Back to Catalog
thales-cdsp-csm-mcp-server
sanyambassi/thales-cdsp-csm-mcp-server
🔗 Latest commit:936c108
🕒 Updated:Sep 9, 2025, 01:06 PM
Python
Security
A Model Context Protocol (MCP) server for managing secrets in Thales CDSP Secrets Manager, powered by Akeyless, Vault. This server provides tools for creating, managing, and deleting static secrets, DFC keys, and other resources through the MCP protocol.
MCP Trust Score
Based on our comprehensive evaluation criteria
🤖 Evaluated by gemini-2.5-proFix
Trust Score54/100
- • Core MCP protocol features implemented (24/40)
- • Room for improvement in GitHub community
- • Optimal dependency management (20/20)
- • Room for improvement in deployment maturity
- • Documentation (8/8)
- • Archestra MCP Trust score badge is missing
GitHub Metrics
Repository statistics and activity
⭐ GitHub Stars:0
👥 Contributors:1
📋 Total Issues:1
📦 Has Releases:No
🔧 Has CI/CD Pipeline:No
Configuration
Configuration example extracted from README.md for Claude Desktop and other clients.
🤖 Evaluated by gemini-2.5-proFix
{
"thales-cdsp-csm-mcp-server-stdio": {
"command": "python",
"args": [
"main.py"
],
"env": {
"AKEYLESS_ACCESS_ID": "your_access_id",
"AKEYLESS_ACCESS_KEY": "your_access_key",
"AKEYLESS_API_URL": "https://your-ciphertrust-manager/akeyless-api/v2",
"LOG_LEVEL": "INFO"
}
},
"thales-cdsp-csm-mcp-server-http": {
"command": "python",
"args": [
"main.py",
"--transport",
"streamable-http",
"--host",
"localhost",
"--port",
"8000"
],
"env": {
"AKEYLESS_ACCESS_ID": "your_access_id",
"AKEYLESS_ACCESS_KEY": "your_access_key",
"AKEYLESS_API_URL": "https://your-ciphertrust-manager/akeyless-api/v2",
"LOG_LEVEL": "INFO"
}
},
"thales-cdsp-csm-mcp-server-uv-stdio": {
"command": "uv",
"args": [
"run",
"python",
"main.py"
],
"env": {
"AKEYLESS_ACCESS_ID": "your_access_id",
"AKEYLESS_ACCESS_KEY": "your_access_key",
"AKEYLESS_API_URL": "https://your-ciphertrust-manager/akeyless-api/v2",
"LOG_LEVEL": "INFO"
}
},
"thales-cdsp-csm-mcp-server-uv-http": {
"command": "uv",
"args": [
"run",
"python",
"main.py",
"--transport",
"streamable-http",
"--host",
"localhost",
"--port",
"8000"
],
"env": {
"AKEYLESS_ACCESS_ID": "your_access_id",
"AKEYLESS_ACCESS_KEY": "your_access_key",
"AKEYLESS_API_URL": "https://your-ciphertrust-manager/akeyless-api/v2",
"LOG_LEVEL": "INFO"
}
}
}MCP Protocol Support
Implemented MCP protocol features
🤖 Evaluated by gemini-2.5-proFix
Tools:✓
Prompts:✓
Resources:✗
Sampling:✗
Roots:✗
Logging:✓
STDIO Transport:✓
HTTP Transport:✓
OAuth2 Auth:✗
Dependencies
6 dependencies
Libraries and frameworks used by this MCP server
🤖 Evaluated by gemini-2.5-proFix
README.md
Thales CSM MCP Server
Simple MCP server for Thales CipherTrust Secrets Management, powered by Akeyless.
