Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Commvault MCP Servershow me the status of recent backup jobs"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Commvault MCP Server
A Model Context Protocol (MCP) server for seamless integration with Commvault environments. This server enables AI agents to securely access and manage job details, commcell metrics, client and storage information, user permissions, plan configurations, and backup schedules.
Features
The Commvault MCP Server enables seamless integration with Commvault environments, offering the following:
Category | Features |
Job Management | • View job details and history • Control jobs (suspend, resume, resubmit, kill) • Monitor job status and performance |
Commcell Management | • Retrieve SLA status and compliance • View security posture and scores • Access storage space utilization metrics • Get commcell details and entity counts |
Client Management | • Access client groups and client information • Manage subclients and client properties • View client associations |
Storage Management | • View storage policies and configurations • Access storage pool information • Monitor storage resources |
User Management | • List users and user groups • Access security associations |
Plan Management | • View plan configurations and details • Access plan components and settings |
Schedule Management | • Access backup schedules • View schedule configurations • Monitor schedule performance |
DocuSign Integration | • Setup Docusign Vault & Workflow • Backup envelopes to Commvault S3 vault • List & restore DocuSign envelope backups |
Prerequisites
Before running the Commvault MCP Server, ensure the following requirements are met:
1. Python Environment
Python 3.11 or higher
uvpackage manager (used for dependency management and running the server)
2. Authentication & Security Configuration
The Commvault MCP Server supports two authentication methods:
Note: OAuth authentication is only supported for Commvault environments running SP42 CU 27 and above. OAuth must be properly configured in the CommServe before using this option.
When using OAuth authentication, you'll need:
Discovery Endpoint URL: The OAuth discovery/metadata endpoint
Client ID: Your OAuth application's client identifier
Client Secret: Your OAuth application's client secret
Required Scopes: Required OAuth scopes
Base URL: Base URL of the MCP Server
Important: The redirect URI must be set to
OAUTH_BASE_URL/auth/callbackin your OAuth provider's app/client configuration.
The following values will be collected during the setup process:
Commvault Access Credentials: You need a valid
access_tokenandrefresh_tokento authenticate with the Commvault API. Learn how to generate these tokens here: Creating an Access Token – Commvault DocsSecret Key: This secret must be included by the MCP Client in the
Authorizationheader of all tool requests. It acts as a security layer for tool access in remote server. You can set your own.
Important: When using traditional token-based authentication, the setup script requires a secure, OS-native keyring backend to store sensitive credentials securely. Only secure backends are allowed for security reasons.
Supported Secure Backends by Platform
Platform | Supported Backends | Description |
Windows |
| Uses Windows Credential Manager (Windows Vault) for secure storage |
macOS |
| Uses the native macOS Keychain for secure storage |
Linux |
| Uses Freedesktop Secret Service API (GNOME) or KWallet (KDE) for secure storage |
Setup
1. Clone the repository
2. Run the Setup Script
The setup script will guide you through configuration options including:
Transport mode (stdio, streamable-http, or sse)
Server connection details (for remote modes)
Authentication method (traditional tokens or OAuth)
OAuth configuration (if selected)
Secure token storage
3. Start the MCP Server
For production deployments, it is recommended to use a reverse proxy with TLS/HTTPS and security headers. The MCP server should bind to 127.0.0.1 (localhost only) to prevent direct public access.
Quick Setup
Configure MCP Server for localhost: Set
MCP_HOST=127.0.0.1in your.envfileInstall reverse proxy: Choose nginx or Caddy
Configure TLS: Use Let's Encrypt for automatic certificate management
Add security headers: Configure OWASP-recommended headers (HSTS, X-Frame-Options, CSP, etc.)
Update client config: Use
https://your-domain.com/mcpinstead ofhttp://HOST:PORT/mcp
Configuring Clients
Note:
npxis required while using Token-Based Authentication. You can get it by installing Node.js which includesnpxby default.
Refer to your AI client’s documentation for integration steps. For example, Claude requires specifying a server name and the MCP server URL in its connector configuration.
Additional Configuration
Note: These are optional configurations that extend the MCP server's capabilities.
When deployed behind a reverse proxy or load balancer, configure TRUSTED_PROXY_IPS environment variable with comma-separated proxy IP addresses to enable per-client rate limiting using the X-Forwarded-For header. For example:
The DocuSign backup integration enables backup of completed DocuSign envelopes to a Commvault S3 vault. This integration provides comprehensive document management capabilities including backup, listing, and restore operations.
Prerequisites
Environment Variable: Set
ENABLE_DOCUSIGN_TOOLS=truein your environmentCommvault S3 Vault: Configure an S3 endpoint in Commvault
Learn more: Getting Started with S3 Vault
DocuSign API Access: Valid DocuSign integration credentials
Configuration Files
Create the following files in the config/ directory:
1. DocuSign Configuration (docusign_config.json)
Based on the template file config/docusign_config_template.json:
2. DocuSign Private Key (docusign_key.pem)
Place your DocuSign private key file in the config/ directory as docusign_key.pem.
Contributing
We're continuing to add more functionality to this MCP server. If you'd like to leave feedback, file a bug or provide a feature request, please open an issue on this repository.
Pull requests are welcome! For major changes, please open an issue first to discuss what you would like to change.
License
This project is licensed under the Apache License. See the LICENSE file for details.