An MCP server for Database EKM/TDE operations using CipherTrust Application Key Management (CAKM). It provides multi-database support (SQL Server and Oracle) for managing EKM providers, encryption keys, wallets, and TDE configurations. The server uses resource-based management, organizing tools by the database objects they manage (e.g., keys, encryption, wallets) and exposing multiple operations per tool (such as create, list, rotate) to enable comprehensive lifecycle management. A unified status and auditing tool (status_tde_ekm) offers health, configuration, and compliance monitoring across both SQL Server and Oracle. Oracle-specific logic enables advanced TDE detection across various wallet configurations, including HSM-only, HSM with auto-login (migrated or not), and FILE wallet scenarios, with migration status recognition based on wallet order and TDE configuration. Core TDE operations include encryption, decryption, and management for multiple databases. The solution integrates with CipherTrust Manager through CAKM EKM, with CAKM providers on database servers handling communications to CipherTrust Manager. The architecture is MCP Server ↔ Database Server ↔ CAKM Provider/Library ↔ CipherTrust Manager. Features also cover automated key rotation (DEKs/MEKs) managed by CipherTrust. A quick start and demo resources illustrate setup and operation.