GCM MCP Server
Enables interaction with IBM Guardium Cryptographic Manager (GCM) for cryptographic asset management, including authentication, asset inventory queries, policy violation tracking, and ticket management.
README
GCM MCP Server
IBM Guardium Cryptographic Manager (GCM) MCP Server - A Model Context Protocol server for interacting with IBM GCM's cryptographic asset management platform.
Overview
This MCP server provides tools to interact with IBM Guardium Cryptographic Manager, enabling:
- Authentication and session management
- Cryptographic asset inventory queries (keys, certificates, protocols)
- Policy violation tracking and ticket management
- Service discovery and API exploration
Prerequisites
- Podman or Docker installed
- Python 3.10+ (for local development)
- Access to an IBM GCM instance
- GCM credentials (username, password, client secret)
Quick Start with Podman
1. Build the Podman Image
# Clone the repository
git clone <repository-url>
cd gcm-mcp-server
# Create .env file from example
cp env.example .env
# Edit .env with your GCM credentials
nano .env # or use your preferred editor
# Build the image
podman build -t gcm-mcp-server:latest .
2. Run the Container
# Run with volume mount for persistent key storage
podman run -d \
--name gcm-mcp-server \
-p 8002:8002 \
-v gcm-keys:/data \
--env-file .env \
gcm-mcp-server:latest
# Check if the server is running
podman logs gcm-mcp-server
# Verify health
curl http://localhost:8002/health
Expected health response:
{
"status": "ok",
"server": "GCM MCP Server",
"version": "1.0.0",
"transport": "sse",
"auth_required": true
}
3. Generate an API Key
The API key is required for Bob IDE to authenticate with the MCP server.
# Generate a new API key (must be run from within the running container or edit server.py on line 101 and add your machines ip)
curl -X POST http://localhost:8002/admin/keys \
-H "Content-Type: application/json" \
-d '{"user": "bob-ide-user"}'
Response:
{
"key": "gcm_1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcd",
"user": "bob-ide-user",
"created": "2026-03-13T17:00:00Z",
"key_prefix": "gcm_1234"
}
Important: Save the key value - you'll need it for Bob IDE configuration.
4. Configure Bob IDE
Step 1: Locate Bob's MCP Configuration
Bob IDE stores MCP server configurations in:
- macOS:
~/.bob/mcp_settings.json - Linux:
~/.bob/mcp_settings.json - Windows:
%USERPROFILE%\.bob\mcp_settings.json
Step 2: Add GCM MCP Server Configuration
Edit the configuration file and add the GCM MCP server:
{
"mcpServers": {
"gcm-mcp-server": {
"url": "http://localhost:8002/sse",
"transport": "sse",
"headers": {
"Authorization": "Bearer gcm_1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcd"
}
}
}
}
Replace the Bearer token with your actual API key from step 3.
Step 3: Restart Bob IDE
After adding the configuration, restart Bob IDE to load the new MCP server.
Step 4: Create a new "slash" command in Bob
add a new slash command name gcmapp via the chat window and add the following to the description
---
description: "this slash command will always use the gcm-mcp-server to execute commands"
---
When this slash command is executed, it will use the gcm-mcp-server to run the command and return the output.
Step 5: Verify Connection in Bob IDE
In Bob IDE, you should now be able to use the /gcmmcp command to interact with GCM:
/gcmmcp Get a summary of all cryptographic assets
/gcmmcp List open tickets
/gcmmcp Show authentication status
list of example prompts to use in Bob IDE
The following file contains an extensive list to be used in Bob IDE GCM-MCP-EXAMPLE-PROMPTS.md
Configuration
Environment Variables
Create a .env file with the following variables:
# Required - GCM Server Connection
GCM_HOST=your-gcm-hostname.com
GCM_USERNAME=your_username
GCM_PASSWORD=your_password
GCM_CLIENT_SECRET=your_client_secret
# Optional - Ports (defaults shown)
GCM_API_PORT=31443
GCM_KEYCLOAK_PORT=30443
# Optional - Authentication
GCM_CLIENT_ID=gcmclient
GCM_AUTH_MODE=auto
# Optional - SSL & Timeouts
GCM_VERIFY_SSL=false
GCM_REQUEST_TIMEOUT=30
# Optional - MCP Server
GCM_MCP_KEY_STORE_PATH=/data/keys.json
GCM_LOG_LEVEL=INFO
Key Store Persistence
The API keys are stored in /data/keys.json inside the container. To persist keys across container restarts, use a volume:
# Create a named volume
podman volume create gcm-keys
# Run with volume mount
podman run -d \
--name gcm-mcp-server \
-p 8002:8002 \
-v gcm-keys:/data \
--env-file .env \
gcm-mcp-server:latest
API Key Management
List All Active Keys
curl http://localhost:8002/admin/keys
Response:
{
"keys": [
{
"key_prefix": "gcm_1234",
"user": "bob-ide-user",
"created": "2026-03-13T17:00:00Z"
}
]
}
Revoke a Key
curl -X DELETE http://localhost:8002/admin/keys/gcm_1234
Note: Admin endpoints are only accessible from localhost for security.
