thales-cdsp-crdp

This MCP server exposes the CipherTrust CRDP integration via the MCP interface, enabling AI assistants and workflows to protect and reveal data through the CRDP service. It supports both single and bulk protect/reveal operations, with optional versioning and JWT/username-based authorization. The server can be accessed through standard MCP tooling, and can be run with either stdio or streamable HTTP transports depending on your deployment needs. To use it, configure the mcp.json (or environment-based) so the CRDP MCP server is started as shown in the example configuration. Once running, you can call the available tools such as protect_data, protect_bulk, reveal_data, reveal_bulk, and monitoring commands like get_metrics, check_health, and check_liveness via the MCP transport you chose. The integration is designed to work with various AI assistants (Cursor AI, Google Gemini, Claude Desktop) and can be wired into n8n workflows for automated protection and revelation tasks.

Prerequisites:

• Node.js v18+ installed
• npm (comes with Node.js)
• TypeScript (installed globally, if you plan to build from source)
• A running CRDP service registered with CipherTrust Manager

1. Clone the repository

git clone https://github.com/sanyambassi/thales-cdsp-crdp-mcp-server.git
cd thales-cdsp-crdp-mcp-server

2. Install dependencies

npm install

3. Build the project (if applicable)

npm run build

4. Configure environment variables and run

• You can run using stdio transport (default) or HTTP transport by changing MCP_TRANSPORT
• Create an .env file or export variables directly

export CRDP_SERVICE_URL="http://crdp-server:8090"
export CRDP_PROBES_URL="http://crdp-server:8080"
export MCP_TRANSPORT="stdio"          # or "streamable-http"

5. Start the MCP server

npm start

6. (Optional) If using HTTP transport, start with port configuration

export MCP_PORT="3000"
export MCP_TRANSPORT="streamable-http"
npm start

Tips:

• Ensure CRDP_SERVICE_URL points to your CipherTrust CRDP endpoint and CRDP_PROBES_URL to the probes/monitoring endpoint.
• If using JWT-based authorization, provide JWT in the appropriate tool calls (protect_data, reveal_data, etc.).
• For offline testing, you can mock CRDP endpoints, but real protection/reveal requires a live CipherTrust CRDP service.
• The example mcp.json uses a single MCP server named crdp; you can add more servers if needed by duplicating the structure with unique names.
• If you run into transport compatibility issues, verify MCP_TRANSPORT is either stdio or streamable-http and that your hosting environment allows the chosen transport type.