Skip to main content
Glama
sanyambassi

thales-cdsp-csm-mcp-server

by sanyambassi
OverviewSchemaRelated ServersScoreDiscussions
Python
Remote

Thales CSM MCP Server

Simple MCP server for Thales CipherTrust Secrets Management, powered by Akeyless.

🎬 Demo Videos

📹 Part I: Usage & Functionality - Watch on YouTube

This video demonstrates:

  • Setting up Cursor AI integration

  • Creating and managing secrets and DFC Keys through AI chat

  • Security compliance workflows

  • Example prompts and functionality

📹 Part II: Deployment & Installation - Watch on YouTube

This video covers:

  • Step-by-step installation process

  • Configuration and setup

  • Deployment options

🎯 Key Features

Intelligent App Development & Security Migration

The server includes a powerful prompt that automatically determines whether you want to:

  • Create a NEW app with built-in CipherTrust integration

  • Secure an EXISTING app by migrating hardcoded secrets to CipherTrust

For New Apps:

  • Generates complete Python implementations with CipherTrust integration

  • Uses the get_api_reference tool for native API integration

  • Provides production-ready code with proper error handling

For Existing Apps:

  • Scans codebase for hardcoded secrets using intelligent detection

  • Categorizes secrets by type (key-value pairs vs standalone)

  • Uses manage_secrets MCP tool to create CipherTrust secrets

  • Generates migration reports and updated code

  • Provides testing and validation instructions

Secret Type Classification:

  • Key-Value Pairs/JSON format: AWS credentials, database configs, OAuth tokens

  • Standalone Secrets (Text format): Single passwords, individual tokens, certificates

📋 Prerequisites

Before you begin, ensure you have the following installed on your system:

  • Python 3.8+: Required for running the MCP server

  • uv: Modern Python package manager (recommended) or pip

  • git: For cloning the repository

  • dotenv: Environment variable management

  • fastmcp: MCP server framework

  • Thales CipherTrust Manager access

  • Valid Akeyless credentials

Installing Prerequisites

Python

# Check if Python is installed
python --version
# or
python3 --version

# Install Python (Ubuntu/Debian)
sudo apt update && sudo apt install python3 python3-pip

# Install Python (macOS)
brew install python

# Install Python (Windows)
# Download from https://python.org

uv (Recommended)

# Install uv
pip install uv

# Verify installation
uv --version

git

# Check if git is installed
git --version

# Install git (Ubuntu/Debian)
sudo apt update && sudo apt install git

# Install git (macOS)
brew install git

# Install git (Windows)
# Download from https://git-scm.com

dotenv

# Check if python-dotenv is installed
python -c "import dotenv; print('dotenv available')"

# Install python-dotenv
pip install python-dotenv

# Verify installation
python -c "import dotenv; print(f'dotenv version: {dotenv.__version__}')"

fastmcp

# Check if fastmcp is installed
python -c "import fastmcp; print('fastmcp available')"

# Install fastmcp
pip install fastmcp

# Verify installation
python -c "import fastmcp; print(f'fastmcp version: {fastmcp.__version__}')"

🚀 What this MCP server features

  • Secrets Management: Create, read, update, delete secrets

  • DFC Key Management: DFC encryption keys (AES, RSA)

  • Account Management: Get Akeyless account details

  • Analytics: Fetch analytics data

  • Authentication Methods: Manage Authentication Methods

  • App Development & Security: Intelligent app creation and secret migration

  • Roles: Manage Roles

  • Targets: Manage Targets

  • Security: Guidelines and best practices

  • MCP Protocol: Model Context Protocol compliance

Quick Start

1. Install

Option A: Using pip (Traditional)

git clone https://github.com/sanyambassi/thales-cdsp-csm-mcp-server
cd thales-cdsp-csm-mcp-server
pip install -r requirements.txt

Option B: Using uv (Recommended)

# Install uv if you don't have it
pip install uv

# Clone and setup
git clone https://github.com/sanyambassi/thales-cdsp-csm-mcp-server
cd thales-cdsp-csm-mcp-server

# Install dependencies (creates .venv automatically)
uv sync

2. Configure

Create .env file:

AKEYLESS_ACCESS_ID=your_access_id
AKEYLESS_ACCESS_KEY=your_access_key
AKEYLESS_API_URL=https://your-ciphertrust-manager/akeyless-api/v2
LOG_LEVEL=INFO
AKEYLESS_VERIFY_SSL=false

3. Run

Using pip (Traditional)

# stdio mode
python main.py

# HTTP mode 
python main.py --transport streamable-http --host localhost --port 8000

Using uv (Recommended)

# stdio mode
uv run python main.py

# HTTP mode 
uv run python main.py --transport streamable-http --host localhost --port 8000

🛠️ Available Tools

Tool

Description

manage_secrets

Create static secrets, get static secret values, update, delete secrets (static, dynamic, rotated) with type filtering and dynamic secret creation

manage_dfc_keys

Manage encryption keys

manage_auth_methods

Authentication and access control

manage_rotation

Secret rotation policies

manage_customer_fragments

Enhanced security features

security_guidelines

Security best practices

manage_roles

List and get role information

manage_targets

List, get, and create targets

manage_analytics

Get analytics and monitoring data

manage_account

Get account settings and licensing

get_api_reference

Get API reference for native Akeyless integrations (generic workflows + S3 example)

🔍 Test It

# Run tests
python tests/run_tests.py
python.exe tests\test_mcp_protocol.py

# Test health endpoint (HTTP mode)
curl http://localhost:8000/health

📚 Documentation

🎯 Use Cases

  • AI Assistants: Claude Desktop, Cursor AI

  • Web Applications: REST API integration

  • Automation: CI/CD, scripts, tools

  • Enterprise: Secrets management, compliance

🤖 AI Assistant Integration

Claude Desktop

{
  "mcpServers": {
    "thales-csm": {
      "command": "python",
      "args": ["main.py", "--transport", "stdio"],
      "env": {
        "AKEYLESS_ACCESS_ID": "your_access_id_here",
        "AKEYLESS_ACCESS_KEY": "your_access_key_here",
        "AKEYLESS_API_URL": "https://your-ciphertrust-manager/akeyless-api/v2",
        "LOG_LEVEL": "INFO"
      }
    }
  }
}

Cursor AI

{
  "mcpServers": {
    "thales-csm": {
      "command": "python",
      "args": ["main.py", "--transport", "stdio"],
      "env": {
        "AKEYLESS_ACCESS_ID": "your_access_id_here",
        "AKEYLESS_ACCESS_KEY": "your_access_key_here",
        "AKEYLESS_API_URL": "https://your-ciphertrust-manager/akeyless-api/v2",
        "LOG_LEVEL": "INFO"
      }
    }
  }
}

Configuration Parameters

  • env: Environment variables for Akeyless authentication and logging

  • command: Python executable to run the server

  • args: Command line arguments for the server

⚠️ Important Notes

  • Full Path Required: args must include the full absolute path to main.py

  • Windows Paths: Use double backslashes \\ in Windows paths (e.g., C:\\thales-cdsp-csm-mcp-server\\main.py)

  • Unix Paths: Use forward slashes / in Unix/Linux paths (e.g., /home/user/thales-cdsp-csm-mcp-server/main.py)

Configuration Templates

🤝 Support

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

This server cannot be installed

A
license - permissive license
-
quality - not tested
C
maintenance

How are these scores calculated?

Resources

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/sanyambassi/thales-cdsp-csm-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server