GCM MCP Server
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@GCM MCP ServerShow authentication status"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
GCM MCP Server
IBM Guardium Cryptographic Manager (GCM) MCP Server - A Model Context Protocol server for interacting with IBM GCM's cryptographic asset management platform.
Overview
This MCP server provides tools to interact with IBM Guardium Cryptographic Manager, enabling:
Authentication and session management
Cryptographic asset inventory queries (keys, certificates, protocols)
Policy violation tracking and ticket management
Service discovery and API exploration
Related MCP server: Firewall Governance MCP Server
Prerequisites
Podman or Docker installed
Python 3.10+ (for local development)
Access to an IBM GCM instance
GCM credentials (username, password, client secret)
Quick Start with Podman
1. Build the Podman Image
# Clone the repository
git clone <repository-url>
cd gcm-mcp-server
# Create .env file from example
cp env.example .env
# Edit .env with your GCM credentials
nano .env # or use your preferred editor
# Build the image
podman build -t gcm-mcp-server:latest .2. Run the Container
# Run with volume mount for persistent key storage
podman run -d \
--name gcm-mcp-server \
-p 8002:8002 \
-v gcm-keys:/data \
--env-file .env \
gcm-mcp-server:latest
# Check if the server is running
podman logs gcm-mcp-server
# Verify health
curl http://localhost:8002/healthExpected health response:
{
"status": "ok",
"server": "GCM MCP Server",
"version": "1.0.0",
"transport": "sse",
"auth_required": true
}3. Generate an API Key
The API key is required for Bob IDE to authenticate with the MCP server.
# Generate a new API key (must be run from within the running container or edit server.py on line 101 and add your machines ip)
curl -X POST http://localhost:8002/admin/keys \
-H "Content-Type: application/json" \
-d '{"user": "bob-ide-user"}'Response:
{
"key": "gcm_1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcd",
"user": "bob-ide-user",
"created": "2026-03-13T17:00:00Z",
"key_prefix": "gcm_1234"
}Important: Save the key value - you'll need it for Bob IDE configuration.
4. Configure Bob IDE
Step 1: Locate Bob's MCP Configuration
Bob IDE stores MCP server configurations in:
macOS:
~/.bob/mcp_settings.jsonLinux:
~/.bob/mcp_settings.jsonWindows:
%USERPROFILE%\.bob\mcp_settings.json
Step 2: Add GCM MCP Server Configuration
Edit the configuration file and add the GCM MCP server:
{
"mcpServers": {
"gcm-mcp-server": {
"url": "http://localhost:8002/sse",
"transport": "sse",
"headers": {
"Authorization": "Bearer gcm_1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcd"
}
}
}
}Replace the Bearer token with your actual API key from step 3.
Step 3: Restart Bob IDE
After adding the configuration, restart Bob IDE to load the new MCP server.
Step 4: Create a new "slash" command in Bob
add a new slash command name gcmapp via the chat window and add the following to the description
---
description: "this slash command will always use the gcm-mcp-server to execute commands"
---
When this slash command is executed, it will use the gcm-mcp-server to run the command and return the output.Step 5: Verify Connection in Bob IDE
In Bob IDE, you should now be able to use the /gcmmcp command to interact with GCM:
/gcmmcp Get a summary of all cryptographic assets
/gcmmcp List open tickets
/gcmmcp Show authentication statuslist of example prompts to use in Bob IDE
The following file contains an extensive list to be used in Bob IDE GCM-MCP-EXAMPLE-PROMPTS.md
Configuration
Environment Variables
Create a .env file with the following variables:
# Required - GCM Server Connection
GCM_HOST=your-gcm-hostname.com
GCM_USERNAME=your_username
GCM_PASSWORD=your_password
GCM_CLIENT_SECRET=your_client_secret
# Optional - Ports (defaults shown)
GCM_API_PORT=31443
GCM_KEYCLOAK_PORT=30443
# Optional - Authentication
GCM_CLIENT_ID=gcmclient
GCM_AUTH_MODE=auto
# Optional - SSL & Timeouts
GCM_VERIFY_SSL=false
GCM_REQUEST_TIMEOUT=30
# Optional - MCP Server
GCM_MCP_KEY_STORE_PATH=/data/keys.json
GCM_LOG_LEVEL=INFOKey Store Persistence
The API keys are stored in /data/keys.json inside the container. To persist keys across container restarts, use a volume:
# Create a named volume
podman volume create gcm-keys
# Run with volume mount
podman run -d \
--name gcm-mcp-server \
-p 8002:8002 \
-v gcm-keys:/data \
--env-file .env \
gcm-mcp-server:latestAPI Key Management
List All Active Keys
curl http://localhost:8002/admin/keysResponse:
{
"keys": [
{
"key_prefix": "gcm_1234",
"user": "bob-ide-user",
"created": "2026-03-13T17:00:00Z"
}
]
}Revoke a Key
curl -X DELETE http://localhost:8002/admin/keys/gcm_1234Note: Admin endpoints are only accessible from localhost for security.