🎬 Demo Videos
📹 Part I: Usage & Functionality - Watch on YouTube
This video demonstrates:
- Setting up Cursor AI integration
- Creating and managing secrets and DFC Keys through AI chat
- Security compliance workflows
- Example prompts and functionality
📹 Part II: Deployment & Installation - Watch on YouTube
This video covers:
- Step-by-step installation process
- Configuration and setup
- Deployment options
🎯 Key Features
Intelligent App Development & Security Migration
The server includes a powerful prompt that automatically determines whether you want to:
- Create a NEW app with built-in CipherTrust integration
- Secure an EXISTING app by migrating hardcoded secrets to CipherTrust
For New Apps:
- Generates complete Python implementations with CipherTrust integration
- Uses the
get_api_referencetool for native API integration - Provides production-ready code with proper error handling
For Existing Apps:
- Scans codebase for hardcoded secrets using intelligent detection
- Categorizes secrets by type (key-value pairs vs standalone)
- Uses
manage_secretsMCP tool to create CipherTrust secrets - Generates migration reports and updated code
- Provides testing and validation instructions
Secret Type Classification:
- Key-Value Pairs/JSON format: AWS credentials, database configs, OAuth tokens
- Standalone Secrets (Text format): Single passwords, individual tokens, certificates
📋 Prerequisites
Before you begin, ensure you have the following installed on your system:
- Python 3.8+: Required for running the MCP server
- uv: Modern Python package manager (recommended) or pip
- git: For cloning the repository
- dotenv: Environment variable management
- fastmcp: MCP server framework
- Thales CipherTrust Manager access
- Valid Akeyless credentials
Installing Prerequisites
Python
# Check if Python is installed
python --version
# or
python3 --version
# Install Python (Ubuntu/Debian)
sudo apt update && sudo apt install python3 python3-pip
# Install Python (macOS)
brew install python
# Install Python (Windows)
# Download from https://python.org
uv (Recommended)
# Install uv
pip install uv
# Verify installation
uv --version
git
# Check if git is installed
git --version
# Install git (Ubuntu/Debian)
sudo apt update && sudo apt install git
# Install git (macOS)
brew install git
# Install git (Windows)
# Download from https://git-scm.com
dotenv
# Check if python-dotenv is installed
python -c "import dotenv; print('dotenv available')"
# Install python-dotenv
pip install python-dotenv
# Verify installation
python -c "import dotenv; print(f'dotenv version: {dotenv.__version__}')"
fastmcp
# Check if fastmcp is installed
python -c "import fastmcp; print('fastmcp available')"
# Install fastmcp
pip install fastmcp
# Verify installation
python -c "import fastmcp; print(f'fastmcp version: {fastmcp.__version__}')"
🚀 What this MCP server features
- Secrets Management: Create, read, update, delete secrets
- DFC Key Management: DFC encryption keys (AES, RSA)
- Account Management: Get Akeyless account details
- Analytics: Fetch analytics data
- Authentication Methods: Manage Authentication Methods
- App Development & Security: Intelligent app creation and secret migration
- Roles: Manage Roles
- Targets: Manage Targets
- Security: Guidelines and best practices
- MCP Protocol: Model Context Protocol compliance
⚡ Quick Start
1. Install
Option A: Using pip (Traditional)
git clone https://github.com/sanyambassi/thales-cdsp-csm-mcp-server
cd thales-cdsp-csm-mcp-server
pip install -r requirements.txt
Option B: Using uv (Recommended)
# Install uv if you don't have it
pip install uv
# Clone and setup
git clone https://github.com/sanyambassi/thales-cdsp-csm-mcp-server
cd thales-cdsp-csm-mcp-server
# Install dependencies (creates .venv automatically)
uv sync
2. Configure
Create .env file:
AKEYLESS_ACCESS_ID=your_access_id
AKEYLESS_ACCESS_KEY=your_access_key
AKEYLESS_API_URL=https://your-ciphertrust-manager/akeyless-api/v2
LOG_LEVEL=INFO
AKEYLESS_VERIFY_SSL=false
3. Run
Using pip (Traditional)
# stdio mode
python main.py
# HTTP mode
python main.py --transport streamable-http --host localhost --port 8000
Using uv (Recommended)
# stdio mode
uv run python main.py
# HTTP mode
uv run python main.py --transport streamable-http --host localhost --port 8000
🛠️ Available Tools
| Tool | Description |
|---|---|
manage_secrets | Create static secrets, get static secret values, update, delete secrets (static, dynamic, rotated) with type filtering and dynamic secret creation |
manage_dfc_keys | Manage encryption keys |
manage_auth_methods | Authentication and access control |
manage_rotation | Secret rotation policies |
manage_customer_fragments | Enhanced security features |
security_guidelines | Security best practices |
