thales-cdsp-cakm

This MCP server implements Database TDE operations through CipherTrust CAKM via Thales CipherTrust Manager. It exposes tools to manage SQL Server and Oracle TDE deployments, including EKM providers, cryptographic keys, wallet operations, and tablepace encryption, all centralized under a single status/audit tool. Use the available tools to list connections, manage keys and encryption, configure wallets, and monitor health and compliance across both supported databases. The unified status tool enables you to view health and configuration across SQL Server and Oracle in one place, while per-database tools handle provider, key, and wallet lifecycle needs. To start, run the MCP server with UV (uv run python -m database_tde_server) and configure the environment with your database connections. Then invoke the specific tool functions (e.g., manage_sql_keys, manage_oracle_wallet, status_tde_ekm) as needed for your environment.

Prerequisites:

• Python 3.8+ and uv installed (uv will manage dependencies and run scripts)
• Access to the internet for package installation
• Access credentials and connection details for your SQL Server and Oracle databases

Step-by-step installation:

1. Clone the repository: git clone https://github.com/sanyambassi/thales-cdsp-cakm-mcp-server.git cd thales-cdsp-cakm-mcp-server

2. Install uv (if not already installed):

   • Windows: powershell -c " irm https://astral.sh/uv/install.ps1 | iex"
   • macOS/Linux: curl -LsSf https://astral.sh/uv/install.sh | sh (Follow the on-screen instructions from the install script.)

3. Create and activate a Python virtual environment (optional but recommended): uv venv && source .venv/bin/activate # Linux/Mac uv venv && .venv\Scripts\activate # Windows

4. Install the Python package in editable mode (or install requirements as appropriate): uv pip install -e .

5. Prepare configuration:

   • Create a .env file with your database connection details or configure the DB_TDE_DATABASE_CONNECTIONS env var as shown in the example. Save any sensitive values securely.

6. Test connections before starting the server: uv run python -m database_tde_server --test-connections

7. Start the MCP server: uv run python -m database_tde_server

Notes:

• The exact environment variables and their values can be customized to fit your environment; ensure DB_TDE_DATABASE_CONNECTIONS contains valid connection definitions for your SQL Server and Oracle databases.

Tips and common issues:

• Ensure you have network access from the host running the MCP server to all configured databases.
• For Oracle wallets, provide correct wallet_root paths and ensure wallet files are accessible by the running process.
• If using dual-wallet configurations, Oracle's wallet order and types (PRIMARY, SECONDARY) will influence TDE status detection and migration status recognition.
• The unified status tool (status_tde_ekm) is the best starting point to verify health, configuration, and compliance across both SQL Server and Oracle.
• Store sensitive credentials in a secure secret manager or environment vault; avoid embedding passwords directly in configuration files.
• If you run into issues with uv, ensure you are using a supported Python environment and that your shell environment is correctly configured (PATH, VIRTUAL_ENV).
• After changes to wallets or keys, re-run status checks to confirm the updated state.