CipherTrust Manager

CipherTrust Manager MCP Server: What is it?

The CipherTrust Manager MCP Server is an unofficial, independently developed open-source project that acts as an MCP (Model Context Protocol) server for Thales CipherTrust Manager. It enables AI assistants like Claude Desktop and Cursor to interact with CipherTrust Manager resources using the ksctl CLI. This project is not affiliated with or supported by Thales Group.

How to Use CipherTrust Manager MCP Server

Prerequisites

• Git
• Python 3.11 or higher
• uv for dependency management
• Access to a CipherTrust Manager instance
• Valid CipherTrust Manager credentials

Installation

1. Clone the repository:

   git clone https://github.com/sanyambassi/ciphertrust-manager-mcp-server.git
   cd ciphertrust-manager-mcp-server
   

2. Create a virtual environment and install dependencies:

   uv venv
   .venv\Scripts\activate  # On Windows
   # source .venv/bin/activate # On macOS/Linux
   uv pip install -e .
   

Configuration

Copy .env.example to .env and edit it with your CipherTrust Manager details:

CIPHERTRUST_URL=https://your-ciphertrust-manager.example.com
CIPHERTRUST_USER=admin
CIPHERTRUST_PASSWORD=your-password-here

Running the Server

uv run ciphertrust-mcp-server

Integration with AI Assistants

Configure your AI assistant (e.g., Cursor, Claude Desktop) to use the MCP server by providing the command and environment variables in their respective configuration files. Refer to the project's README.md for detailed instructions and example configurations.

Key Features of CipherTrust Manager MCP Server

• Unified Interface: Provides a single interface for AI assistants to interact with CipherTrust Manager.
• Comprehensive Operations: Supports various operations including key management, CTE client management, user management, and connection management.
• JSON-RPC Communication: Utilizes JSON-RPC over stdin/stdout for communication.
• Configurable: Allows configuration via environment variables.
• Extensive Testing: Includes comprehensive testing capabilities with Model Context Protocol Inspector and Python unit tests.

Use Cases of CipherTrust Manager MCP Server

• Automated Key Management: AI assistants can automate key management tasks within CipherTrust Manager.
• Secure Operations: Enables AI assistants to perform cryptographic operations and manage security policies.
• Integration with AI Workflows: Seamlessly integrates CipherTrust Manager functionalities into AI-driven workflows for enhanced security and automation.
• Development and Testing: Provides a robust environment for developing and testing integrations with CipherTrust Manager.

FAQ from CipherTrust Manager MCP Server

Q: Is this project officially supported by Thales? A: No, this is an unofficial, independently developed project and is not affiliated with, endorsed by, or supported by Thales Group.

Q: What kind of operations can AI assistants perform with this server? A: AI assistants can perform key management, CTE client management, user management, connection management, and more.

Q: How do I configure the server? A: The server can be configured using environment variables, typically set in a .env file.

Q: Where can I find detailed testing instructions? A: Comprehensive testing instructions are available in the TESTING.md file within the project repository.

Q: Are there example prompts for AI assistants? A: Yes, example AI assistant prompts are provided in the EXAMPLE_PROMPTS.md file.

CipherTrust Manager MCP Server

⚠️ Disclaimer: This is an unofficial, independently-developed project that is not affiliated with, endorsed by, or supported by Thales Group or any of its subsidiaries. This project uses publicly available APIs and interfaces to interact with CipherTrust Manager.

This project implements an independently-developed CipherTrust MCP (Model Context Protocol) server that allows AI Assistants like Claude or Cursor to interact with CipherTrust Manager resources using the ksctl CLI.

Table of Contents

• Important Notice
• Features
• Prerequisites
• Installation
• Configuration
• Usage
• Testing
• Integration with AI Assistants
• Environment Variables
• Troubleshooting
• Project Structure
• Contributing
• Legal
• License

Important Notice

This is an independent, open-source project. Please note:

• ⚠️ Not officially supported by Thales
• ✅ Uses public APIs and documented interfaces
• 🔧 Independently maintained
• 📝 Use at your own risk - test thoroughly in your environment
• 💼 No warranty - see license for full terms

For official CipherTrust Manager support, please contact Thales directly.