manage_roles | List and get role information |
manage_targets | List, get, and create targets |
manage_analytics | Get analytics and monitoring data |
manage_account | Get account settings and licensing |
get_api_reference | Get API reference for native Akeyless integrations (generic workflows + S3 example) |
🔍 Test It
# Run tests
python tests/run_tests.py
python.exe tests\test_mcp_protocol.py
# Test health endpoint (HTTP mode)
curl http://localhost:8000/health
📚 Documentation
- TRANSPORT_MODES.md - How to run
- TOOLS.md - What tools do
- TESTING.md - Complete testing guide
- AI Assistant Configs - MCP json examples for AI Assistants
🎯 Use Cases
- AI Assistants: Claude Desktop, Cursor AI
- Web Applications: REST API integration
- Automation: CI/CD, scripts, tools
- Enterprise: Secrets management, compliance
🤖 AI Assistant Integration
Claude Desktop
{
"mcpServers": {
"thales-csm": {
"command": "python",
"args": ["main.py", "--transport", "stdio"],
"env": {
"AKEYLESS_ACCESS_ID": "your_access_id_here",
"AKEYLESS_ACCESS_KEY": "your_access_key_here",
"AKEYLESS_API_URL": "https://your-ciphertrust-manager/akeyless-api/v2",
"LOG_LEVEL": "INFO"
}
}
}
}
Cursor AI
{
"mcpServers": {
"thales-csm": {
"command": "python",
"args": ["main.py", "--transport", "stdio"],
"env": {
"AKEYLESS_ACCESS_ID": "your_access_id_here",
"AKEYLESS_ACCESS_KEY": "your_access_key_here",
"AKEYLESS_API_URL": "https://your-ciphertrust-manager/akeyless-api/v2",
"LOG_LEVEL": "INFO"
}
}
}
}
Configuration Parameters
env: Environment variables for Akeyless authentication and loggingcommand: Python executable to run the serverargs: Command line arguments for the server
⚠️ Important Notes
- Full Path Required:
argsmust include the full absolute path tomain.py - Windows Paths: Use double backslashes
\\in Windows paths (e.g.,C:\\thales-cdsp-csm-mcp-server\\main.py) - Unix Paths: Use forward slashes
/in Unix/Linux paths (e.g.,/home/user/thales-cdsp-csm-mcp-server/main.py)
Configuration Templates
- config/mcp-config-uv.json - UV package manager setup
- config/mcp-config.json - Basic configuration template
🤝 Support
- Issues: GitHub Issues
- Documentation: Check the docs folder above
📄 License
This project is licensed under the MIT License - see the LICENSE file for details.
Resources
Add Quality Badge
Show your MCP trust score in your README
[](https://archestra.ai/mcp-catalog/sanyambassi__thales-cdsp-csm-mcp-server)README.md
Thales CSM MCP Server
Simple MCP server for Thales CipherTrust Secrets Management, powered by Akeyless.
🎬 Demo Videos
📹 Part I: Usage & Functionality - Watch on YouTube
This video demonstrates:
- Setting up Cursor AI integration
- Creating and managing secrets and DFC Keys through AI chat
- Security compliance workflows
- Example prompts and functionality
📹 Part II: Deployment & Installation - Watch on YouTube
This video covers:
- Step-by-step installation process
- Configuration and setup
- Deployment options
🎯 Key Features
Intelligent App Development & Security Migration
The server includes a powerful prompt that automatically determines whether you want to:
- Create a NEW app with built-in CipherTrust integration
- Secure an EXISTING app by migrating hardcoded secrets to CipherTrust
For New Apps:
- Generates complete Python implementations with CipherTrust integration
- Uses the
get_api_referencetool for native API integration - Provides production-ready code with proper error handling
For Existing Apps:
- Scans codebase for hardcoded secrets using intelligent detection
- Categorizes secrets by type (key-value pairs vs standalone)
- Uses
manage_secretsMCP tool to create CipherTrust secrets - Generates migration reports and updated code
- Provides testing and validation instructions
Secret Type Classification:
- Key-Value Pairs/JSON format: AWS credentials, database configs, OAuth tokens
- Standalone Secrets (Text format): Single passwords, individual tokens, certificates
📋 Prerequisites
Before you begin, ensure you have the following installed on your system:
- Python 3.8+: Required for running the MCP server
- uv: Modern Python package manager (recommended) or pip
- git: For cloning the repository
- dotenv: Environment variable management
- fastmcp: MCP server framework
- Thales CipherTrust Manager access
- Valid Akeyless credentials
Installing Prerequisites
Python
# Check if Python is installed
python --version
# or
python3 --version
# Install Python (Ubuntu/Debian)
sudo apt update && sudo apt install python3 python3-pip
# Install Python (macOS)
brew install python
# Install Python (Windows)
# Download from https://python.org
uv (Recommended)
# Install uv
pip install uv
# Verify installation
uv --version
git
# Check if git is installed
git --version
# Install git (Ubuntu/Debian)
sudo apt update && sudo apt install git
