CipherTrust Manager instance**



### Installing Git (Windows)



If you don't have Git installed on Windows, follow these steps:



- **Download and install Git for Windows**: [https://git-scm.com/download/win](https://git-scm.com/download/win)

- **Or install via winget**:

  ```bash

  winget install --id Git.Git -e --source winget

  ```

- **Verify installation** - Open PowerShell and execute:

  ```bash

  git --version

  ```

  You should see the installed Git version.



## Installing Python and uv



### Method 1: Manual Installation



#### 1. Download Python

```powershell

# Open PowerShell as Administrator (optional)

cd $env:USERPROFILE\Downloads

Invoke-WebRequest -Uri "https://www.python.org/ftp/python/3.12.4/python-3.12.4-amd64.exe" -OutFile "python-installer.exe"

```



#### 2. Run the Installer

```powershell

.\python-installer.exe /quiet InstallAllUsers=1 PrependPath=1 Include_test=0

```



#### 3. Verify Installation

Open a new terminal and run:

```bash

python --version

pip --version

```



#### 4. Install uv

```bash

pip install uv

uv --version

```



#### 5. Clone the Repository

```bash

git clone https://github.com/sanyambassi/ciphertrust-manager-mcp-server.git

cd ciphertrust-manager-mcp-server

```



#### 6. Create a Virtual Environment and Install Dependencies

```bash

uv venv

.venv\Scripts\activate

uv pip install -e .

```



### Method 2: Using winget (Windows)



#### 1. Install Python with winget

```bash

winget install --id Python.Python.3.12 --source winget --accept-package-agreements --accept-source-agreements

```



#### 2. Close and Reopen PowerShell

This ensures Python is available in your PATH.



#### 3. Verify Installation

```bash

python --version

pip --version

```



#### 4. Install uv

```bash

pip install uv

uv --version

```



#### 5. Clone the Repository

```bash

git clone https://github.com/sanyambassi/ciphertrust-manager-mcp-server.git

cd ciphertrust-manager-mcp-server

```



#### 6. Create a Virtual Environment and Install Dependencies

```bash

uv venv

.venv\Scripts\activate

uv pip install -e .

```



## Configuration



### (Optional) Copy and Edit the Example Environment File



**Example `.env`:**

```bash

cp .env.example .env

# Edit .env with your CipherTrust Manager details

```



You can also set these as environment variables directly instead of using a `.env` file.



**Example `.env` content:**

```

CIPHERTRUST_URL=https://your-ciphertrust-manager.example.com

CIPHERTRUST_USER=admin

CIPHERTRUST_PASSWORD=your-password-here

CIPHERTRUST_NOSSLVERIFY=true

```



## Usage



**โš ๏ธ Important:** Before starting, either the environment variable or .env should contain a valid CipherTrust Manager URL.



You have two main ways to run the CipherTrust MCP Server:



### Method 1: Direct Execution

```bash

uv run ciphertrust-mcp-server

```

This runs the `main()` function in `ciphertrust_mcp_server/__main__.py`.



### Method 2: Module Execution

```bash

uv run python -m ciphertrust_mcp_server.__main__

```



## Testing



This project includes comprehensive testing capabilities using the Model Context Protocol Inspector and Python unit tests.



### Quick Testing



```bash

# Manual JSON-RPC testing (direct stdin/stdout)

uv run ciphertrust-mcp-server

# Then send JSON-RPC commands (see TESTING.md for details)



# Interactive UI testing (opens browser interface)

npx @modelcontextprotocol/inspector uv run ciphertrust-mcp-server



# Quick CLI testing

# Get tools

npx @modelcontextprotocol/inspector --cli --config tests/mcp_inspector_config.json --server ciphertrust-local --method tools/list

# Get system information

npx @modelcontextprotocol/inspector --cli --config tests/mcp_inspector_config.json --server ciphertrust-local --method tools/call --tool-name system_information --tool-arg action=get

# Get 2 keys

npx @modelcontextprotocol/inspector --cli --config tests/mcp_inspector_config.json --server ciphertrust-local --method tools/call --tool-name key_management --tool-arg action=list --tool-arg limit=2

```



### Available Testing Methods



- **๐Ÿ”ง Manual JSON-RPC Testing**: Direct stdin/stdout communication for debugging and development

