Ciphertrust Manager MCP Server
by
Enables AI assistants to manage CipherTrust Manager resources—keys, users, connections, and more—through a JSON‑RPC interface powered by the Model Context Protocol.
Ciphertrust Manager MCP Server Overview
Overview of Ciphertrust Manager MCP Server
What is Ciphertrust Manager MCP Server about? Provides a Model Context Protocol (MCP) server that exposes CipherTrust Manager functionalities (key management, user and client handling, connection control, etc.) to AI assistants like Claude Desktop and Cursor. The server communicates via stdin/stdout using JSON‑RPC, allowing seamless tool integration without direct API calls.
How to use Ciphertrust Manager MCP Server?
- Install Python 3.11+ and
uv. - Clone the repository and create a virtual environment:
git clone https://github.com/sanyambassi/ciphertrust-manager-mcp-server.git cd ciphertrust-manager-mcp-server uv venv && .venv/bin/activate # Windows: .venv\Scripts\activate uv pip install -e . - Configure connection details via a
.envfile or environment variables (CIPHERTRUST_URL,CIPHERTRUST_USER,CIPHERTRUST_PASSWORD, etc.). - Start the server:
uv run ciphertrust-mcp-server - Register the server in the AI assistant’s MCP configuration (path to the executable and required env vars).
Key Features
- JSON‑RPC over stdin/stdout for low‑overhead communication.
- Full coverage of CipherTrust Manager operations: key lifecycle, CTE client management, user/group handling, connection and cluster control.
- Configurable via environment variables or
.envfile. - Works with multiple AI assistants (Claude Desktop, Cursor) through a simple MCP config.
- Comprehensive testing utilities: manual JSON‑RPC, interactive UI via
@modelcontextprotocol/inspector, CLI scripts, and Python unit tests.
Use Cases
- Automating secret rotation and key provisioning through AI‑driven workflows.
- Allowing developers to query system information or retrieve certificates via natural‑language prompts.
- Integrating CipherTrust Manager into AI‑assisted incident response playbooks.
- Enabling security auditors to explore configuration state using conversational agents.
FAQ
- Is this officially supported by Thales? No; it is an independent open‑source implementation.
- What Python version is required? Python 3.11 or higher.
- Can I run the server on Windows? Yes; activate the virtual environment using
.venv\Scripts\activateand run the same command. - Do I need an API key? Authentication is performed with the CipherTrust Manager username and password specified in the environment.
- How do I debug connection issues? Enable
LOG_LEVEL=DEBUGto see detailed request/response logs.
Ciphertrust Manager MCP Server's README
CipherTrust Manager MCP Server
This project implements an independently-developed CipherTrust MCP (Model Context Protocol) server that allows AI Assistants like Claude or Cursor to interact with CipherTrust Manager resources using the ksctl CLI.
Table of Contents
- Important Notice
- Features
- Prerequisites
- Installation
- Configuration
- Usage
- Testing
- Integration with AI Assistants
- Environment Variables
- Troubleshooting
- Project Structure
- Contributing
- Legal
- License
Important Notice
This is an independent, open-source project. Please note:
- ⚠️ Not officially supported by Thales
- ✅ Uses public APIs and documented interfaces
- 🔧 Independently maintained
- 📝 Use at your own risk - test thoroughly in your environment
- 💼 No warranty - see license for full terms
For official CipherTrust Manager support, please contact Thales directly.
