⚠️ Disclaimer: This script is an independent development and is not affiliated with, endorsed, approved, or supported by Thales Cyber Security Products (Thales CSP). Use this script at your own risk. We disclaim any responsibility for any issues, damages, or liabilities that may arise from its use.
CMINFO is a Python utility that presents CipherTrust information in an easy to visualize format.
Traditionally, the standard ksctl CLI tool returns all results as JSON structured output. This requires parsing the JSON with various methods to present information in a consumable format.
For example, to output a sorted list of keys with interesting fields, you could do the following in a bash shell:
ksctl keys list | jq -r '[.resources[] | {name: .name, algorithm: .algorithm, state: .state}] | sort_by(.name) | .[] | "\(.name), \(.algorithm), \(.state)"'With cminfo, the same results are displayed with:
cminfo.py key list
Prebuilt binaries for Linux and Windows are available under Releases. Binaries include the Python runtime and required modules.
- Python 3.6+
- Required Python libraries:
clickjsonrequestsurllib3datetimepython-dotenvrichtqdm
You can install the required libraries using pip:
pip install -r requirements.txtIt is recommended to create a separate environment first using venv or conda.
Compiled binaries can be generated using PyInstaller or cx_Freeze. For example, using PyInstaller:
pyinstaller -i .\images\logo.ico --onefile .\cminfo.pycminfo can use parameters, .env file, or environment variables for authentication into CipherTrust.
Run without any authentication information in the environment or passed on the CLI, cminfo will prompt for appropriate values.
If run with CLI parameters, cminfo will override any defaults or values received from the environment.
Usage: cminfo.py [OPTIONS] COMMAND [ARGS]...
Options:
-h, --host TEXT CipherTrust node FQDN or IP
-u, --username TEXT Username
-p, --password TEXT Password
-d, --domain TEXT Domain
-a, --authdomain TEXT Authentication domain
--debug
--version Show the version and exit.
--help Show this message and exit.For example, the command:
python .\cminfo.py -h cm1.aperture.lab -u admin -d root -a root key listThis prompts only for the password since the other values were provided as parameters.
cminfo will check for a .env file in the same directory. This file may provide defaults to the following:
CM_HOST=
CM_USER=
CM_PW=
CM_DOMAIN=root
CM_AUTHDOMAIN=root
CM_LIMIT=100The same values can also be pulled from the shell environment if no .env file is present.
To list alarms, use the following command:
Usage: cminfo.py alarm list [OPTIONS]
Options:
-l, --limit TEXT Maximum number of objects to show
--state [on|off]
--severity [info|warning|error|critical]
--help Show this message and exit.
List registered CTE client information:
Usage: cminfo.py cte client list [OPTIONS]
Options:
-l, --limit TEXT Maximum number of clients to show
--help Show this message and exit.
Show CTE client health information:
Usage: cminfo.py cte client health [OPTIONS]
Options:
-l, --limit TEXT Maximum number of clients to show
--help Show this message and exit.
List guardpoints on a specific client:
Usage: cminfo.py cte guardpoints [OPTIONS]
Options:
-c, --client TEXT client name or identifier [required]
-l, --limit TEXT Maximum number of clients to show
--help Show this message and exit.
Show CTE client authenticated binaries:
Usage: cminfo.py cte client auth [OPTIONS]
Options:
-c, --client TEXT client name or identifier [required]
--help Show this message and exit.
This is a convenience function to download the ksctl tool package from the CipherTrust Manager.
NOTE: cminfo does not required ksctl to function.
Usage: cminfo.py download ksctl [OPTIONS]
Options:
-h, --host TEXT Download from this CipherTrust node
-p, --path TEXT Download file to this directory
--help Show this message and exit.
To list protocol interfaces, use the following command:
Usage: cminfo.py interface list [OPTIONS]
Options:
-t, --type [kmip|nae|ssh|web]
--sort [port|interface_type|enabled|minimum_tls_version]
--help Show this message and exit.
To list key dates, use the following command:
Usage: cminfo.py key dates [OPTIONS]
Options:
-l, --limit TEXT Maximum number of objects to show
-s, --state [Pre-Active|Active|Deactivated|Destroyed|Compromised|Destroyed Compromised]
-t, --type [AES|RSA|EC|OPAQUE]
--help Show this message and exit.
To list key with all ID values, use the following command:
Usage: cminfo.py key ids [OPTIONS]
Options:
-l, --limit TEXT Maximum number of objects to show
-t, --truncate INTEGER only show first and last X characters
(default 8)
-s, --state [Pre-Active|Active|Deactivated|Destroyed|Compromised|Destroyed Compromised]
-a, --type [AES|RSA|EC|OPAQUE]
--sort [name|version|state|algorithm|exportable|deletable]
--latest Show only the latest key version
--help Show this message and exit.
Display all key labels currently applied to keys.
Usage: cminfo.py key labels [OPTIONS]
Options:
-l, --limit TEXT Maximum number of objects to show
--help Show this message and exit.
List all keys. Supports filtering by algorithm and state. Sorting is supported by column name.
Usage: cminfo.py key list [OPTIONS]
Options:
-l, --limit TEXT Maximum number of objects to show
-s, --state [Pre-Active|Active|Deactivated|Destroyed|Compromised|Destroyed Compromised]
-a, --type [AES|RSA|EC|OPAQUE]
--sort [name|version|state|algorithm|exportable|deletable]
--latest Show only the latest key version
--help Show this message and exit.
List all weak keys. Supports filtering by algorithm. Sorting is supported by column name.
Usage: cminfo.py key list [OPTIONS]
Options:
-l, --limit TEXT Maximum number of objects to show
-a, --type [AES|RSA|EC|OPAQUE]
--sort [name|version|state|algorithm|exportable|deletable]
--latest Show only the latest key version
--help Show this message and exit.
Show all schedule configurations.
Usage: cminfo.py schedule list [OPTIONS]
Options:
-l, --limit TEXT Maximum number of objects to show
--sort [name|version|state|algorithm|exportable|deletable]
Show the state of all CipherTrust microservices.
Usage: cminfo.py service list [OPTIONS]
Options:
--help Show this message and exit.
To CipherTrust node information, use the following command:
Usage: cminfo.py system info
Options:
--help Show this message and exit.
Show users not logged in for the past X days.
Usage: cminfo.py user inactive [OPTIONS]
Options:
-l, --limit TEXT Maximum number of objects to show
-d, --days TEXT Consider inactive if not logged in during this window
--help Show this message and exit.
Show login information for each user.
Usage: cminfo.py user logins [OPTIONS]
Options:
-l, --limit TEXT Maximum number of objects to show
--help Show this message and exit.