mcp-privilege-cloud
mcp-privilege-cloud is a Python library aimed at managing privileges in cloud environments. It helps in monitoring and managing privileged accounts to reduce security risks. However, its features are limited, and it may not perform as well as more mature tools in the market.
GitHub Stars
1
User Rating
Not Rated
Favorites
0
Views
6
Forks
2
Issues
1
CyberArk Privilege Cloud MCP Server
A production-ready Model Context Protocol (MCP) server for comprehensive CyberArk Privilege Cloud integration using the official ark-sdk-python library. Provides complete privileged access management through 53 enterprise-grade MCP tools covering all CyberArk PCloud services with session monitoring capabilities.
Features
- Complete Account Lifecycle: Create, read, update, delete accounts with advanced search and password management (18 tools)
- Comprehensive Safe Operations: Full CRUD operations plus member management with granular permissions (11 tools)
- Platform Management: Complete platform lifecycle including statistics, import/export, and target platform operations (12 tools)
- Applications Management: Full application lifecycle with authentication method management and statistics (9 tools)
- Session Monitoring: Real-time session tracking, activity monitoring, and analytics (6 tools)
- Advanced Analytics: Account filtering, grouping, distribution analysis, and environment categorization
- Enterprise Security: Built on official ark-sdk-python with OAuth, audit logging, and comprehensive error handling
- Production Ready: 160+ passing tests, zero regression, complete API coverage with exact data fidelity
Prerequisites
- Python 3.10+
- CyberArk Privilege Cloud service account
Installation
# Recommended: Install from GitHub repository
uvx --from git+https://github.com/aaearon/mcp-privilege-cloud.git mcp-privilege-cloud
# Development: Clone repository
git clone https://github.com/aaearon/mcp-privilege-cloud.git
cd mcp-privilege-cloud
uv sync
Configuration
Create .env file with required credentials:
CYBERARK_CLIENT_ID=your-service-account-username
CYBERARK_CLIENT_SECRET=your-service-account-password
Test configuration:
python -c "from mcp_privilege_cloud.server import CyberArkMCPServer; import asyncio; server = CyberArkMCPServer.from_environment(); print('Health:', asyncio.run(server.health_check())['status'])"
Usage
Running the Server
# Production
uvx --from git+https://github.com/aaearon/mcp-privilege-cloud.git mcp-privilege-cloud
# Development
uv run mcp-privilege-cloud
# Module execution
python -m mcp_privilege_cloud
Available Tools (53 Total)
Account Management (18 tools):
- Core Operations:
list_accounts,get_account_details,search_accounts,create_account,update_account,delete_account - Password Management:
change_account_password,set_next_password,verify_account_password,reconcile_account_password - Advanced Search:
filter_accounts_by_platform_group,filter_accounts_by_environment,filter_accounts_by_management_status,group_accounts_by_safe,group_accounts_by_platform,analyze_account_distribution,search_accounts_by_pattern,count_accounts_by_criteria
Safe Management (11 tools):
- Core Operations:
list_safes,get_safe_details,add_safe,update_safe,delete_safe - Member Management:
list_safe_members,get_safe_member_details,add_safe_member,update_safe_member,remove_safe_member
Platform Management (12 tools):
- Core Operations:
list_platforms,get_platform_details,import_platform_package,export_platform - Lifecycle Management:
duplicate_target_platform,activate_target_platform,deactivate_target_platform,delete_target_platform - Statistics:
get_platform_statistics,get_target_platform_statistics
Applications Management (9 tools):
- Core Operations:
list_applications,get_application_details,add_application,delete_application - Auth Methods:
list_application_auth_methods,get_application_auth_method_details,add_application_auth_method,delete_application_auth_method - Statistics:
get_applications_stats
Session Monitoring (6 tools):
- Session Management:
list_sessions,list_sessions_by_filter,get_session_details,count_sessions - Activity Tracking:
list_session_activities,get_session_statistics
Client Integration
Claude Code
Add the MCP server using the Claude Code CLI:
# Add MCP server from GitHub repository with environment variables
CYBERARK_CLIENT_ID=your-service-account-username CYBERARK_CLIENT_SECRET=your-service-account-password claude mcp add cyberark-privilege-cloud -- uvx --from git+https://github.com/aaearon/mcp-privilege-cloud.git mcp-privilege-cloud
Claude Desktop
Add to your Claude Desktop MCP settings file:
{
"mcpServers": {
"cyberark-privilege-cloud": {
"command": "uvx",
"args": [
"--from",
"git+https://github.com/aaearon/mcp-privilege-cloud.git",
"mcp-privilege-cloud"
],
"env": {
"CYBERARK_CLIENT_ID": "your-service-account-username",
"CYBERARK_CLIENT_SECRET": "your-service-account-password"
}
}
}
}
Testing with MCP Inspector
Quick Start:
npx @modelcontextprotocol/inspector
Configure with server command uvx --from git+https://github.com/aaearon/mcp-privilege-cloud.git mcp-privilege-cloud and your service account credentials. Should show 53 tools available across all CyberArk PCloud services including session monitoring.
For comprehensive testing procedures, see DEVELOPMENT.md.
Testing
Unit/Integration Tests
# Run all tests
uv run pytest
# Run with coverage
uv run pytest --cov=mcp_privilege_cloud
# Integration tests
uv run pytest -m integration
MCP Inspector CLI Testing
For programmatic testing and LLM-driven validation:
# Install inspector (one-time setup)
npm install @modelcontextprotocol/inspector
# Test with the single-file testing script
python test_mcp_cli.py health_check # Server health check
python test_mcp_cli.py list_tools # List all 53 tools
python test_mcp_cli.py call_tool list_accounts # Test specific tool
python test_mcp_cli.py generate_report # Full test report
# Python API for LLMs
from test_mcp_cli import MCPTester
tester = MCPTester()
tools = tester.list_tools() # Get all tools
health = tester.test_server_health() # Health check
The test_mcp_cli.py script provides a single-file solution for programmatic MCP server testing, designed for LLM integration and ad-hoc validation.
Troubleshooting
Common Issues:
- Missing environment variables: Create
.envfile with credentials - Authentication failed: Verify service account in CyberArk Identity
- Permission errors: Ensure safe permissions for service account
- Connection issues: Verify
.clouddomain (not.com)
Quick Health Check:
python -c "from mcp_privilege_cloud.server import CyberArkMCPServer; import asyncio; server = CyberArkMCPServer.from_environment(); print('Status:', asyncio.run(server.health_check())['status'])"
Documentation
- API Reference - Complete tool specifications
- Development Guide - Architecture and contributing
- Testing Guide - Detailed testing instructions
Security
- Never commit credentials to version control
- Use secure environment variable management
- Grant minimal required permissions to service accounts
- Official SDK provides automatic token management and secure protocols
License
MIT License - see LICENSE file for details.
Support
For issues and feature requests, please use the GitHub Issues page.
The Cyberbro MCP Server is a simple application that extracts Indicators of Compromise (IoCs) from unstructured input and checks their reputation using multiple threat intelligence services. It leverages the Model Context Protocol (MCP) to facilitate interaction with the Cyberbro platform.
The MCP Vulnerability Checker Server offers a comprehensive suite of security vulnerability intelligence tools, including CVE lookup, EPSS scoring, CVSS calculation, exploit detection, and Python package vulnerability checking. It is hosted and can be easily connected from clients.