Features
The MCP server exposes a set of tools and endpoints for clients (such as Claude Desktop and Cursor) to interact with CipherTrust resources. Supported operations include:
- Key management
- CTE client management
- User management
- Connection management
- And more
Benefits:
- Unified interface for AI assistants to interact with CipherTrust Manager
- Support for key management, connection management, CTE client management, and more
- JSON-RPC communication over stdin/stdout
- Configurable via environment variables
Prerequisites
- Git
- Python 3.11 or higher
- uv for dependency management
- Access to a CipherTrust Manager instance
Installing Git (Windows)
If you don't have Git installed on Windows, follow these steps:
- Download and install Git for Windows: https://git-scm.com/download/win
- Or install via winget:
winget install --id Git.Git -e --source winget - Verify installation - Open PowerShell and execute:
You should see the installed Git version.git --version
Installing Python and uv
Method 1: Manual Installation
1. Download Python
# Open PowerShell as Administrator (optional)
cd $env:USERPROFILE\Downloads
Invoke-WebRequest -Uri "https://www.python.org/ftp/python/3.12.4/python-3.12.4-amd64.exe" -OutFile "python-installer.exe"
2. Run the Installer
.\python-installer.exe /quiet InstallAllUsers=1 PrependPath=1 Include_test=0
3. Verify Installation
Open a new terminal and run:
python --version
pip --version
4. Install uv
pip install uv
uv --version
5. Clone the Repository
git clone https://github.com/sanyambassi/ciphertrust-manager-mcp-server.git
cd ciphertrust-manager-mcp-server
6. Create a Virtual Environment and Install Dependencies
uv venv
.venv\Scripts\activate
uv pip install -e .
Method 2: Using winget (Windows)
1. Install Python with winget
winget install --id Python.Python.3.12 --source winget --accept-package-agreements --accept-source-agreements
2. Close and Reopen PowerShell
This ensures Python is available in your PATH.
3. Verify Installation
python --version
pip --version
4. Install uv
pip install uv
uv --version
5. Clone the Repository
git clone https://github.com/sanyambassi/ciphertrust-manager-mcp-server.git
cd ciphertrust-manager-mcp-server
6. Create a Virtual Environment and Install Dependencies
uv venv
.venv\Scripts\activate
uv pip install -e .
Configuration
(Optional) Copy and Edit the Example Environment File
Example .env:
cp .env.example .env
# Edit .env with your CipherTrust Manager details
You can also set these as environment variables directly instead of using a .env file.
Example .env content:
CIPHERTRUST_URL=https://your-ciphertrust-manager.example.com
CIPHERTRUST_USER=admin
CIPHERTRUST_PASSWORD=your-password-here
CIPHERTRUST_NOSSLVERIFY=true
Usage
⚠️ Important: Before starting, either the environment variable or .env should contain a valid CipherTrust Manager URL.
You have two main ways to run the CipherTrust MCP Server:
Method 1: Direct Execution
uv run ciphertrust-mcp-server
This runs the main() function in ciphertrust_mcp_server/__main__.py.
Method 2: Module Execution
uv run python -m ciphertrust_mcp_server.__main__
Testing
This project includes comprehensive testing capabilities using the Model Context Protocol Inspector and Python unit tests.
Quick Testing
# Manual JSON-RPC testing (direct stdin/stdout)
uv run ciphertrust-mcp-server
# Then send JSON-RPC commands (see TESTING.md for details)
# Interactive UI testing (opens browser interface)
npx @modelcontextprotocol/inspector uv run ciphertrust-mcp-server
# Quick CLI testing
# Get tools
npx @modelcontextprotocol/inspector --cli --config tests/mcp_inspector_config.json --server ciphertrust-local --method tools/list
# Get system information
npx @modelcontextprotocol/inspector --cli --config tests/mcp_inspector_config.json --server ciphertrust-local --method tools/call --tool-name system_information --tool-arg action=get
# Get 2 keys
npx @modelcontextprotocol/inspector --cli --config tests/mcp_inspector_config.json --server ciphertrust-local --method tools/call --tool-name key_management --tool-arg action=list --tool-arg limit=2
Available Testing Methods
- 🔧 Manual JSON-RPC Testing: Direct stdin/stdout communication for debugging and development
