MCP server by keylime
Keylime MCP
A Model Context Protocol (MCP) server for Keylime, the remote attestation framework for cloud and edge systems.
Requirements
This MCP server is a helper tool for working with Keylime. You need:
- A running Keylime verifier and Keylime registrar
- Keylime agents to monitor
- Network access to the Keylime API endpoints
- MCP Client (Claude Desktop, Cline, etc.) OR Podman for containers
Usage
There are two ways to use this MCP server:
Option 1: With MCP Client (Claude Desktop, Cline, etc.)
Build the server:
make mcp
You can move the binary anywhere you want (e.g., `/usr/local/bin/server).
Add to your MCP client config (e.g., ~/.config/Claude/claude_desktop_config.json):
{
"mcpServers": {
"keylime": {
"command": "/full/path/to/keylime-mcp/backend/server",
"env": {
"KEYLIME_CERT_DIR": "/full/path/to/keylime/certs/dir"
}
}
}
}
Replace /full/path/to/keylime-mcp with your actual path!
Replace /full/path/to/keylime/certs/dir with your cert directory! Certs should be in /var/lib/keylime/cv_ca but need read permissions.
Restart your MCP client. Done.
Option 2: Web UI (Podman)
make build
make up
Access at http://localhost:3000
Development
Run locally without containers:
# Backend
cd backend && go run *.go
# Frontend
cd frontend && pnpm dev
Commands
make build- Build containersmake up- Start containersmake down- Stop containersmake logs- View logsmake clean- Remove everythingmake ps- List containersmake help- Show all commandsmake mcp- Build MCP server binary file
Stack
- Backend: Go 1.23
- Frontend: React + TypeScript + Vite + Tailwind + shadcn/ui
- Container: Podman
About Keylime
Keylime is an open-source remote attestation framework that provides:
- Measured Boot verification via TPM
- Runtime Integrity monitoring with IMA
- Secure Enrollment and key management
- Policy-based Attestation with automated responses
Contributing
Contributions are welcome! This is an experimental project to explore MCP integration with Keylime.
License
Apache-2.0