Thales CSM MCP Server
Intelligent secrets and key management server with AI-powered app security migration.
Key Features
Use Cases
README
Thales CSM MCP Server
Simple MCP server for Thales CipherTrust Secrets Management, powered by Akeyless.
🎬 Demo Videos
📹 Part I: Usage & Functionality - Watch on YouTube
This video demonstrates:
- Setting up Cursor AI integration
- Creating and managing secrets and DFC Keys through AI chat
- Security compliance workflows
- Example prompts and functionality
📹 Part II: Deployment & Installation - Watch on YouTube
This video covers:
- Step-by-step installation process
- Configuration and setup
- Deployment options
🎯 Key Features
Intelligent App Development & Security Migration
The server includes a powerful prompt that automatically determines whether you want to:
- Create a NEW app with built-in CipherTrust integration
- Secure an EXISTING app by migrating hardcoded secrets to CipherTrust
For New Apps:
- Generates complete Python implementations with CipherTrust integration
- Uses the
get_api_referencetool for native API integration - Provides production-ready code with proper error handling
For Existing Apps:
- Scans codebase for hardcoded secrets using intelligent detection
- Categorizes secrets by type (key-value pairs vs standalone)
- Uses
manage_secretsMCP tool to create CipherTrust secrets - Generates migration reports and updated code
- Provides testing and validation instructions
Secret Type Classification:
- Key-Value Pairs/JSON format: AWS credentials, database configs, OAuth tokens
- Standalone Secrets (Text format): Single passwords, individual tokens, certificates
📋 Prerequisites
Before you begin, ensure you have the following installed on your system:
- Python 3.8+: Required for running the MCP server
- uv: Modern Python package manager (recommended) or pip
- git: For cloning the repository
- dotenv: Environment variable management
- fastmcp: MCP server framework
- Thales CipherTrust Manager access
- Valid Akeyless credentials
Installing Prerequisites
Python
# Check if Python is installed
python --version
# or
python3 --version
# Install Python (Ubuntu/Debian)
sudo apt update && sudo apt install python3 python3-pip
# Install Python (macOS)
brew install python
# Install Python (Windows)
# Download from https://python.org
uv (Recommended)
# Install uv
pip install uv
# Verify installation
uv --version
git
# Check if git is installed
git --version
# Install git (Ubuntu/Debian)
sudo apt update && sudo apt install git
# Install git (macOS)
brew install git
# Install git (Windows)
# Download from https://git-scm.com
dotenv
# Check if python-dotenv is installed
python -c "import dotenv; print('dotenv available')"
# Install python-dotenv
pip install python-dotenv
# Verify installation
python -c "import dotenv; print(f'dotenv version: {dotenv.__version__}')"
fastmcp
# Check if fastmcp is installed
python -c "import fastmcp; print('fastmcp available')"
# Install fastmcp
pip install fastmcp
# Verify installation
python -c "import fastmcp; print(f'fastmcp version: {fastmcp.__version__}')"
🚀 What this MCP server features
- Secrets Management: Create, read, update, delete secrets
- DFC Key Management: DFC encryption keys (AES, RSA)
- Account Management: Get Akeyless account details
- Analytics: Fetch analytics data
- Authentication Methods: Manage Authentication Methods
- App Development & Security: Intelligent app creation and secret migration
- Roles: Manage Roles
- Targets: Manage Targets
- Security: Guidelines and best practices
- MCP Protocol: Model Context Protocol compliance
⚡ Quick Start
1. Install
Option A: Using pip (Traditional)
git clone https://github.com/sanyambassi/thales-cdsp-csm-mcp-server
cd thales-cdsp-csm-mcp-server
pip install -r requirements.txt
Option B: Using uv (Recommended)
# Install uv if you don't have it
pip install uv
# Clone and setup
git clone https://github.com/sanyambassi/thales-cdsp-csm-mcp-server
cd thales-cdsp-csm-mcp-server
# Install dependencies (creates .venv automatically)
uv sync
2. Configure
Create .env file:
AKEYLESS_ACCESS_ID=your_access_id
AKEYLESS_ACCESS_KEY=your_access_key
AKEYLESS_API_URL=https://your-ciphertrust-manager/akeyless-api/v2
LOG_LEVEL=INFO
AKEYLESS_VERIFY_SSL=false
3. Run
Using pip (Traditional)
# stdio mode
python main.py
# HTTP mode
python main.py --transport streamable-http --host localhost --port 8000
Using uv (Recommended)
# stdio mode
uv run python main.py
# HTTP mode
uv run python main.py --transport streamable-http --host localhost --port 8000
🛠️ Available Tools
| Tool | Description |
|---|---|
manage_secrets |
Create static secrets, get static secret values, update, delete secrets (static, dynamic, rotated) with type filtering and dynamic secret creation |
manage_dfc_keys |
Manage encryption keys |
manage_auth_methods |
Authentication and access control |
manage_rotation |
Secret rotation policies |
manage_customer_fragments |
Enhanced security features |
security_guidelines |
Security best practices |
manage_roles |
List and get role information |
manage_targets |
List, get, and create targets |
manage_analytics |
Get analytics and monitoring data |
manage_account |
Get account settings and licensing |
get_api_reference |
Get API reference for native Akeyless integrations (generic workflows + S3 example) |
🔍 Test It
# Run tests
python tests/run_tests.py
python.exe tests\test_mcp_protocol.py
# Test health endpoint (HTTP mode)
curl http://localhost:8000/health
📚 Documentation
- TRANSPORT_MODES.md - How to run
- TOOLS.md - What tools do
- TESTING.md - Complete testing guide
- AI Assistant Configs - MCP json examples for AI Assistants
🎯 Use Cases
- AI Assistants: Claude Desktop, Cursor AI