Available MCP Tools
The GCM MCP Server provides three main tools:
1. gcm_auth - Authentication Management
Manage GCM authentication sessions.
Actions:
login- Authenticate with GCMlogout- End current sessionstatus- Check authentication statusrefresh- Refresh authentication token
2. gcm_api - API Operations
Execute any GCM API operation.
Parameters:
service- Service name (e.g., "assetinventory", "tde", "clm")operation- Operation to perform (e.g., "assets.list_certificates")method- HTTP method (GET, POST, PUT, DELETE)endpoint- Direct API endpoint pathbody- Request body (for POST/PUT)params- Query parameters
3. gcm_discover - Service Discovery
Discover available GCM services and endpoints.
Categories:
services- List all available servicesendpoints- List endpoints for a specific service
Container Management
View Logs
# Follow logs in real-time
podman logs -f gcm-mcp-server
# View last 100 lines
podman logs --tail 100 gcm-mcp-server
Stop the Container
podman stop gcm-mcp-server
Start the Container
podman start gcm-mcp-server
Remove the Container
podman rm -f gcm-mcp-server
Rebuild After Changes
# Stop and remove existing container
podman rm -f gcm-mcp-server
# Rebuild image
podman build -t gcm-mcp-server:latest .
# Run new container
podman run -d \
--name gcm-mcp-server \
-p 8002:8002 \
-v gcm-keys:/data \
--env-file .env \
gcm-mcp-server:latest
Local Development (Without Container)
Install Dependencies
# Create virtual environment
python -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate
# Install dependencies
pip install -r requirements.txt
Run Locally
# SSE mode (for Bob IDE)
python -m src.server --transport sse --host 0.0.0.0 --port 8002
# Stdio mode (for local testing)
python -m src.server
Troubleshooting
Container Won't Start
# Check container logs
podman logs gcm-mcp-server
# Verify .env file is present and correct
cat .env
# Test GCM connectivity
curl -k https://your-gcm-host:31443/health
Bob IDE Can't Connect
-
Verify server is running:
curl http://localhost:8002/health -
Check API key is valid:
curl http://localhost:8002/admin/keys -
Verify Bob IDE configuration:
- Check
~/.bob/mcp_settings.jsonexists - Verify API key matches
- Ensure URL is
http://localhost:8002/sse
- Check
-
Check firewall settings:
# On Linux/macOS sudo lsof -i :8002 # On Windows netstat -ano | findstr :8002
Authentication Failures
-
Verify GCM credentials in .env:
podman exec gcm-mcp-server cat .env -
Test GCM authentication manually:
curl -X POST http://localhost:8002/admin/test-auth -
Check GCM server accessibility:
curl -k https://your-gcm-host:31443/health
API Key Issues
- Keys are only accessible from localhost for security
- Use
curlfrom the same machine running the container - Keys are stored as SHA-256 hashes in
/data/keys.json
Security Considerations
- API Keys: Stored as SHA-256 hashes, never in plain text
- Admin Endpoints: Restricted to localhost only
- SSL Verification: Set
GCM_VERIFY_SSL=truein production - Credentials: Never commit
.envfile to version control - Network: Consider using
--network hostfor production deployments
Support
For issues, questions, or contributions:
- Review the detailed setup guide
- Check container logs:
podman logs gcm-mcp-server - Verify health endpoint:
curl http://localhost:8002/health
Original Repository
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.