Features

The MCP server exposes a set of tools and endpoints for clients (such as Claude Desktop and Cursor) to interact with CipherTrust resources. Supported operations include:

• Key management
• CTE client management
• User management
• Connection management
• And more

Benefits:

• Unified interface for AI assistants to interact with CipherTrust Manager
• Support for key management, connection management, CTE client management, and more
• JSON-RPC communication over stdin/stdout
• Configurable via environment variables

Prerequisites

• Git
• Python 3.11 or higher
• uv for dependency management
• Access to a CipherTrust Manager instance
• Valid CipherTrust Manager credentials

Installing Git (Windows)

If you don't have Git installed on Windows, follow these steps:

• Download and install Git for Windows: https://git-scm.com/download/win
• Or install via winget:

  winget install --id Git.Git -e --source winget
  

• Verify installation - Open PowerShell and execute:

  git --version
  

  You should see the installed Git version.

Installing Python and uv

Method 1: Manual Installation

1. Download Python

# Open PowerShell as Administrator (optional)
cd $env:USERPROFILE\Downloads
Invoke-WebRequest -Uri "https://www.python.org/ftp/python/3.12.4/python-3.12.4-amd64.exe" -OutFile "python-installer.exe"

2. Run the Installer

.\python-installer.exe /quiet InstallAllUsers=1 PrependPath=1 Include_test=0

3. Verify Installation

Open a new terminal and run:

python --version
pip --version

4. Install uv

pip install uv
uv --version

5. Clone the Repository

git clone https://github.com/sanyambassi/ciphertrust-manager-mcp-server.git
cd ciphertrust-manager-mcp-server

6. Create a Virtual Environment and Install Dependencies

uv venv
.venv\Scripts\activate
uv pip install -e .

Method 2: Using winget (Windows)

1. Install Python with winget

winget install --id Python.Python.3.12 --source winget --accept-package-agreements --accept-source-agreements

2. Close and Reopen PowerShell

This ensures Python is available in your PATH.

3. Verify Installation

python --version
pip --version

4. Install uv

pip install uv
uv --version

5. Clone the Repository

git clone https://github.com/sanyambassi/ciphertrust-manager-mcp-server.git
cd ciphertrust-manager-mcp-server

6. Create a Virtual Environment and Install Dependencies

uv venv
.venv\Scripts\activate
uv pip install -e .

Configuration

(Optional) Copy and Edit the Example Environment File

Example .env:

cp .env.example .env
# Edit .env with your CipherTrust Manager details

You can also set these as environment variables directly instead of using a .env file.

Example .env content:

CIPHERTRUST_URL=https://your-ciphertrust-manager.example.com
CIPHERTRUST_USER=admin
CIPHERTRUST_PASSWORD=your-password-here

Usage

⚠️ Important: Before starting, either the environment variable or .env should contain a valid CipherTrust Manager URL.

You have two main ways to run the CipherTrust MCP Server:

Method 1: Direct Execution

uv run ciphertrust-mcp-server

This runs the main() function in ciphertrust_mcp_server/__main__.py.

Method 2: Module Execution

uv run python -m ciphertrust_mcp_server.__main__

Testing

This project includes comprehensive testing capabilities using the Model Context Protocol Inspector and Python unit tests.