Available MCP Tools
The GCM MCP Server provides three main tools:
1. gcm_auth - Authentication Management
Manage GCM authentication sessions.
Actions:
login- Authenticate with GCMlogout- End current sessionstatus- Check authentication statusrefresh- Refresh authentication token
2. gcm_api - API Operations
Execute any GCM API operation.
Parameters:
service- Service name (e.g., "assetinventory", "tde", "clm")operation- Operation to perform (e.g., "assets.list_certificates")method- HTTP method (GET, POST, PUT, DELETE)endpoint- Direct API endpoint pathbody- Request body (for POST/PUT)params- Query parameters
3. gcm_discover - Service Discovery
Discover available GCM services and endpoints.
Categories:
services- List all available servicesendpoints- List endpoints for a specific service
Container Management
View Logs
# Follow logs in real-time
podman logs -f gcm-mcp-server
# View last 100 lines
podman logs --tail 100 gcm-mcp-serverStop the Container
podman stop gcm-mcp-serverStart the Container
podman start gcm-mcp-serverRemove the Container
podman rm -f gcm-mcp-serverRebuild After Changes
# Stop and remove existing container
podman rm -f gcm-mcp-server
# Rebuild image
podman build -t gcm-mcp-server:latest .
# Run new container
podman run -d \
--name gcm-mcp-server \
-p 8002:8002 \
-v gcm-keys:/data \
--env-file .env \
gcm-mcp-server:latestLocal Development (Without Container)
Install Dependencies
# Create virtual environment
python -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate
# Install dependencies
pip install -r requirements.txtRun Locally
# SSE mode (for Bob IDE)
python -m src.server --transport sse --host 0.0.0.0 --port 8002
# Stdio mode (for local testing)
python -m src.serverTroubleshooting
Container Won't Start
# Check container logs
podman logs gcm-mcp-server
# Verify .env file is present and correct
cat .env
# Test GCM connectivity
curl -k https://your-gcm-host:31443/healthBob IDE Can't Connect
Verify server is running:
curl http://localhost:8002/healthCheck API key is valid:
curl http://localhost:8002/admin/keysVerify Bob IDE configuration:
Check
~/.bob/mcp_settings.jsonexistsVerify API key matches
Ensure URL is
http://localhost:8002/sse
Check firewall settings:
# On Linux/macOS sudo lsof -i :8002 # On Windows netstat -ano | findstr :8002
Authentication Failures
Verify GCM credentials in .env:
podman exec gcm-mcp-server cat .envTest GCM authentication manually:
curl -X POST http://localhost:8002/admin/test-authCheck GCM server accessibility:
curl -k https://your-gcm-host:31443/health
API Key Issues
Keys are only accessible from localhost for security
Use
curlfrom the same machine running the containerKeys are stored as SHA-256 hashes in
/data/keys.json
Security Considerations
API Keys: Stored as SHA-256 hashes, never in plain text
Admin Endpoints: Restricted to localhost only
SSL Verification: Set
GCM_VERIFY_SSL=truein productionCredentials: Never commit
.envfile to version controlNetwork: Consider using
--network hostfor production deployments
Support
For issues, questions, or contributions:
Review the detailed setup guide
Check container logs:
podman logs gcm-mcp-serverVerify health endpoint:
curl http://localhost:8002/health
Original Repository
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/ncee-dp-tech-sme/gcm-mcp-server'
If you have feedback or need assistance with the MCP directory API, please join our Discord server