โ ๏ธ Disclaimer: This is an unofficial, independently-developed project that is not affiliated with, endorsed by, or supported by Thales Group or any of its subsidiaries. This project uses publicly available APIs and interfaces to interact with CipherTrust Manager.
This project implements an independently-developed CipherTrust MCP (Model Context Protocol) server that allows AI Assistants like Claude or Cursor to interact with CipherTrust Manager resources using the ksctl CLI.
- Important Notice
- Features
- Prerequisites
- Installation
- Configuration
- Usage
- Testing
- Integration with AI Assistants
- Environment Variables
- Troubleshooting
- Project Structure
- Contributing
- Legal
- License
This is an independent, open-source project. Please note:
โ ๏ธ Not officially supported by Thales- โ Uses public APIs and documented interfaces
- ๐ง Independently maintained
- ๐ Use at your own risk - test thoroughly in your environment
- ๐ผ No warranty - see license for full terms
For official CipherTrust Manager support, please contact Thales directly.
The MCP server exposes a set of tools and endpoints for clients (such as Claude Desktop and Cursor) to interact with CipherTrust resources. Supported operations include:
- Key management
- CTE client management
- User management
- Connection management
- And more
Benefits:
- Unified interface for AI assistants to interact with CipherTrust Manager
- Support for key management, connection management, CTE client management, and more
- JSON-RPC communication over stdin/stdout
- Configurable via environment variables
- Git
- Python 3.11 or higher
- uv for dependency management
- Access to a CipherTrust Manager instance
- Valid CipherTrust Manager credentials
If you don't have Git installed on Windows, follow these steps:
- Download and install Git for Windows: https://git-scm.com/download/win
- Or install via winget:
winget install --id Git.Git -e --source winget
- Verify installation - Open PowerShell and execute:
You should see the installed Git version.
git --version
# Open PowerShell as Administrator (optional)
cd $env:USERPROFILE\Downloads
Invoke-WebRequest -Uri "https://www.python.org/ftp/python/3.12.4/python-3.12.4-amd64.exe" -OutFile "python-installer.exe".\python-installer.exe /quiet InstallAllUsers=1 PrependPath=1 Include_test=0Open a new terminal and run:
python --version
pip --versionpip install uv
uv --versiongit clone https://github.com/sanyambassi/ciphertrust-manager-mcp-server.git
cd ciphertrust-manager-mcp-serveruv venv
.venv\Scripts\activate
uv pip install -e .winget install --id Python.Python.3.12 --source winget --accept-package-agreements --accept-source-agreementsThis ensures Python is available in your PATH.
python --version
pip --versionpip install uv
uv --versiongit clone https://github.com/sanyambassi/ciphertrust-manager-mcp-server.git
cd ciphertrust-manager-mcp-serveruv venv
.venv\Scripts\activate
uv pip install -e .Example .env:
cp .env.example .env
# Edit .env with your CipherTrust Manager detailsYou can also set these as environment variables directly instead of using a .env file.
Example .env content:
CIPHERTRUST_URL=https://your-ciphertrust-manager.example.com
CIPHERTRUST_USER=admin
CIPHERTRUST_PASSWORD=your-password-here
You have two main ways to run the CipherTrust MCP Server:
uv run ciphertrust-mcp-serverThis runs the main() function in ciphertrust_mcp_server/__main__.py.
uv run python -m ciphertrust_mcp_server.__main__This project includes comprehensive testing capabilities using the Model Context Protocol Inspector and Python unit tests.
# Manual JSON-RPC testing (direct stdin/stdout)
uv run ciphertrust-mcp-server
# Then send JSON-RPC commands (see TESTING.md for details)
# Interactive UI testing (opens browser interface)
npx @modelcontextprotocol/inspector uv run ciphertrust-mcp-server
# Quick CLI testing
# Get tools
npx @modelcontextprotocol/inspector --cli --config tests/mcp_inspector_config.json --server ciphertrust-local --method tools/list
# Get system information
npx @modelcontextprotocol/inspector --cli --config tests/mcp_inspector_config.json --server ciphertrust-local --method tools/call --tool-name system_information --tool-arg action=get
# Get 2 keys
npx @modelcontextprotocol/inspector --cli --config tests/mcp_inspector_config.json --server ciphertrust-local --method tools/call --tool-name key_management --tool-arg action=list --tool-arg limit=2- ๐ง Manual JSON-RPC Testing: Direct stdin/stdout communication for debugging and development
- ๐ฅ๏ธ Interactive UI Testing: Visual web interface for manual testing and debugging
- โก CLI Automated Testing: Command-line automation for CI/CD integration
- ๐งช Python Unit Tests: Comprehensive unit testing for server components
- ๐ Integration Tests: End-to-end testing with real CipherTrust Manager instances
After creating a package.json file:
npm run test:inspector:ui # Open interactive testing interface
npm run test:inspector:cli # Run automated CLI tests
npm run test:python # Run Python unit tests
npm run test:full # Run complete test suite๐ For detailed testing instructions, see TESTING.md
๐ง For example AI assistant prompts, see EXAMPLE_PROMPTS.md
The testing guide covers:
- Complete setup and configuration
- Advanced testing scenarios
The example prompts include:
- Key management operations
- User and group management
- System and service management
- Cluster management
- License management
- CTE operations
- Crypto operations
- And more practical scenarios
- Go to Settings > MCP Tools > Add Custom MCP
- Add the following contents in the config file (e.g.,
mcp.json):
{
"mcpServers": {
"ciphertrust": {
"command": "Path to your project folder/ciphertrust-manager-mcp-server/.venv/bin/ciphertrust-mcp-server",
"args": [],
"env": {
"CIPHERTRUST_URL": "https://your-ciphertrust.example.com",
"CIPHERTRUST_USER": "admin",
"CIPHERTRUST_PASSWORD": "your-password-here"
}
}
}
}On Windows, use the .venv\Scripts\ciphertrust-mcp-server.exe path and double backslashes:
{
"mcpServers": {
"ciphertrust": {
"command": "C:\\path\\to\\ciphertrust-manager-mcp-server\\.venv\\Scripts\\ciphertrust-mcp-server",
"args": [],
"env": {
"CIPHERTRUST_URL": "https://your-ciphertrust.example.com",
"CIPHERTRUST_USER": "admin",
"CIPHERTRUST_PASSWORD": "your-password-here"
}
}
}
}Disable and Re-enable the CipherTrust MCP server in Cursor to apply the changes.