Quick Testing

# Manual JSON-RPC testing (direct stdin/stdout)
uv run ciphertrust-mcp-server
# Then send JSON-RPC commands (see TESTING.md for details)

# Interactive UI testing (opens browser interface)
npx @modelcontextprotocol/inspector uv run ciphertrust-mcp-server

# Quick CLI testing
# Get tools
npx @modelcontextprotocol/inspector --cli --config tests/mcp_inspector_config.json --server ciphertrust-local --method tools/list
# Get system information
npx @modelcontextprotocol/inspector --cli --config tests/mcp_inspector_config.json --server ciphertrust-local --method tools/call --tool-name system_information --tool-arg action=get
# Get 2 keys
npx @modelcontextprotocol/inspector --cli --config tests/mcp_inspector_config.json --server ciphertrust-local --method tools/call --tool-name key_management --tool-arg action=list --tool-arg limit=2

Available Testing Methods

• 🔧 Manual JSON-RPC Testing: Direct stdin/stdout communication for debugging and development
• 🖥️ Interactive UI Testing: Visual web interface for manual testing and debugging
• ⚡ CLI Automated Testing: Command-line automation for CI/CD integration
• 🧪 Python Unit Tests: Comprehensive unit testing for server components
• 🔗 Integration Tests: End-to-end testing with real CipherTrust Manager instances

NPM Scripts

After creating a package.json file:

npm run test:inspector:ui     # Open interactive testing interface
npm run test:inspector:cli    # Run automated CLI tests
npm run test:python          # Run Python unit tests
npm run test:full           # Run complete test suite

Comprehensive Testing Guide

📖 For detailed testing instructions, see TESTING.md

🔧 For example AI assistant prompts, see EXAMPLE_PROMPTS.md

The testing guide covers:

• Complete setup and configuration
• Advanced testing scenarios

The example prompts include:

• Key management operations
• User and group management
• System and service management
• Cluster management
• License management
• CTE operations
• Crypto operations
• And more practical scenarios

Integration with AI Assistants

Using with Cursor

1. Configure Cursor

• Go to Settings > MCP Tools > Add Custom MCP
• Add the following contents in the config file (e.g., mcp.json):

{
  "mcpServers": {
    "ciphertrust": {
      "command": "Path to your project folder/ciphertrust-manager-mcp-server/.venv/bin/ciphertrust-mcp-server",
      "args": [],
      "env": {
        "CIPHERTRUST_URL": "https://your-ciphertrust.example.com",
        "CIPHERTRUST_USER": "admin",
        "CIPHERTRUST_PASSWORD": "your-password-here"
      }
    }
  }
}

On Windows, use the .venv\Scripts\ciphertrust-mcp-server.exe path and double backslashes:

{
  "mcpServers": {
    "ciphertrust": {
      "command": "C:\\path\\to\\ciphertrust-manager-mcp-server\\.venv\\Scripts\\ciphertrust-mcp-server",
      "args": [],
      "env": {
        "CIPHERTRUST_URL": "https://your-ciphertrust.example.com",
        "CIPHERTRUST_USER": "admin",
        "CIPHERTRUST_PASSWORD": "your-password-here"
      }
    }
  }
}

2. Apply Configuration

Disable and Re-enable the CipherTrust MCP server in Cursor to apply the changes.

Using with Claude Desktop

1. Locate or create the Claude Desktop config file:

• macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
• Windows: %APPDATA%\Roaming\Claude\claude_desktop_config.json

2. Add or update the MCP server configuration:

macOS/Linux Example:

{
  "mcpServers": {
    "ciphertrust": {
      "command": "/absolute/path/to/ciphertrust-manager-mcp-server/.venv/bin/ciphertrust-mcp-server",
      "env": {
        "CIPHERTRUST_URL": "https://your-ciphertrust.example.com",
        "CIPHERTRUST_USER": "admin",
        "CIPHERTRUST_PASSWORD": "your-password-here"
      }
    }
  }
}

Windows Example:

{
  "mcpServers": {
    "ciphertrust": {
      "command": "C:\\absolute\\path\\to\\ciphertrust-manager-mcp-server\\.venv\\Scripts\\ciphertrust-mcp-server",
      "env": {
        "CIPHERTRUST_URL": "https://your-ciphertrust.example.com",
        "CIPHERTRUST_USER": "admin",
        "CIPHERTRUST_PASSWORD": "your-password-here"
      }
    }
  }
}

Adjust the path to match your actual project location and environment.