- **๐Ÿ–ฅ๏ธ Interactive UI Testing**: Visual web interface for manual testing and debugging

- **โšก CLI Automated Testing**: Command-line automation for CI/CD integration

- **๐Ÿงช Python Unit Tests**: Comprehensive unit testing for server components

- **๐Ÿ”— Integration Tests**: End-to-end testing with real CipherTrust Manager instances



### NPM Scripts



After creating a `package.json` file:



```bash

npm run test:inspector:ui     # Open interactive testing interface

npm run test:inspector:cli    # Run automated CLI tests

npm run test:python          # Run Python unit tests

npm run test:full           # Run complete test suite

```



### Comprehensive Testing Guide



๐Ÿ“– **For detailed testing instructions, see [TESTING.md](docs/TESTING.md)**



๐Ÿ”ง **For example AI assistant prompts, see [EXAMPLE_PROMPTS.md](docs/EXAMPLE_PROMPTS.md)**



The testing guide covers:

- Complete setup and configuration

- Advanced testing scenarios



The example prompts include:

- Key management operations

- User and group management

- System and service management

- Cluster management

- License management

- CTE operations

- Crypto operations

- And more practical scenarios



## Integration with AI Assistants



### Using with Cursor



#### 1. Configure Cursor

- Go to **Settings > MCP Tools > Add Custom MCP**

- Add the following contents in the config file (e.g., `mcp.json`):



```json

{

  "mcpServers": {

    "ciphertrust": {

      "command": "Path to your project folder/ciphertrust-manager-mcp-server/.venv/bin/ciphertrust-mcp-server",

      "args": [],

      "env": {

        "CIPHERTRUST_URL": "https://your-ciphertrust.example.com",

        "CIPHERTRUST_USER": "admin",

        "CIPHERTRUST_PASSWORD": "your-password-here"

      }

    }

  }

}

```



On Windows, use the `.venv\Scripts\ciphertrust-mcp-server.exe` path and double backslashes:



```json

{

  "mcpServers": {

    "ciphertrust": {

      "command": "C:\\path\\to\\ciphertrust-manager-mcp-server\\.venv\\Scripts\\ciphertrust-mcp-server",

      "args": [],

      "env": {

        "CIPHERTRUST_URL": "https://your-ciphertrust.example.com",

        "CIPHERTRUST_USER": "admin",

        "CIPHERTRUST_PASSWORD": "your-password-here"

      }

    }

  }

}

```



#### 2. Apply Configuration

Disable and Re-enable the CipherTrust MCP server in Cursor to apply the changes.



### Using with Claude Desktop



#### 1. Locate or create the Claude Desktop config file:

- **macOS**: `~/Library/Application Support/Claude/claude_desktop_config.json`

- **Windows**: `%APPDATA%\Roaming\Claude\claude_desktop_config.json`



#### 2. Add or update the MCP server configuration:



**macOS/Linux Example:**

```json

{

  "mcpServers": {

    "ciphertrust": {

      "command": "/absolute/path/to/ciphertrust-manager-mcp-server/.venv/bin/ciphertrust-mcp-server",

      "env": {

        "CIPHERTRUST_URL": "https://your-ciphertrust.example.com",

        "CIPHERTRUST_USER": "admin",

        "CIPHERTRUST_PASSWORD": "your-password-here"

      }

    }

  }

}

```



**Windows Example:**

```json

{

  "mcpServers": {

    "ciphertrust": {

      "command": "C:\\absolute\\path\\to\\ciphertrust-manager-mcp-server\\.venv\\Scripts\\ciphertrust-mcp-server",

      "env": {

        "CIPHERTRUST_URL": "https://your-ciphertrust.example.com",

        "CIPHERTRUST_USER": "admin",

        "CIPHERTRUST_PASSWORD": "your-password-here"

      }

    }

  }

}

```



Adjust the path to match your actual project location and environment.



#### 3. Restart Claude Desktop

Restart Claude Desktop to apply the changes.