# Install git (macOS)
brew install git
# Install git (Windows)
# Download from https://git-scm.com
dotenv
# Check if python-dotenv is installed
python -c "import dotenv; print('dotenv available')"
# Install python-dotenv
pip install python-dotenv
# Verify installation
python -c "import dotenv; print(f'dotenv version: {dotenv.__version__}')"
fastmcp
# Check if fastmcp is installed
python -c "import fastmcp; print('fastmcp available')"
# Install fastmcp
pip install fastmcp
# Verify installation
python -c "import fastmcp; print(f'fastmcp version: {fastmcp.__version__}')"
🚀 What this MCP server features
- Secrets Management: Create, read, update, delete secrets
- DFC Key Management: DFC encryption keys (AES, RSA)
- Account Management: Get Akeyless account details
- Analytics: Fetch analytics data
- Authentication Methods: Manage Authentication Methods
- App Development & Security: Intelligent app creation and secret migration
- Roles: Manage Roles
- Targets: Manage Targets
- Security: Guidelines and best practices
- MCP Protocol: Model Context Protocol compliance
⚡ Quick Start
1. Install
Option A: Using pip (Traditional)
git clone https://github.com/sanyambassi/thales-cdsp-csm-mcp-server
cd thales-cdsp-csm-mcp-server
pip install -r requirements.txt
Option B: Using uv (Recommended)
# Install uv if you don't have it
pip install uv
# Clone and setup
git clone https://github.com/sanyambassi/thales-cdsp-csm-mcp-server
cd thales-cdsp-csm-mcp-server
# Install dependencies (creates .venv automatically)
uv sync
2. Configure
Create .env file:
AKEYLESS_ACCESS_ID=your_access_id
AKEYLESS_ACCESS_KEY=your_access_key
AKEYLESS_API_URL=https://your-ciphertrust-manager/akeyless-api/v2
LOG_LEVEL=INFO
AKEYLESS_VERIFY_SSL=false
3. Run
Using pip (Traditional)
# stdio mode
python main.py
# HTTP mode
python main.py --transport streamable-http --host localhost --port 8000
Using uv (Recommended)
# stdio mode
uv run python main.py
# HTTP mode
uv run python main.py --transport streamable-http --host localhost --port 8000
🛠️ Available Tools
| Tool | Description |
|---|---|
manage_secrets | Create static secrets, get static secret values, update, delete secrets (static, dynamic, rotated) with type filtering and dynamic secret creation |
manage_dfc_keys | Manage encryption keys |
manage_auth_methods | Authentication and access control |
manage_rotation | Secret rotation policies |
manage_customer_fragments | Enhanced security features |
security_guidelines | Security best practices |
manage_roles | List and get role information |
manage_targets | List, get, and create targets |
manage_analytics | Get analytics and monitoring data |
manage_account | Get account settings and licensing |
get_api_reference | Get API reference for native Akeyless integrations (generic workflows + S3 example) |
🔍 Test It
# Run tests
python tests/run_tests.py
python.exe tests\test_mcp_protocol.py
# Test health endpoint (HTTP mode)
curl http://localhost:8000/health
📚 Documentation
- TRANSPORT_MODES.md - How to run
- TOOLS.md - What tools do
- TESTING.md - Complete testing guide
- AI Assistant Configs - MCP json examples for AI Assistants
🎯 Use Cases
- AI Assistants: Claude Desktop, Cursor AI
- Web Applications: REST API integration
- Automation: CI/CD, scripts, tools
- Enterprise: Secrets management, compliance
🤖 AI Assistant Integration
Claude Desktop
{
"mcpServers": {
"thales-csm": {
"command": "python",
"args": ["main.py", "--transport", "stdio"],
"env": {
"AKEYLESS_ACCESS_ID": "your_access_id_here",
"AKEYLESS_ACCESS_KEY": "your_access_key_here",
"AKEYLESS_API_URL": "https://your-ciphertrust-manager/akeyless-api/v2",
"LOG_LEVEL": "INFO"
}
}
}
}
Cursor AI
{
"mcpServers": {
"thales-csm": {
"command": "python",
"args": ["main.py", "--transport", "stdio"],
"env": {
"AKEYLESS_ACCESS_ID": "your_access_id_here",
"AKEYLESS_ACCESS_KEY": "your_access_key_here",
"AKEYLESS_API_URL": "https://your-ciphertrust-manager/akeyless-api/v2",
"LOG_LEVEL": "INFO"
}
}
}
}
Configuration Parameters
env: Environment variables for Akeyless authentication and loggingcommand: Python executable to run the serverargs: Command line arguments for the server
⚠️ Important Notes
- Full Path Required:
argsmust include the full absolute path tomain.py - Windows Paths: Use double backslashes
\\in Windows paths (e.g.,C:\\thales-cdsp-csm-mcp-server\\main.py) - Unix Paths: Use forward slashes
/in Unix/Linux paths (e.g.,/home/user/thales-cdsp-csm-mcp-server/main.py)
Configuration Templates
- config/mcp-config-uv.json - UV package manager setup
- config/mcp-config.json - Basic configuration template
🤝 Support
- Issues: GitHub Issues
- Documentation: Check the docs folder above
📄 License
This project is licensed under the MIT License - see the LICENSE file for details.