How do I install Thales CDSP CRDP MCP Server?

Install Thales CDSP CRDP MCP Server with a single command: npx mdskills install sanyambassi/thales-cdsp-crdp-mcp-server. This downloads the skill files into your project and your AI agent picks them up automatically.

What platforms support Thales CDSP CRDP MCP Server?

Thales CDSP CRDP MCP Server works with Claude Code, Claude Desktop, Cursor, Vscode Copilot, Windsurf, Continue Dev, Gemini Cli, Amp, Roo Code, Goose. Skills use the open SKILL.md format which is compatible with any AI coding agent that reads markdown instructions.

← Back to MCP servers

Thales CDSP CRDP MCP Server

Name: Thales CDSP CRDP MCP Server: AI Agent Skill
Rating: 8 (1 reviews)
Author: sanyambassi

Verified

MCP ServerSecurityIntermediate

A Model Context Protocol (MCP) server that allows interacting with the CipherTrust RestFul Data Protection (CRDP) service. This MCP server enables AI applications and LLMs to securely protect and reveal sensitive data through the CipherTrust CRDP service. It supports both individual and bulk protect and reveal operations with versioning support. - Video 1: [https://youtu.be/O2pQRoykaaU] - Deployme

by @sanyambassi0Updated 1 weeks ago

Add this skill

npx mdskills install sanyambassi/thales-cdsp-crdp-mcp-server

Fork & Edit

Skill Advisor8.0

Well-documented MCP server enabling secure data protection/revelation through Thales CipherTrust CRDP with clear setup and examples

+Provides comprehensive tool descriptions with clear parameters and authorization requirements
+Includes detailed setup instructions, environment configuration, and integration guides for multiple AI assistants
+Supports bulk operations, versioning, and monitoring with good security awareness around JWT/username authorization
-Declares filesystem write and shell execution permissions without clear justification in the documentation