- Web Applications: REST API integration
- Automation: CI/CD, scripts, tools
- Enterprise: Secrets management, compliance
🤖 AI Assistant Integration
Claude Desktop
{
"mcpServers": {
"thales-csm": {
"command": "python",
"args": ["main.py", "--transport", "stdio"],
"env": {
"AKEYLESS_ACCESS_ID": "your_access_id_here",
"AKEYLESS_ACCESS_KEY": "your_access_key_here",
"AKEYLESS_API_URL": "https://your-ciphertrust-manager/akeyless-api/v2",
"LOG_LEVEL": "INFO"
}
}
}
}
Cursor AI
{
"mcpServers": {
"thales-csm": {
"command": "python",
"args": ["main.py", "--transport", "stdio"],
"env": {
"AKEYLESS_ACCESS_ID": "your_access_id_here",
"AKEYLESS_ACCESS_KEY": "your_access_key_here",
"AKEYLESS_API_URL": "https://your-ciphertrust-manager/akeyless-api/v2",
"LOG_LEVEL": "INFO"
}
}
}
}
Configuration Parameters
env: Environment variables for Akeyless authentication and loggingcommand: Python executable to run the serverargs: Command line arguments for the server
⚠️ Important Notes
- Full Path Required:
argsmust include the full absolute path tomain.py - Windows Paths: Use double backslashes
\\in Windows paths (e.g.,C:\\thales-cdsp-csm-mcp-server\\main.py) - Unix Paths: Use forward slashes
/in Unix/Linux paths (e.g.,/home/user/thales-cdsp-csm-mcp-server/main.py)
Configuration Templates
- config/mcp-config-uv.json - UV package manager setup
- config/mcp-config.json - Basic configuration template
🤝 Support
- Issues: GitHub Issues
- Documentation: Check the docs folder above
📄 License
This project is licensed under the MIT License - see the LICENSE file for details.
Star History
Repository Owner
User
Repository Details
Programming Languages
Topics
Join Our Newsletter
Stay updated with the latest AI tools, news, and offers by subscribing to our weekly newsletter.
Related MCPs
Discover similar Model Context Protocol servers
Thales CipherTrust Data Security Platform CAKM MCP Server
MCP server for unified database TDE/Encryption management via CipherTrust.
Thales CipherTrust Data Security Platform CAKM MCP Server implements the Model Context Protocol (MCP) for managing database encryption (TDE/EKM) with CipherTrust Application Key Management. It supports both Oracle and SQL Server, providing tools for resource-based management, comprehensive auditing, and key lifecycle operations. The server enables integration with CipherTrust Manager, automates key rotation, and offers advanced detection of TDE configurations.
- ⭐ 2
- MCP
- sanyambassi/thales-cdsp-cakm-mcp-server
CipherTrust Manager MCP Server
Enables AI assistants to access CipherTrust Manager securely via the Model Context Protocol.
CipherTrust Manager MCP Server provides an implementation of the Model Context Protocol (MCP), offering AI assistants such as Claude and Cursor a unified interface to interact with CipherTrust Manager resources. Communication is facilitated through JSON-RPC over stdin/stdout, enabling key management, CTE client management, user management, and connection management functionalities. The tool is configurable via environment variables and integrates with existing CipherTrust Manager instances using the ksctl CLI for secure resource access.
- ⭐ 7
- MCP
- sanyambassi/ciphertrust-manager-mcp-server
Thales CDSP CRDP MCP Server
MCP server enabling secure data protection and revelation with Thales CipherTrust CRDP
Thales CDSP CRDP MCP Server implements the Model Context Protocol (MCP) to allow AI applications and LLMs to securely protect and reveal sensitive data via Thales CipherTrust RestFul Data Protection (CRDP) service. The server supports both stdio and HTTP transports, individual and bulk data operations, and robust versioning support. Features include health checks, metrics collection, and integration with protection policies and JWT-based authorization.
- ⭐ 2
- MCP
- sanyambassi/thales-cdsp-crdp-mcp-server
Hive Intelligence MCP Server
Unified MCP server delivering advanced cryptocurrency and Web3 analytics.
Hive Intelligence MCP Server provides comprehensive cryptocurrency, DeFi, and Web3 analytics via the Model Context Protocol. It enables AI assistants to access and orchestrate over 200 specialized tools covering market data, on-chain analytics, portfolio tracking, and security analysis. The server offers both dynamic and category-specific analytics through a unified MCP interface, facilitating intelligent tool orchestration for diverse crypto data needs.
- ⭐ 7
- MCP
- hive-intel/hive-crypto-mcp
MXCP
Enterprise-Grade Model Context Protocol Framework for AI Applications
MXCP is an enterprise-ready framework that implements the Model Context Protocol (MCP) for building secure, production-grade AI application servers. It introduces a structured methodology focused on data modeling, robust service design, policy enforcement, and comprehensive testing, integrated with strong security and audit capabilities. The framework enables rapid development and deployment of AI tools, supporting both SQL and Python environments, with built-in telemetry and drift detection for reliability and compliance.
- ⭐ 49
- MCP
- raw-labs/mxcp
Klavis
One MCP server for AI agents to handle thousands of tools.
Klavis provides an MCP (Model Context Protocol) server with over 100 prebuilt integrations for AI agents, enabling seamless connectivity with various tools and services. It offers both cloud-hosted and self-hosted deployment options and includes out-of-the-box OAuth support for secure authentication. Klavis is designed to act as an intelligent connector, streamlining workflow automation and enhancing agent capability through standardized context management.
- ⭐ 5,447
- MCP
- Klavis-AI/klavis
Didn't find tool you were looking for?