## Environment Variables



Set these in your shell or in a `.env` file in the project root:



| Variable Name | Description | Required/Default |

|---|---|---|

| `CIPHERTRUST_URL` | CipherTrust Manager URL (http/https) | Required |

| `CIPHERTRUST_USER` | CipherTrust Manager username | Required |

| `CIPHERTRUST_PASSWORD` | CipherTrust Manager password | Required |

| `CIPHERTRUST_NOSSLVERIFY` | Disable SSL verification (true/false) | `false` |

| `CIPHERTRUST_TIMEOUT` | Timeout for CipherTrust requests (seconds) | `30` |

| `CIPHERTRUST_DOMAIN` | Default CipherTrust domain | `root` |

| `CIPHERTRUST_AUTH_DOMAIN` | Authentication domain | `root` |

| `KSCTL_PATH` | Path to ksctl binary | `~/.ciphertrust-mcp/ksctl` |

| `KSCTL_CONFIG_PATH` | Path to ksctl config file | `~/.ksctl/config.yaml` |

| `LOG_LEVEL` | Logging level (DEBUG, INFO) | `INFO` |



**Example `.env` file:**

```bash

CIPHERTRUST_URL=https://your-ciphertrust.example.com

CIPHERTRUST_USER=admin

CIPHERTRUST_PASSWORD=yourpassword

CIPHERTRUST_NOSSLVERIFY=false

CIPHERTRUST_TIMEOUT=30

CIPHERTRUST_DOMAIN=root

CIPHERTRUST_AUTH_DOMAIN=root

KSCTL_PATH=

KSCTL_CONFIG_PATH=

LOG_LEVEL=INFO

```



## Troubleshooting



### Successful startup logs:



- The server is designed to be run as a subprocess by MCP clients (like Claude Desktop or Cursor) and communicates via JSON-RPC over stdin/stdout.

- You'll see log output like in the AI assistant's MCP log:



```

2025-06-16 02:22:30,462 - ciphertrust_mcp_server.server - INFO - Starting ciphertrust-manager v0.1.0

2025-06-16 02:22:30,838 - ciphertrust_mcp_server.server - INFO - Successfully connected to CipherTrust Manager

2025-06-16 02:22:30,838 - ciphertrust_mcp_server.server - INFO - MCP server ready and waiting for JSON-RPC messages on stdin...

```



### Dependencies



The `pyproject.toml` file includes these dependencies:

- `mcp>=1.0.0`

- `pydantic>=2.0.0`

- `pydantic-settings>=2.0.0`

- `httpx>=0.27.0`

- `python-dotenv>=1.0.0`



If you encounter issues, ensure all dependencies are installed and up-to-date.



## Project Structure



```

ciphertrust-manager-mcp-server/

โ”œโ”€โ”€ src

โ”‚   โ”œโ”€โ”€ ciphertrust_mcp_server/     # Main server code

โ”œโ”€โ”€ tests/                      	# Testing configuration and unit tests

โ”‚   โ”œโ”€โ”€ mcp_inspector_config.json

โ”‚   โ”œโ”€โ”€ test_scenarios.json

โ”‚   โ”œโ”€โ”€ test_server.py

โ”‚   โ””โ”€โ”€ test_integration_simple.py

โ”œโ”€โ”€ scripts/                    	# Testing and utility scripts

โ”‚   โ”œโ”€โ”€ test_with_inspector.bat

โ”‚   โ”œโ”€โ”€ test_with_inspector.sh

โ”‚   โ””โ”€โ”€ run_tests.py

โ”œโ”€โ”€ docs/                      		# Additional documentation

โ”‚   โ”œโ”€โ”€ TESTING.md

โ”‚   โ”œโ”€โ”€ EXAMPLE_PROMPTS.md

โ”‚   โ””โ”€โ”€ TOOLS.md

โ”œโ”€โ”€ README.md                   	# This file

โ”œโ”€โ”€ pyproject.toml             		# Python dependencies

โ””โ”€โ”€ package.json               		# Node.js dependencies for testing

```



## Contributing



Contributions are welcome! Please feel free to submit a Pull Request. While this started as a personal project, contributions help make it better for everyone.



## Legal



### Trademark Notice

CipherTrustยฎ and related trademarks are the property of Thales Group and its subsidiaries. This project is not affiliated with, endorsed by, or sponsored by Thales Group.



### No Warranty

This software is provided "as is" without warranty of any kind. Use at your own risk.



### Support

This is an independent project. For official CipherTrust Manager support, please contact Thales directly. For issues with this unofficial MCP server, please use the GitHub issue tracker.



## License



This project is licensed under the MIT License. See the [LICENSE](LICENSE) file for details.



---