Labsco
sanyambassi logo

CipherTrust Manager

โ˜… 9

from sanyambassi

Interact with CipherTrust Manager resources using the ksctl command-line interface.

๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅโœ“ VerifiedAccount requiredAdvanced setup

CipherTrust Manager MCP Server

This project implements an independently-developed CipherTrust MCP (Model Context Protocol) server that allows AI Assistants like Claude or Cursor to interact with CipherTrust Manager resources using the ksctl CLI.

Table of Contents

Important Notice

This is an independent, open-source project. Please note:

  • โš ๏ธ Not officially supported by Thales
  • โœ… Uses public APIs and documented interfaces
  • ๐Ÿ”ง Independently maintained
  • ๐Ÿ“ Use at your own risk - test thoroughly in your environment
  • ๐Ÿ’ผ No warranty - see license for full terms

For official CipherTrust Manager support, please contact Thales directly.

Features

The MCP server exposes a set of tools and endpoints for clients (such as Claude Desktop and Cursor) to interact with CipherTrust resources. Supported operations include:

  • Key management
  • CTE client management
  • User management
  • Connection management
  • And more

Benefits:

  • Unified interface for AI assistants to interact with CipherTrust Manager
  • Support for key management, connection management, CTE client management, and more
  • JSON-RPC communication over stdin/stdout
  • Configurable via environment variables

Testing

This project includes comprehensive testing capabilities using the Model Context Protocol Inspector and Python unit tests.

Quick Testing

# Manual JSON-RPC testing (direct stdin/stdout)
uv run ciphertrust-mcp-server
# Then send JSON-RPC commands (see TESTING.md for details)

# Interactive UI testing (opens browser interface)
npx @modelcontextprotocol/inspector uv run ciphertrust-mcp-server

# Quick CLI testing
# Get tools
npx @modelcontextprotocol/inspector --cli --config tests/mcp_inspector_config.json --server ciphertrust-local --method tools/list
# Get system information
npx @modelcontextprotocol/inspector --cli --config tests/mcp_inspector_config.json --server ciphertrust-local --method tools/call --tool-name system_information --tool-arg action=get
# Get 2 keys
npx @modelcontextprotocol/inspector --cli --config tests/mcp_inspector_config.json --server ciphertrust-local --method tools/call --tool-name key_management --tool-arg action=list --tool-arg limit=2

Available Testing Methods

  • ๐Ÿ”ง Manual JSON-RPC Testing: Direct stdin/stdout communication for debugging and development
  • ๐Ÿ–ฅ๏ธ Interactive UI Testing: Visual web interface for manual testing and debugging
  • โšก CLI Automated Testing: Command-line automation for CI/CD integration
  • ๐Ÿงช Python Unit Tests: Comprehensive unit testing for server components
  • ๐Ÿ”— Integration Tests: End-to-end testing with real CipherTrust Manager instances

NPM Scripts

After creating a package.json file:

npm run test:inspector:ui     # Open interactive testing interface
npm run test:inspector:cli    # Run automated CLI tests
npm run test:python          # Run Python unit tests
npm run test:full           # Run complete test suite

Comprehensive Testing Guide

๐Ÿ“– For detailed testing instructions, see TESTING.md

๐Ÿ”ง For example AI assistant prompts, see EXAMPLE_PROMPTS.md

The testing guide covers:

  • Complete setup and configuration
  • Advanced testing scenarios

The example prompts include:

  • Key management operations
  • User and group management
  • System and service management
  • Cluster management
  • License management
  • CTE operations
  • Crypto operations
  • And more practical scenarios

Integration with AI Assistants

Using with Cursor

1. Configure Cursor

  • Go to Settings > MCP Tools > Add Custom MCP
  • Add the following contents in the config file (e.g., mcp.json):
{
  "mcpServers": {
    "ciphertrust": {
      "command": "Path to your project folder/ciphertrust-manager-mcp-server/.venv/bin/ciphertrust-mcp-server",
      "args": [],
      "env": {
        "CIPHERTRUST_URL": "https://your-ciphertrust.example.com",
        "CIPHERTRUST_USER": "admin",
        "CIPHERTRUST_PASSWORD": "your-password-here"
      }
    }
  }
}

On Windows, use the .venv\Scripts\ciphertrust-mcp-server.exe path and double backslashes:

{
  "mcpServers": {
    "ciphertrust": {
      "command": "C:\\path\\to\\ciphertrust-manager-mcp-server\\.venv\\Scripts\\ciphertrust-mcp-server",
      "args": [],
      "env": {
        "CIPHERTRUST_URL": "https://your-ciphertrust.example.com",
        "CIPHERTRUST_USER": "admin",
        "CIPHERTRUST_PASSWORD": "your-password-here"
      }
    }
  }
}

2. Apply Configuration

Disable and Re-enable the CipherTrust MCP server in Cursor to apply the changes.