- 🖥️ Interactive UI Testing: Visual web interface for manual testing and debugging
- ⚡ CLI Automated Testing: Command-line automation for CI/CD integration
- 🧪 Python Unit Tests: Comprehensive unit testing for server components
- 🔗 Integration Tests: End-to-end testing with real CipherTrust Manager instances
NPM Scripts
After creating a package.json file:
npm run test:inspector:ui # Open interactive testing interface
npm run test:inspector:cli # Run automated CLI tests
npm run test:python # Run Python unit tests
npm run test:full # Run complete test suite
Comprehensive Testing Guide
📖 For detailed testing instructions, see TESTING.md
🔧 For example AI assistant prompts, see EXAMPLE_PROMPTS.md
The testing guide covers:
- Complete setup and configuration
- Advanced testing scenarios
The example prompts include:
- Key management operations
- User and group management
- System and service management
- Cluster management
- License management
- CTE operations
- Crypto operations
- And more practical scenarios
Integration with AI Assistants
Using with Cursor
1. Configure Cursor
- Go to Settings > MCP Tools > Add Custom MCP
- Add the following contents in the config file (e.g.,
mcp.json):
{
"mcpServers": {
"ciphertrust": {
"command": "Path to your project folder/ciphertrust-manager-mcp-server/.venv/bin/ciphertrust-mcp-server",
"args": [],
"env": {
"CIPHERTRUST_URL": "https://your-ciphertrust.example.com",
"CIPHERTRUST_USER": "admin",
"CIPHERTRUST_PASSWORD": "your-password-here"
}
}
}
}
On Windows, use the .venv\Scripts\ciphertrust-mcp-server.exe path and double backslashes:
{
"mcpServers": {
"ciphertrust": {
"command": "C:\\path\\to\\ciphertrust-manager-mcp-server\\.venv\\Scripts\\ciphertrust-mcp-server",
"args": [],
"env": {
"CIPHERTRUST_URL": "https://your-ciphertrust.example.com",
"CIPHERTRUST_USER": "admin",
"CIPHERTRUST_PASSWORD": "your-password-here"
}
}
}
}
2. Apply Configuration
Disable and Re-enable the CipherTrust MCP server in Cursor to apply the changes.
Using with Claude Desktop
1. Locate or create the Claude Desktop config file:
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Roaming\Claude\claude_desktop_config.json
2. Add or update the MCP server configuration:
macOS/Linux Example:
{
"mcpServers": {
"ciphertrust": {
"command": "/absolute/path/to/ciphertrust-manager-mcp-server/.venv/bin/ciphertrust-mcp-server",
"env": {
"CIPHERTRUST_URL": "https://your-ciphertrust.example.com",
"CIPHERTRUST_USER": "admin",
"CIPHERTRUST_PASSWORD": "your-password-here"
}
}
}
}
Windows Example:
{
"mcpServers": {
"ciphertrust": {
"command": "C:\\absolute\\path\\to\\ciphertrust-manager-mcp-server\\.venv\\Scripts\\ciphertrust-mcp-server",
"env": {
"CIPHERTRUST_URL": "https://your-ciphertrust.example.com",
"CIPHERTRUST_USER": "admin",
"CIPHERTRUST_PASSWORD": "your-password-here"
}
}
}
}
Adjust the path to match your actual project location and environment.
3. Restart Claude Desktop
Restart Claude Desktop to apply the changes.
Environment Variables
Set these in your shell or in a .env file in the project root:
| Variable Name | Description | Required/Default |
|---|---|---|
CIPHERTRUST_URL |
CipherTrust Manager URL (http/https) | Required |
CIPHERTRUST_USER |
CipherTrust Manager username | Required |
CIPHERTRUST_PASSWORD |
CipherTrust Manager password | Required |
CIPHERTRUST_NOSSLVERIFY |
Disable SSL verification (true/false) | false |
CIPHERTRUST_TIMEOUT |
Timeout for CipherTrust requests (seconds) | 30 |
CIPHERTRUST_DOMAIN |
Default CipherTrust domain | root |
CIPHERTRUST_AUTH_DOMAIN |
Authentication domain | root |
KSCTL_PATH |
Path to ksctl binary | ~/.ciphertrust-mcp/ksctl |
KSCTL_CONFIG_PATH |
Path to ksctl config file | ~/.ksctl/config.yaml |
LOG_LEVEL |
Logging level (DEBUG, INFO) | INFO |
Example .env file:
CIPHERTRUST_URL=https://your-ciphertrust.example.com
CIPHERTRUST_USER=admin
CIPHERTRUST_PASSWORD=yourpassword
CIPHERTRUST_NOSSLVERIFY=false
CIPHERTRUST_TIMEOUT=30
CIPHERTRUST_DOMAIN=root
CIPHERTRUST_AUTH_DOMAIN=root
KSCTL_PATH=
KSCTL_CONFIG_PATH=
LOG_LEVEL=INFO
Troubleshooting
Successful startup logs:
- The server is designed to be run as a subprocess by MCP clients (like Claude Desktop or Cursor) and communicates via JSON-RPC over stdin/stdout.
