Your suggested change has been received. Thank you.


Suggest A Change….


CTE Administration



Please Note:


This section provides an overview of the CipherTrust Manager interfaces.


The CipherTrust Manager includes a CLI tool, named ksctl, that can be downloaded and run locally to control a remote CipherTrust Manager appliance. ksctl exclusively uses the REST API to communicate with the CipherTrust Manager, so anything that you can do with the tool, you can also do directly with the REST API. Conversely, ksctl exposes most of the functionality of the REST API. It can perform management functions, such as managing registration tokens and clients.

ksctl is designed to be run from a remote system, not on the CipherTrust Manager itself.

To use the CLI:

  1. Open the CipherTrust Manager URL in a browser.

  2. Click the API & CLI Documentation link. The API playground is displayed.

  3. At the top left, click CLI Guide. The CLI documentation is displayed.

  4. At the top right, click the CLI download button. This downloads the file.

  5. Unzip the file. The extracted files contain platform specific files. For example, the file for Windows is ksctl-win-amd64, and for Linux, the file is ksctl-linux-amd64.

  6. Set up the ksctl-<os> file for your system. Refer to the CipherTrust Manager CLI documentation for details.

  7. Run ksctl cte to run CipherTrust Transparent Encryption specific commands.

Refer to the CipherTrust Manager documentation for details. For details on commands related to CipherTrust Transparent Encryption, refer to the online documentation of ksctl cte.


Use the REST interface from the API playground or through any REST client such as curl. The REST interface acquires an authorization token internally and uses it for making API calls.

Acquiring an Authorization Token

To acquire a token:

  1. Open the CipherTrust Manager URL in a browser.

  2. Click the API & CLI Documentation link. The API playground is displayed.

  3. At the top right, click Authenticate.

  4. Enter username and password.

  5. Click POST.

This acquires an API token and prefills it in the playground examples. The token expires in 300 seconds (5 minutes). When it expires, use this tool again to acquire a new token.

On successful token generation, the remaining token expiry time in seconds is displayed. Two new buttons, Clear Credentials and Re Authenticate, are also displayed at the top right.

Using the Token

The authorization token acquired above is used in examples in the API playground. The token expires in 5 minutes; if expired, generate a new token, as described in Acquiring an Authorization Token.

Making an API Call

To make an API call, find the API in the left pane and click it. In the right pane, specify the required parameters, and click an appropriate button (for example, POST, GET, DELETE, or Curl). For example, to create a CTE policy on CipherTrust Manager:

  1. In the left pane of the API playground, click CTE/Policies.

  2. Under cte/policies, click Create. The Create section of the API playground is displayed in the right pane.

  3. In the body field, specify required parameters with their values, as shown below.

        "name": "TestPolicy",
        "policy_type": "Standard",
        "never_deny": false,
        "security_rules": [
                "effect": "permit",
                "action": "all_ops",
                "partial_match": false,
                "resource_set_id": "TestResourceSet",
                "exclude_resource_set": true

    Expand schema under the body field for names and types of fields. Hover your mouse over each field to view its description. The parameter names and casing in the body field must match with those shown in the schema. Also, ensure that parameters and their values are specified in double quotes.

  4. Click POST.

Alternatively, to get an equivalent curl command, click the Curl button. The curl equivalent will be shown in the text field below. Use the curl tool to run the command to make the REST API call.

Similarly, all API calls can be made by referring to the schema shown in the playground.


Use the CipherTrust Manager's GUI (also called the Management Console) to perform management functions such as managing profiles, policies, clients and client groups, and GuardPoints. These functions can also be performed using the CLI tool or the REST API.

To use the GUI:

  1. Open the CipherTrust Manager URL in a browser.

  2. Enter Username and Password.

  3. Click Log In. By default, the Products page is displayed.

  4. Click Transparent Encryption to open the application.

The Clients page of the Transparent Encryption GUI is displayed, as shown below.

The main components of a Transparent Encryption GUI are:

App SwitcherApp switcher. Click to view and switch to another application such as Access Management and Admin Settings.
Thales LogoThales logo.
CTE HomeApplication name. For CTE, Transparent Encryption is displayed.
Server InfoVersion and Server Info icon. Click to view the name, appliance name, and version of the CipherTrust Manager.
API LinkLink to the API playground.
Help IconLink to the CipherTrust Manager product documentation.
Logged on UserLogged in user. Click to switch domains, view and update user settings (Email address and password), and log out.

Left Pane

Contains links to manage CTE resources - clients, policies, reports, and settings etc.

Left pane

ClientsClick to manage clients and client groups. The Clients page is the displayed by default. Refer to Managing Clients and Managing Client Groups for details.
PoliciesClick to manage policies and policy elements—resource sets, user sets, process sets, and signature sets. Refer to Managing Policies for details.
ReportsClick to manage reports. Refer to Reports for details.
SettingsClick to manage settings such as profiles. Refer to Managing Profiles for details.


A page is the main working area that provides options to manage CTE resources. Depending on the selected option in the left pane, the page shows different types of information. These options are described in this document, where appropriate.

At any time, a page can either be in the list view or in the edit view. A sample screenshot of the list view of the Clients page is shown below. Most pages follow the similar pattern except that they show different content based on the resource being managed.

The sample page shown above can be divided into the following elements:

TitleShows the page name.
Status barShows the total number of clients added to the CipherTrust Manager, the number of clients with errors, warnings, healthy state. The status bar also shows the number of unregistered and expunged clients on the CipherTrust Manager. The status bar also acts as a filter. Click a health status to see the list of clients with that status.
Search box (Search box)Filters clients based on their partial or full names. Search is case-insensitive.
ListShows the clients based on the selected health status. By default, all the clients added to the CipherTrust Manager are displayed.
Compatibility Matrix buttonProvides an option to upload the kernel compatibility matrix.
Create Client buttonProvides an option to add a new client even before a CTE Agent is installed on it.
Delete icon (Delete icon)Deletes the selected clients. A message is prompted to confirm the action.
Check box (Check box)Provides an option to select a client for deletion or modification. Multiple clients can be selected to perform the delete operation on them. Use the check box provided just under the Search box to select all clients visible on the page.
Expand icon (Expand icon)Shows mini detail view of a client in the clients list.
Custom View icon (Custom View icon)Hides/shows optional columns. For example, click this icon on the Clients page shows:
Select or clear the desired column and click OK.
Overflow icon (Overflow icon)Shows additional options. Depending on the current state of a client, the options can vary.
PaginationHelps configure the number of records to display. By default, 10 records per page are displayed.
Tooltip icon(Tooltip icon)Shows the basic description about an element when the mouse pointer is moved over the tooltip icon. Click the Learn More link in the tooltip to view the related documentation.


CTE prompts toast notifications at the top right corner of the main page area. These notifications are shown when operations such as creation or deletion of an entity is performed.

Green success toast notifications are displayed for successful operations.

Red error notifications are displayed for failed operations.