Using with Claude Desktop

1. Locate or create the Claude Desktop config file:

  • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
  • Windows: %APPDATA%\Roaming\Claude\claude_desktop_config.json

2. Add or update the MCP server configuration:

macOS/Linux Example:

{
  "mcpServers": {
    "ciphertrust": {
      "command": "/absolute/path/to/ciphertrust-manager-mcp-server/.venv/bin/ciphertrust-mcp-server",
      "env": {
        "CIPHERTRUST_URL": "https://your-ciphertrust.example.com",
        "CIPHERTRUST_USER": "admin",
        "CIPHERTRUST_PASSWORD": "your-password-here"
      }
    }
  }
}

Windows Example:

{
  "mcpServers": {
    "ciphertrust": {
      "command": "C:\\absolute\\path\\to\\ciphertrust-manager-mcp-server\\.venv\\Scripts\\ciphertrust-mcp-server",
      "env": {
        "CIPHERTRUST_URL": "https://your-ciphertrust.example.com",
        "CIPHERTRUST_USER": "admin",
        "CIPHERTRUST_PASSWORD": "your-password-here"
      }
    }
  }
}

Adjust the path to match your actual project location and environment.

3. Restart Claude Desktop

Restart Claude Desktop to apply the changes.

Environment Variables

Set these in your shell or in a .env file in the project root:

Variable NameDescriptionRequired/Default
CIPHERTRUST_URLCipherTrust Manager URL (http/https)Required
CIPHERTRUST_USERCipherTrust Manager usernameRequired
CIPHERTRUST_PASSWORDCipherTrust Manager passwordRequired
CIPHERTRUST_NOSSLVERIFYDisable SSL verification (true/false)false
CIPHERTRUST_TIMEOUTTimeout for CipherTrust requests (seconds)30
CIPHERTRUST_DOMAINDefault CipherTrust domainroot
CIPHERTRUST_AUTH_DOMAINAuthentication domainroot
KSCTL_PATHPath to ksctl binary~/.ciphertrust-mcp/ksctl
KSCTL_CONFIG_PATHPath to ksctl config file~/.ksctl/config.yaml
LOG_LEVELLogging level (DEBUG, INFO)INFO

Example .env file:

CIPHERTRUST_URL=https://your-ciphertrust.example.com
CIPHERTRUST_USER=admin
CIPHERTRUST_PASSWORD=yourpassword
CIPHERTRUST_NOSSLVERIFY=false
CIPHERTRUST_TIMEOUT=30
CIPHERTRUST_DOMAIN=root
CIPHERTRUST_AUTH_DOMAIN=root
KSCTL_PATH=
KSCTL_CONFIG_PATH=
LOG_LEVEL=INFO

Project Structure

ciphertrust-manager-mcp-server/
โ”œโ”€โ”€ src
โ”‚   โ”œโ”€โ”€ ciphertrust_mcp_server/     # Main server code
โ”œโ”€โ”€ tests/                      	# Testing configuration and unit tests
โ”‚   โ”œโ”€โ”€ mcp_inspector_config.json
โ”‚   โ”œโ”€โ”€ test_scenarios.json
โ”‚   โ”œโ”€โ”€ test_server.py
โ”‚   โ””โ”€โ”€ test_integration_simple.py
โ”œโ”€โ”€ scripts/                    	# Testing and utility scripts
โ”‚   โ”œโ”€โ”€ test_with_inspector.bat
โ”‚   โ”œโ”€โ”€ test_with_inspector.sh
โ”‚   โ””โ”€โ”€ run_tests.py
โ”œโ”€โ”€ docs/                      		# Additional documentation
โ”‚   โ”œโ”€โ”€ TESTING.md
โ”‚   โ”œโ”€โ”€ EXAMPLE_PROMPTS.md
โ”‚   โ””โ”€โ”€ TOOLS.md
โ”œโ”€โ”€ README.md                   	# This file
โ”œโ”€โ”€ pyproject.toml             		# Python dependencies
โ””โ”€โ”€ package.json               		# Node.js dependencies for testing

Trademark Notice

CipherTrustยฎ and related trademarks are the property of Thales Group and its subsidiaries. This project is not affiliated with, endorsed by, or sponsored by Thales Group.

No Warranty

This software is provided "as is" without warranty of any kind. Use at your own risk.

Support

This is an independent project. For official CipherTrust Manager support, please contact Thales directly. For issues with this unofficial MCP server, please use the GitHub issue tracker.