thales-cdsp-csm-mcp-server

sanyambassi/thales-cdsp-csm-mcp-server

3.2

If you are the rightful owner of thales-cdsp-csm-mcp-server and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

The Thales CDSP CSM Akeyless Vault MCP Server is a Model Context Protocol server designed to manage secrets and DFC keys within the Thales CDSP CSM Akeyless Vault environment.

Tools
5
Resources
0
Prompts
0

Thales CSM MCP Server

Simple MCP server for Thales CipherTrust Secrets Management, powered by Akeyless.

🎬 Demo Videos

📹 Part I: Usage & Functionality - Watch on YouTube

This video demonstrates:

  • Setting up Cursor AI integration
  • Creating and managing secrets and DFC Keys through AI chat
  • Security compliance workflows
  • Example prompts and functionality

📹 Part II: Deployment & Installation - Watch on YouTube

This video covers:

  • Step-by-step installation process
  • Configuration and setup
  • Deployment options

🎯 Key Features

Intelligent App Development & Security Migration

The server includes a powerful prompt that automatically determines whether you want to:

  • Create a NEW app with built-in CipherTrust integration
  • Secure an EXISTING app by migrating hardcoded secrets to CipherTrust

For New Apps:

  • Generates complete Python implementations with CipherTrust integration
  • Uses the get_api_reference tool for native API integration
  • Provides production-ready code with proper error handling

For Existing Apps:

  • Scans codebase for hardcoded secrets using intelligent detection
  • Categorizes secrets by type (key-value pairs vs standalone)
  • Uses manage_secrets MCP tool to create CipherTrust secrets
  • Generates migration reports and updated code
  • Provides testing and validation instructions

Secret Type Classification:

  • Key-Value Pairs/JSON format: AWS credentials, database configs, OAuth tokens
  • Standalone Secrets (Text format): Single passwords, individual tokens, certificates

📋 Prerequisites

Before you begin, ensure you have the following installed on your system:

  • Python 3.8+: Required for running the MCP server
  • uv: Modern Python package manager (recommended) or pip
  • git: For cloning the repository
  • dotenv: Environment variable management
  • fastmcp: MCP server framework
  • Thales CipherTrust Manager access
  • Valid Akeyless credentials

Installing Prerequisites

Python
# Check if Python is installed
python --version
# or
python3 --version

# Install Python (Ubuntu/Debian)
sudo apt update && sudo apt install python3 python3-pip

# Install Python (macOS)
brew install python

# Install Python (Windows)
# Download from https://python.org
uv (Recommended)
# Install uv
pip install uv

# Verify installation
uv --version
git
# Check if git is installed
git --version

# Install git (Ubuntu/Debian)
sudo apt update && sudo apt install git

# Install git (macOS)
brew install git

# Install git (Windows)
# Download from https://git-scm.com
dotenv
# Check if python-dotenv is installed
python -c "import dotenv; print('dotenv available')"

# Install python-dotenv
pip install python-dotenv

# Verify installation
python -c "import dotenv; print(f'dotenv version: {dotenv.__version__}')"
fastmcp
# Check if fastmcp is installed
python -c "import fastmcp; print('fastmcp available')"

# Install fastmcp
pip install fastmcp

# Verify installation
python -c "import fastmcp; print(f'fastmcp version: {fastmcp.__version__}')"

🚀 What this MCP server features

  • Secrets Management: Create, read, update, delete secrets
  • DFC Key Management: DFC encryption keys (AES, RSA)
  • Account Management: Get Akeyless account details
  • Analytics: Fetch analytics data
  • Authentication Methods: Manage Authentication Methods
  • App Development & Security: Intelligent app creation and secret migration
  • Roles: Manage Roles
  • Targets: Manage Targets
  • Security: Guidelines and best practices
  • MCP Protocol: Model Context Protocol compliance