3. Restart Claude Desktop

Restart Claude Desktop to apply the changes.

Environment Variables

Set these in your shell or in a .env file in the project root:

Variable Name	Description	Required/Default
CIPHERTRUST_URL	CipherTrust Manager URL (http/https)	Required
CIPHERTRUST_USER	CipherTrust Manager username	Required
CIPHERTRUST_PASSWORD	CipherTrust Manager password	Required
CIPHERTRUST_NOSSLVERIFY	Disable SSL verification (true/false)	false
CIPHERTRUST_TIMEOUT	Timeout for CipherTrust requests (seconds)	30
CIPHERTRUST_DOMAIN	Default CipherTrust domain	root
CIPHERTRUST_AUTH_DOMAIN	Authentication domain	root
KSCTL_PATH	Path to ksctl binary	~/.ciphertrust-mcp/ksctl
KSCTL_CONFIG_PATH	Path to ksctl config file	~/.ksctl/config.yaml
LOG_LEVEL	Logging level (DEBUG, INFO)	INFO

Example .env file:

CIPHERTRUST_URL=https://your-ciphertrust.example.com
CIPHERTRUST_USER=admin
CIPHERTRUST_PASSWORD=yourpassword
CIPHERTRUST_NOSSLVERIFY=false
CIPHERTRUST_TIMEOUT=30
CIPHERTRUST_DOMAIN=root
CIPHERTRUST_AUTH_DOMAIN=root
KSCTL_PATH=
KSCTL_CONFIG_PATH=
LOG_LEVEL=INFO

Troubleshooting

Successful startup logs:

• The server is designed to be run as a subprocess by MCP clients (like Claude Desktop or Cursor) and communicates via JSON-RPC over stdin/stdout.
• You'll see log output like in the AI assistant's MCP log:

2025-06-16 02:22:30,462 - ciphertrust_mcp_server.server - INFO - Starting ciphertrust-manager v0.1.0
2025-06-16 02:22:30,838 - ciphertrust_mcp_server.server - INFO - Successfully connected to CipherTrust Manager
2025-06-16 02:22:30,838 - ciphertrust_mcp_server.server - INFO - MCP server ready and waiting for JSON-RPC messages on stdin...

Dependencies

The pyproject.toml file includes these dependencies:

• mcp>=1.0.0
• pydantic>=2.0.0
• pydantic-settings>=2.0.0
• httpx>=0.27.0
• python-dotenv>=1.0.0

If you encounter issues, ensure all dependencies are installed and up-to-date.

Project Structure

ciphertrust-manager-mcp-server/
├── src
│   ├── ciphertrust_mcp_server/     # Main server code
├── tests/                      	# Testing configuration and unit tests
│   ├── mcp_inspector_config.json
│   ├── test_scenarios.json
│   ├── test_server.py
│   └── test_integration_simple.py
├── scripts/                    	# Testing and utility scripts
│   ├── test_with_inspector.bat
│   ├── test_with_inspector.sh
│   └── run_tests.py
├── docs/                      		# Additional documentation
├── TESTING.md                  	# Comprehensive testing guide
├── EXAMPLE_PROMPTS.md          	# Example prompts for AI assistants
├── README.md                   	# This file
├── pyproject.toml             		# Python dependencies
└── package.json               		# Node.js dependencies for testing

Contributing

Contributions are welcome! Please feel free to submit a Pull Request. While this started as a personal project, contributions help make it better for everyone.

Legal

Trademark Notice

CipherTrust® and related trademarks are the property of Thales Group and its subsidiaries. This project is not affiliated with, endorsed by, or sponsored by Thales Group.

No Warranty

This software is provided "as is" without warranty of any kind. Use at your own risk.

Support

This is an independent project. For official CipherTrust Manager support, please contact Thales directly. For issues with this unofficial MCP server, please use the GitHub issue tracker.

License

This project is licensed under the MIT License. See the LICENSE file for details.

---

Built with ❤️ for the developer community