SKILL.md

Edit in Browser

1# Thales CDSP CRDP MCP Server
2 
3A Model Context Protocol (MCP) server that allows interacting with the CipherTrust RestFul Data Protection (CRDP) service.
4 
5## Overview
6 
7This MCP server enables AI applications and LLMs to securely protect and reveal sensitive data through the CipherTrust CRDP service. It supports both individual and bulk protect and reveal operations with versioning support.
8 
9## Demo Videos
10 
11- **Video 1**: [https://youtu.be/O2pQRoykaaU] - Deployment and usage with Cursor AI
12- **Video 2**: [https://youtu.be/ILNyWRYQUpw] - How to use the n8n workflows
13 
14## Features
15 
16- **Data Protection**: Protect sensitive data using Data Protection policies defined on the Thales CipherTrust manager.
17- **Data Revelation**: Securely reveal protected data with proper authorization (username/jwt)
18- **Bulk Operations**: Process multiple data items in single batch operations
19- **Versioning Support**: Handles external versioned, internal versioned, and version disabled protection policies.
20- **Monitoring**: Health checks and metrics collection
21- **Multiple Transports**: Support for stdio and HTTP transports
22 
23## Prerequisites
24 
25Before installing and running the CRDP MCP Server, ensure you have the following prerequisites installed:
26 
27- **Node.js** (v18 or higher)
28- **npm** (comes with Node.js)
29- **TypeScript** (installed globally)
30- **CRDP container running and registered with CipherTrust Manager** 
31 
32See [prerequisites](docs/prerequisites.md) for detailed installation instructions.
33 
34## Quick Start
35 
36### 1. Clone the Repository
37 
38```bash
39git clone https://github.com/sanyambassi/thales-cdsp-crdp-mcp-server.git
40cd thales-cdsp-crdp-mcp-server
41```
42 
43### 2. Install Dependencies
44 
45```bash
46npm install
47```
48 
49### 3. Build the Project
50 
51```bash
52npm run build
53```
54 
55### 4. Start the Server
56 
57#### For stdio transport (default):
58```bash
59npm start
60```
61 
62#### For HTTP transport:
63```bash
64MCP_TRANSPORT=streamable-http npm start
65```
66 
67## Configuration
68 
69### Environment Variables
70 
71| Variable | Description | Default |
72|----------|-------------|---------|
73| `CRDP_SERVICE_URL` | CRDP service endpoint for protect/reveal operations | `http://localhost:8090` |
74| `CRDP_PROBES_URL` | CRDP service endpoint for monitoring operations | `http://localhost:8080` |
75| `MCP_TRANSPORT` | Transport type (`stdio` or `streamable-http`) | `stdio` |
76| `MCP_PORT` | HTTP port (when using streamable-http) | `3000` |
77 
78### Setting Environment Variables
79 
80**Windows (PowerShell):**
81```powershell
82$env:CRDP_SERVICE_URL="http://crdp-server:8090"
83$env:MCP_TRANSPORT="streamable-http"
84```
85 
86**Windows (CMD):**
87```cmd
88set CRDP_SERVICE_URL=http://crdp-server:8090
89set MCP_TRANSPORT=streamable-http
90```
91 
92**Linux/macOS:**
93```bash
94export CRDP_SERVICE_URL="http://crdp-server:8090"
95export CRDP_PROBES_URL="http://crdp-server:8080"
96export MCP_TRANSPORT="streamable-http"
97export MCP_PORT="3000"
98```
99 
100## Available Tools
101 
102### Data Protection Tools
103 
104#### `protect_data`
105Protect a single piece of sensitive data.
106 
107**Parameters:**
108- `data` (required): The sensitive data to protect
109- `protection_policy_name` (required): CRDP protection policy name
110- `jwt` (optional, required if CRDP is running with JWT verification enabled): JWT token for authorization
111 
112> **Note:** If CRDP is running with JWT verification enabled, 'jwt' is required.
113 
114**Example:**
115```json
116{
117  "name": "protect_data",
118  "arguments": {
119    "data": "john.doe@example.com",
120    "protection_policy_name": "email_policy",
121    "jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
122  }
123}
124```
125 
126#### `protect_bulk`
127Protect multiple data items in a single batch operation.
128 
129**Parameters:**
130- `request_data` (required): Array of protection request objects
131- `jwt` (optional, required if CRDP is running with JWT verification enabled): JWT token for authorization
132 
133> **Note:** If CRDP is running with JWT verification enabled, 'jwt' is required.
134 
135**Example:**
136```json
137{
138  "name": "protect_bulk",
139  "arguments": {
140    "request_data": [
141      {
142        "protection_policy_name": "email_policy",
143        "data": "john.doe@example.com"
144      },
145      {
146        "protection_policy_name": "ssn_policy",
147        "data": "123-45-6789"
148      }
149    ]
150  }
151}
152```
153 
154### Data Revelation Tools
155 
156#### `reveal_data`
157Reveal a single piece of protected data.
158 
159**Parameters:**
160- `protected_data` (required): The protected data to reveal
161- `protection_policy_name` (required): Policy name used for protection
162- `external_version` (optional): Version information for the protected data
163- `username` (conditionally required): User identity for authorization (required if 'jwt' is not provided)
164- `jwt` (conditionally required): JWT token for authorization (required if 'username' is not provided)
165 
166> **Note:** At least one of 'username' or 'jwt' is required for reveal operations.
167 
168**Example:**
169```json
170{
171  "name": "reveal_data",
172  "arguments": {
173    "protected_data": "enc_abc123def456",
174    "username": "authorized_user",
175    "protection_policy_name": "email_policy",
176    "external_version": "1003000",
177    "jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
178  }
179}
180```
181 
182#### `reveal_bulk`
183Reveal multiple protected data items in a single batch operation.
184 
185**Parameters:**
186- `protected_data` (required): The protected data to reveal
187- `username` (required): User identity for authorization
188- `protection_policy_name` (required): Policy name used for protection
189- `external_version` (optional): From the output of the protect operation when using a protection policy with external versioning
190- `jwt` (optional): JWT token for authorization
191 
192**Example:**
193```json
194{
195  "name": "reveal_bulk",
196  "arguments": {
197    "username": "authorized_user",
198    "protected_data_array": [
199      {
200        "protection_policy_name": "email_policy",
201        "protected_data": "enc_abc123"
202      },
