GCM MCP Relay
A secure, Docker-based relay service that sits between AI coding agents and IBM Guardium Cryptography Manager's built-in MCP server, providing simplified authentication and audit logging.
Overview
IBM Guardium Cryptography Manager (GCM) 2.0.1 includes a built-in MCP server with tools for managing cryptographic assets, certificates, and policies. However, direct access from AI agents is challenging due to:
- Complex OAuth2/OIDC authentication flow
GCM MCP Relay solves these problems by:
- ✅ Docker-first deployment: Containerized for consistent, portable deployment
- ✅ Transparent authentication: Handles OAuth2/OIDC flow automatically
- ✅ stdio transport mode: Local AI agent integration
- ✅ Pass-through architecture: All GCM tools exposed (access controlled by GCM)
Architecture
graph TB
subgraph docker_host["PC / Laptop (Docker Host)"]
agent["AI Coding Agent<br/>(IBM Bob / Cursor)"]
subgraph container["Docker Container: GCM MCP Relay"]
relay["- Authentication management<br/>- Audit logging<br/>- Tool pass-through"]
end
agent -->|stdio| relay
end
relay -->|"HTTPS + Bearer JWT"| gcm["GCM Built-in MCP Server<br/>(streamable-http, 26 tools, RBAC enforced)"]
style docker_host fill:#f9f9f9,stroke:#333,stroke-width:2px
style container fill:#e3f2fd,stroke:#1976d2,stroke-width:2px
style agent fill:#fff3e0,stroke:#f57c00,stroke-width:2px
style relay fill:#e8f5e9,stroke:#388e3c,stroke-width:2px
style gcm fill:#fce4ec,stroke:#c2185b,stroke-width:2pxFeatures
- ✅ Docker deployment: Multi-stage build, non-root user, minimal image
- ✅ stdio mode: Local development with AI coding agents
- ✅ Authentication: Automatic OAuth2/OIDC token management
- ✅ Tool Pass-through: All GCM tools exposed (no filtering)
- ✅ Configuration: TOML config + environment variables
🚀 Quick Start
📖 For detailed setup instructions, see QUICKSTART.md
Prerequisites
- Docker Desktop (or Docker Engine + Docker Compose)
- IBM Bob or other MCP client
- GCM credentials (username, password, client secret)
- Git (for cloning the repository)
Setup (3 Steps)
- Clone and configure: Copy
.env.exampleto.envand add your GCM credentials - Build container:
docker compose build - Configure IBM Bob: Add relay to
mcp_settings.json
See QUICKSTART.md for detailed instructions.
Testing
Test the relay locally before connecting to IBM Bob:
# Make test script executable (Linux/macOS/WSL)
chmod +x scripts/test-mcp.sh
# Run MCP protocol test
./scripts/test-mcp.shExpected output: ``` === GCM MCP Relay Test Script ===
Test 1: Initialize { "protocolVersion": "2024-11-05", "serverInfo": { "name": "gcm-mcp-relay", "version": "0.1.0" }, "capabilities": { "tools": {} } }
Test 2: List Tools Found 32 tools
{ "name": "search_policies", "description": "Retrieve policies filtered by policy_type..." } { "name": "fetch_policy_by_id", "description": "Retrieve one or more policies by their unique policy IDs..." } ... (showing first 10 tools)
Summary:
- Initialize: ✓ Success
- Tools List: ✓ Success (32 tools)
### Verification
Test relay startup
docker compose run --rm gcm-mcp-relay
Check logs
docker compose logs gcm-mcp-relay
Verify configuration
docker compose config ```
Alternative: Native Python Installation
If you prefer to run without Docker:
# Create virtual environment
python -m venv venv
source venv/bin/activate # Windows: venv\Scripts\activate
# Install dependencies
pip install -r requirements.txt
# Set environment variables
export GCM_USERNAME="your-username"
export GCM_PASSWORD="your-password"
export GCM_CLIENT_SECRET="your-client-secret"
# Run relay
python -m src --mode stdio
# With custom config
python -m gcm_relay --mode stdio --config config/relay.tomlMCP Client Configuration
Cursor / Claude Desktop:
{
"mcpServers": {
"gcm": {
"command": "python",
"args": ["-m", "gcm_relay", "--mode", "stdio"],
"env": {
"GCM_USERNAME": "your-username",
"GCM_PASSWORD": "your-password",
"GCM_CLIENT_SECRET": "your-client-secret"
}
}
}
}📚 Documentation
Getting Started
- How to Obtain GCM_CLIENT_SECRET - Step-by-step guide to get Keycloak client secret
Architecture & Design
- Architecture Design - System architecture and component design
- Docker Deployment - Complete Docker deployment guide
- Implementation Guide - Configuration, logging, and error handling
- Authentication Design - OAuth2/OIDC authentication flows
- Tool Abstraction Design - Tool classification and exposure
- Project Structure - Directory layout and file organization
Configuration
Relay Configuration (config/relay.toml)
[relay]
mode = "stdio"
log_level = "WARNING" # DEBUG, INFO, WARNING, ERROR, CRITICAL
# WARNING recommended for production
[gcm]
url = "https://gcm.example.com:31443/ibm/mcp/mcp"
verify_ssl = false
[gcm.auth]
username = "" # Set via GCM_USERNAME
password = "" # Set via GCM_PASSWORD
client_id = "gcmclient"
client_secret = "" # Set via GCM_CLIENT_SECRET
[gcm.oidc]
host = "gcm.example.com"
port = 30443
realm = "gcmrealm"
[audit]
enabled = true
log_file = "logs/audit.jsonl"Log Levels
The relay supports five log levels:
DEBUG: Verbose logging including all MCP protocol details (for troubleshooting)INFO: Normal operation logs (default for development)WARNING: Errors and warnings only (recommended for production)ERROR: Only error messagesCRITICAL: Only critical failures
Production Recommendation: Use WARNING level to reduce log noise. Optional MCP methods like resources/list are logged at DEBUG level and won't appear in WARNING mode.