Quick Start

1. Install

Option A: Using pip (Traditional)
git clone https://github.com/sanyambassi/thales-cdsp-csm-mcp-server
cd thales-cdsp-csm-mcp-server
pip install -r requirements.txt
Option B: Using uv (Recommended)
# Install uv if you don't have it
pip install uv

# Clone and setup
git clone https://github.com/sanyambassi/thales-cdsp-csm-mcp-server
cd thales-cdsp-csm-mcp-server

# Install dependencies (creates .venv automatically)
uv sync

2. Configure

Create .env file:

AKEYLESS_ACCESS_ID=your_access_id
AKEYLESS_ACCESS_KEY=your_access_key
AKEYLESS_API_URL=https://your-ciphertrust-manager/akeyless-api/v2
LOG_LEVEL=INFO
AKEYLESS_VERIFY_SSL=false

3. Run

Using pip (Traditional)
# stdio mode
python main.py

# HTTP mode 
python main.py --transport streamable-http --host localhost --port 8000
Using uv (Recommended)
# stdio mode
uv run python main.py

# HTTP mode 
uv run python main.py --transport streamable-http --host localhost --port 8000

🛠️ Available Tools

ToolDescription
manage_secretsCreate static secrets, get static secret values, update, delete secrets (static, dynamic, rotated) with type filtering and dynamic secret creation
manage_dfc_keysManage encryption keys
manage_auth_methodsAuthentication and access control
manage_rotationSecret rotation policies
manage_customer_fragmentsEnhanced security features
security_guidelinesSecurity best practices
manage_rolesList and get role information
manage_targetsList, get, and create targets
manage_analyticsGet analytics and monitoring data
manage_accountGet account settings and licensing
get_api_referenceGet API reference for native Akeyless integrations (generic workflows + S3 example)

🔍 Test It

# Run tests
python tests/run_tests.py
python.exe tests\test_mcp_protocol.py

# Test health endpoint (HTTP mode)
curl http://localhost:8000/health

📚 Documentation

  • - How to run
  • - What tools do
  • - Complete testing guide
  • - MCP json examples for AI Assistants

🎯 Use Cases

  • AI Assistants: Claude Desktop, Cursor AI
  • Web Applications: REST API integration
  • Automation: CI/CD, scripts, tools
  • Enterprise: Secrets management, compliance

🤖 AI Assistant Integration

Claude Desktop

{
  "mcpServers": {
    "thales-csm": {
      "command": "python",
      "args": ["main.py", "--transport", "stdio"],
      "env": {
        "AKEYLESS_ACCESS_ID": "your_access_id_here",
        "AKEYLESS_ACCESS_KEY": "your_access_key_here",
        "AKEYLESS_API_URL": "https://your-ciphertrust-manager/akeyless-api/v2",
        "LOG_LEVEL": "INFO"
      }
    }
  }
}

Cursor AI

{
  "mcpServers": {
    "thales-csm": {
      "command": "python",
      "args": ["main.py", "--transport", "stdio"],
      "env": {
        "AKEYLESS_ACCESS_ID": "your_access_id_here",
        "AKEYLESS_ACCESS_KEY": "your_access_key_here",
        "AKEYLESS_API_URL": "https://your-ciphertrust-manager/akeyless-api/v2",
        "LOG_LEVEL": "INFO"
      }
    }
  }
}

Configuration Parameters

  • env: Environment variables for Akeyless authentication and logging
  • command: Python executable to run the server
  • args: Command line arguments for the server

⚠️ Important Notes

  • Full Path Required: args must include the full absolute path to main.py
  • Windows Paths: Use double backslashes \\ in Windows paths (e.g., C:\\thales-cdsp-csm-mcp-server\\main.py)
  • Unix Paths: Use forward slashes / in Unix/Linux paths (e.g., /home/user/thales-cdsp-csm-mcp-server/main.py)

Configuration Templates

  • - UV package manager setup
  • - Basic configuration template

🤝 Support

  • Issues: GitHub Issues
  • Documentation: Check the docs folder above

📄 License

This project is licensed under the MIT License - see the file for details.