203      {
204        "protection_policy_name": "ssn_policy",
205        "protected_data": "enc_def456"
206      }
207    ],
208    "jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
209  }
210}
211```
212 
213### Monitoring Tools
214 
215#### `get_metrics`
216Get CRDP service metrics.
217 
218#### `check_health`
219Check CRDP service health status.
220 
221#### `check_liveness`
222Check CRDP service liveness.
223 
224## Versioning Support
225 
226The server supports Portection Policy versioning:
227 
228### 1. External Versioning
229Returns both protected data and external version:
230```
231Data protected successfully. Protected data: abcdefcLJTrU0Y8FKC
232External version: 1003000
233```
234 
235### 2. Internal Versioning
236Returns protected data with embedded version:
237```
238Data protected successfully. Protected data: 1001000Y57IlQvok1Ke
239```
240 
241### 3. Versioning Disabled
242Returns protected data only:
243```
244Data protected successfully. Protected data: BcmX5McZK6BB
245```
246 
247## Testing
248 
249For comprehensive testing instructions, see [testing](docs/testing.md).
250 
251## Integration with AI Assistants
252 
253This MCP server can be integrated with various AI assistants to enable secure data protection and revelation capabilities through natural language interactions.
254 
255### Supported AI Assistants
256 
257- **Cursor AI**
258- **Google Gemini**
259- **Claude Desktop**
260 
261### Quick Setup
262 
263All supported AI assistants use the same `mcp.json` configuration:
264 
265```json
266{
267  "mcpServers": {
268    "crdp": {
269      "command": "node",
270      "args": ["/path/to/your/crdp-mcp-server/dist/crdp-mcp-server.js"],
271      "env": {
272        "CRDP_SERVICE_URL": "http://your-crdp-server:8090",
273        "CRDP_PROBES_URL": "http://your-crdp-server:8080",
274        "MCP_TRANSPORT": "stdio"
275      }
276    }
277  }
278}
279```
280 
281### Usage Examples
282 
283After configuration, you can use natural language commands like:
284 
285- "Protect my email address john.doe@example.com using the email_policy"
286- "Reveal the protected data abc123def456 for user admin using protection policy ssn_policy"
287- "Check the health of my CRDP service"
288 
289For detailed setup instructions and troubleshooting, see [AI Assistant Integration Guide](docs/ai-assistants.md).
290 
291## n8n Integration
292 
293This project includes n8n workflow templates for creating conversational AI interfaces to the CRDP service:
294 
295### **n8n Templates**
296 
297- **`crdp_demo_mcp_server.json`**: MCP Server workflow that exposes CRDP tools
298- **`crdp_demo_mcp_client.json`**: MCP Client workflow with conversational AI interface. 
299**Note:** You will need an [OpenAI API key](https://platform.openai.com/api-keys) to use the conversational AI features. Sign up or generate a key at the OpenAI website.
300 
301### **Features**
302 
303- **Conversational Interface**: Protect and reveal data using natural language
304- **JWT Authorization**: Secure operations with optional JWT tokens
305- **Conversational Memory**: Maintains context across chat sessions
306- **Intelligent Tool Selection**: Automatically uses bulk operations for multiple data items
307- **Strict Security**: Always requires proper authorization parameters
308 
309### **Quick Setup**
310 
3111. **Import Workflows**: Import both JSON files into your n8n instance
3122. **Configure Credentials**: Add your OpenAI credentials to the MCP Client
3133. **Activate Workflows**: Enable both workflows
3144. **Start Chatting**: Use the chat interface to interact with CRDP
315 
316For detailed n8n setup instructions, see [n8n docs](n8n/README.md).
317 
318### Quick Test
319 
320Test the server using curl:
321 
322```bash
323# Test HTTP transport
324curl -X POST http://localhost:3000/mcp \
325  -H "Content-Type: application/json" \
326  -d '{
327    "jsonrpc": "2.0",
328    "id": 1,
329    "method": "tools/call",
330    "params": {
331      "name": "protect_data",
332      "arguments": {
333        "data": "test@example.com",
334        "protection_policy_name": "email_policy"
335      }
336    }
337  }'
338```
339 
340## Development
341 
342### Project Structure
343 
344```
345crdp-mcp-server/
346├── src/
347│   └── crdp-mcp-server.ts    # Main server implementation
348├── dist/                     # Compiled JavaScript output
349├── docs/                     # Documentation
350├── n8n/                      # n8n workflow templates
351├── package.json              # Project configuration
352├── scripts/				  
353│	└── test-server.ts	  # Test Script
354└── tsconfig.json             # TypeScript configuration
355```
356 
357### npm Commands
358 
359| Script | Description |
360|--------|-------------|
361| `npm start` | Start the server (stdio transport) |
362| `npm run dev` | Start development server with auto-reload |
363| `npm run build` | Compile TypeScript to JavaScript |
364| `npm run clean` | Clean the dist directory |
365 
366## Security Considerations
367 
368- All sensitive data is processed through the secure CRDP service
369- User authorization is required for all reveal operations
370- The server does not store sensitive data locally
371- This MCP server only supports CRDP running in no-tls mode
372 
373## Troubleshooting
374 
375### Common Issues
376 
3771. **"tsc is not recognized"**: Install TypeScript globally with `npm install -g typescript`
3782. **Connection refused**: Ensure CRDP service is running and accessible
3793. **404 errors**: Ensure correct protection policy names are being used
380 
381### Logs
382 
383The server outputs logs to stderr. Check for:
384- CRDP service connection status
385- Tool execution results
386- Error messages and stack traces
387 
388## Contributing
389 
3901. Fork the repository
3912. Create a feature branch
3923. Make your changes
3934. Add tests if applicable
3945. Submit a pull request
395 
396## License
397 
398This project is licensed under the MIT License (c) 2025 Thales Group. See the [LICENSE](LICENSE) file for details.
399 
400## Support
401 
402For issues and questions:
403- Check the [troubleshooting section](#troubleshooting)
404- Review the [testing documentation](docs/testing.md)
405- Open an issue on GitHub
406 
407 
408

Full transparency — inspect the skill content before installing.