Viewing Logs: ```bash
Docker logs
docker compose logs gcm-mcp-relay
Follow logs in real-time
docker compose logs -f gcm-mcp-relay
Audit logs (tool invocations)
cat logs/audit.jsonl | jq ```
See QUICKSTART.md for detailed log configuration guide.
Available Tools
All tools from GCM MCP server are exposed. Access control is enforced by GCM's RBAC based on the authenticated user's roles.
Example Tools
- Policy Management:
search_policies,fetch_policy_by_id,create_policy - Violations:
get_violation_by_id,fetch_policy_violations_ticket,policy_violations_dashboard - Assets:
fetch_detailed_asset_list_by_it_assets,get_asset_groups, etc. - Crypto Objects:
fetch_detailed_asset_list_by_crypto_objects,get_vulnerable_crypto_objects_count, etc. - Certificates:
get_certificate_details,get_vault_details,renew_ca_signed_certificate,renew_self_signed_certificate - Users:
get_user_details_by_username
Access Control: Tool availability depends on the GCM user's assigned roles. Use dedicated service accounts with appropriate permissions.
Security
Credential Management
DO:
- ✅ Use environment variables for credentials
- ✅ Set restrictive file permissions (600) on config files
- ✅ Add config files to
.gitignore - ✅ Use separate credentials per environment
- ✅ Create dedicated GCM service accounts with minimal required permissions
DON'T:
- ❌ Commit credentials to version control
- ❌ Log credentials (even in debug mode)
- ❌ Store credentials in plaintext in shared locations
- ❌ Reuse credentials across environments
Access Control
- Access control enforced by GCM's native RBAC
- Configure user roles in GCM admin console
- Use dedicated service accounts for AI agents
- Comprehensive audit logging of all tool invocations
Network Security
- TLS required for GCM connections
- Certificate verification (production)
- Configurable timeouts
- Connection pooling
Audit Logging
All tool invocations are logged in structured JSON format:
{
"timestamp": "2026-03-27T08:00:00.123Z",
"event_type": "tool_invocation",
"tool_name": "search_policies",
"user": "gcm-service-account",
"arguments": {"query": "TLS"},
"result": {
"status": "success",
"duration_ms": 234
}
}Logs include:
- Tool invocations (success/failure)
- Authentication events
- System events
Development
Project Structure
gcm-mcp-relay/
├── src/gcm_relay/ # Source code
│ ├── server/ # MCP server (stdio)
│ ├── tools/ # Tool management
│ ├── auth/ # Authentication
│ ├── client/ # GCM MCP client
│ ├── audit/ # Audit logging
│ └── config/ # Configuration
├── scripts/ # Utility scripts
│ └── test-mcp.sh # MCP protocol test
├── docs/ # Documentation
├── config/ # Configuration files
└── logs/ # Log filesTesting
The project includes an MCP protocol test script to verify relay functionality:
# Make test script executable (Linux/macOS/WSL)
chmod +x scripts/test-mcp.sh
# Run MCP protocol test
./scripts/test-mcp.shThis tests:
- MCP protocol initialization (2024-11-05)
- Tool listing (all tools from GCM)
- JSON-RPC communication over stdio
See Testing section above for expected output.
Note: Unit tests with pytest are planned for future implementation. Currently, use the MCP protocol test script for validation.
Documentation
- Architecture Design - System architecture and design principles
- Project Structure - Directory layout and module organization
- Authentication Design - Authentication flows and token management
- Tool Abstraction Design - Tool classification and execution
- Implementation Guide - Configuration, logging, errors, deployment
Troubleshooting
Authentication Fails
# Check credentials
echo $GCM_USERNAME
echo $GCM_PASSWORD
echo $GCM_CLIENT_SECRET
# Check Keycloak is accessible
curl -k https://gcm.example.com:30443/realms/gcmrealm/.well-known/openid-configuration
# Test relay with MCP protocol
./scripts/test-mcp.shTool Access Denied
If a tool call fails with "access denied":
- Check GCM user roles in GCM admin console
- Verify the user has required permissions for the tool
- Review GCM audit logs for permission details
Connection Timeout
# Increase timeout in config
[gcm]
request_timeout = 60
# Check network connectivity
ping gcm.example.com
telnet gcm.example.com 31443Contributing
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
License
[License information]
References
Support
For issues and questions:
- GitHub Issues: https://github.com/khirazo/gcm-mcp-relay/issues
- Documentation: https://github.com/khirazo/gcm-mcp-relay/tree/main/docs
---
Made with ❤️ for secure AI integration with IBM Guardium Cryptography Manager