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Roaming\Claude\claude_desktop_config.json
macOS/Linux Example:
{
"mcpServers": {
"ciphertrust": {
"command": "/absolute/path/to/ciphertrust-manager-mcp-server/.venv/bin/ciphertrust-mcp-server",
"env": {
"CIPHERTRUST_URL": "https://your-ciphertrust.example.com",
"CIPHERTRUST_USER": "admin",
"CIPHERTRUST_PASSWORD": "your-password-here"
}
}
}
}Windows Example:
{
"mcpServers": {
"ciphertrust": {
"command": "C:\\absolute\\path\\to\\ciphertrust-manager-mcp-server\\.venv\\Scripts\\ciphertrust-mcp-server",
"env": {
"CIPHERTRUST_URL": "https://your-ciphertrust.example.com",
"CIPHERTRUST_USER": "admin",
"CIPHERTRUST_PASSWORD": "your-password-here"
}
}
}
}Adjust the path to match your actual project location and environment.
Restart Claude Desktop to apply the changes.
Set these in your shell or in a .env file in the project root:
| Variable Name | Description | Required/Default |
|---|---|---|
CIPHERTRUST_URL |
CipherTrust Manager URL (http/https) | Required |
CIPHERTRUST_USER |
CipherTrust Manager username | Required |
CIPHERTRUST_PASSWORD |
CipherTrust Manager password | Required |
CIPHERTRUST_NOSSLVERIFY |
Disable SSL verification (true/false) | false |
CIPHERTRUST_TIMEOUT |
Timeout for CipherTrust requests (seconds) | 30 |
CIPHERTRUST_DOMAIN |
Default CipherTrust domain | root |
CIPHERTRUST_AUTH_DOMAIN |
Authentication domain | root |
KSCTL_PATH |
Path to ksctl binary | ~/.ciphertrust-mcp/ksctl |
KSCTL_CONFIG_PATH |
Path to ksctl config file | ~/.ksctl/config.yaml |
LOG_LEVEL |
Logging level (DEBUG, INFO) | INFO |
Example .env file:
CIPHERTRUST_URL=https://your-ciphertrust.example.com
CIPHERTRUST_USER=admin
CIPHERTRUST_PASSWORD=yourpassword
CIPHERTRUST_NOSSLVERIFY=false
CIPHERTRUST_TIMEOUT=30
CIPHERTRUST_DOMAIN=root
CIPHERTRUST_AUTH_DOMAIN=root
KSCTL_PATH=
KSCTL_CONFIG_PATH=
LOG_LEVEL=INFO- The server is designed to be run as a subprocess by MCP clients (like Claude Desktop or Cursor) and communicates via JSON-RPC over stdin/stdout.
- You'll see log output like in the AI assistant's MCP log:
2025-06-16 02:22:30,462 - ciphertrust_mcp_server.server - INFO - Starting ciphertrust-manager v0.1.0
2025-06-16 02:22:30,838 - ciphertrust_mcp_server.server - INFO - Successfully connected to CipherTrust Manager
2025-06-16 02:22:30,838 - ciphertrust_mcp_server.server - INFO - MCP server ready and waiting for JSON-RPC messages on stdin...
The pyproject.toml file includes these dependencies:
mcp>=1.0.0pydantic>=2.0.0pydantic-settings>=2.0.0httpx>=0.27.0python-dotenv>=1.0.0
If you encounter issues, ensure all dependencies are installed and up-to-date.
ciphertrust-manager-mcp-server/
โโโ src
โ โโโ ciphertrust_mcp_server/ # Main server code
โโโ tests/ # Testing configuration and unit tests
โ โโโ mcp_inspector_config.json
โ โโโ test_scenarios.json
โ โโโ test_server.py
โ โโโ test_integration_simple.py
โโโ scripts/ # Testing and utility scripts
โ โโโ test_with_inspector.bat
โ โโโ test_with_inspector.sh
โ โโโ run_tests.py
โโโ docs/ # Additional documentation
โโโ TESTING.md # Comprehensive testing guide
โโโ EXAMPLE_PROMPTS.md # Example prompts for AI assistants
โโโ README.md # This file
โโโ pyproject.toml # Python dependencies
โโโ package.json # Node.js dependencies for testing
Contributions are welcome! Please feel free to submit a Pull Request. While this started as a personal project, contributions help make it better for everyone.
CipherTrustยฎ and related trademarks are the property of Thales Group and its subsidiaries. This project is not affiliated with, endorsed by, or sponsored by Thales Group.
This software is provided "as is" without warranty of any kind. Use at your own risk.
This is an independent project. For official CipherTrust Manager support, please contact Thales directly. For issues with this unofficial MCP server, please use the GitHub issue tracker.
This project is licensed under the MIT License. See the LICENSE file for details.
Built with โค๏ธ for the developer community