- You'll see log output like in the AI assistant's MCP log:
2025-06-16 02:22:30,462 - ciphertrust_mcp_server.server - INFO - Starting ciphertrust-manager v0.1.0
2025-06-16 02:22:30,838 - ciphertrust_mcp_server.server - INFO - Successfully connected to CipherTrust Manager
2025-06-16 02:22:30,838 - ciphertrust_mcp_server.server - INFO - MCP server ready and waiting for JSON-RPC messages on stdin...
Dependencies
The pyproject.toml file includes these dependencies:
mcp>=1.0.0pydantic>=2.0.0pydantic-settings>=2.0.0httpx>=0.27.0python-dotenv>=1.0.0
If you encounter issues, ensure all dependencies are installed and up-to-date.
Project Structure
ciphertrust-manager-mcp-server/
├── src
│ ├── ciphertrust_mcp_server/ # Main server code
├── tests/ # Testing configuration and unit tests
│ ├── mcp_inspector_config.json
│ ├── test_scenarios.json
│ ├── test_server.py
│ └── test_integration_simple.py
├── scripts/ # Testing and utility scripts
│ ├── test_with_inspector.bat
│ ├── test_with_inspector.sh
│ └── run_tests.py
├── docs/ # Additional documentation
│ ├── TESTING.md
│ ├── EXAMPLE_PROMPTS.md
│ └── TOOLS.md
├── README.md # This file
├── pyproject.toml # Python dependencies
└── package.json # Node.js dependencies for testing
Contributing
Contributions are welcome! Please feel free to submit a Pull Request. While this started as a personal project, contributions help make it better for everyone.
Legal
Trademark Notice
CipherTrust® and related trademarks are the property of Thales Group and its subsidiaries. This project is not affiliated with, endorsed by, or sponsored by Thales Group.
No Warranty
This software is provided "as is" without warranty of any kind. Use at your own risk.
Support
This is an independent project. For official CipherTrust Manager support, please contact Thales directly. For issues with this unofficial MCP server, please use the GitHub issue tracker.
License
This project is licensed under the MIT License. See the LICENSE file for details.
Ciphertrust Manager MCP Server Reviews
Login Required
Please log in to share your review and rating for this MCP.
Actions
Ciphertrust Manager MCP Server's Information
- Author
- sanyambassi
- Category
- Security
- Language
- Python
- License
- MIT License
- Version
- v1.0.0
- Stars
- 5
- Updated
- 21 days ago
Similar MCP Servers like Ciphertrust Manager MCP Server
Explore related MCPs that share similar capabilities and solve comparable challenges
SafeLine
by chaitin
A self‑hosted web application firewall and reverse proxy that protects web applications from attacks and exploits by filtering, monitoring, and blocking malicious HTTP/S traffic.
Burp MCP Server
by PortSwigger
Enables Burp Suite to communicate with AI clients via the Model Context Protocol, providing an MCP server and bundled stdio proxy.
Cycode CLI
by cycodehq
Boost security in the development lifecycle via SAST, SCA, secrets, and IaC scanning.
Keycloak MCP Server
by ChristophEnglisch
Provides AI‑powered administration of Keycloak users and realms through the Model Context Protocol, enabling automated creation, deletion, and listing of users and realms from MCP clients such as Claude Desktop.
OpenCTI MCP Server
by Spathodea-Network
Provides a Model Context Protocol server that enables querying and retrieving threat intelligence data from OpenCTI through a standardized interface.
Authenticator App MCP Server
Officialby firstorderai
Provides seamless access to two‑factor authentication codes and passwords for AI agents, enabling automated login while maintaining security.
OPNSense MCP Server
by vespo92
Manage OPNsense firewalls through conversational AI, providing network configuration, device discovery, DNS filtering, HAProxy setup, and backup/restore via simple commands.
MalwareBazaar MCP
by mytechnotalent
Provides an AI-driven interface to Malware Bazaar, delivering real-time threat intelligence and sample metadata for authorized cybersecurity research workflows.
Attestable MCP Server
by co-browser
Verify that any MCP server is running the intended and untampered code via hardware attestation.