You can back up DocuSign to Commvault Unified Data Vault, allowing you to leverage Commvault's secure, scalable storage while maintaining your existing backup workflows.

Backing Up DocuSign to Unified Data Vault

DocuSign provides APIs that workload administrators use to extract and back up data to S3-compatible storage. Commvault's DocuSign backup and restore connector is a command-line application designed to automate the backup of completed DocuSign envelopes and associated documents to Commvault Unified Data Vault. With Commvault Unified Data Vault, you can replace your S3-compatible storage, keeping your backup scripts and standard operating procedures unchanged.

Getting Started

1. System Requirements:

   Requires a Linux machine that can access both DocuSign and the Commvault S3 endpoint.

2. Download the DocuSign backup and restore connector:

   Download from Commvault Store and follow the instructions in the readme file.

3. Configure the DocuSign Integration App:

   To obtain the required DocuSign integration details:

   1. Log in to your DocuSign admin dashboard.

   2. Navigate to Settings > Apps and Keys.

   3. Create or select an existing Integration App.

   4. Gather the following credentials:

      • Integration Key (Client ID)
      • User ID (API Username)
      • Authorization Server (typically account.docusign.com or account-d.docusign.com for demo)
      • RSA Private Key (downloadable once when generating a keypair; save the private key in a .pem file for use by the backup script)
      • Base API URL (Get it from https://developers.docusign.com/platform/api-endpoint-base-paths/ e.g., https://{server}.docusign.net/restapi/)

   Grant Application Consent:

   After creating the DocuSign integration app, you must grant consent for the application to access DocuSign on your behalf.

   1. In your web browser, navigate to the following URL, replacing the placeholder values with your actual configuration:

      https://account.docusign.com/oauth/auth?response_type=code&scope=signature%20impersonation&client_id=INTEGRATION_KEY&redirect_uri=REDIRECT_URI
      

      where:
   2. INTEGRATION_KEY = Your DocuSign client ID

   3. REDIRECT_URI = The redirect URI you configured in your DocuSign app

   4. Sign in with the DocuSign account credentials for the user you want to impersonate.

   5. Click Accept to grant the necessary permissions.

      The consent is now granted for your integration key and the DocuSign backup and restore connector can authenticate with DocuSign.

4. Backup admin configuration.

   Hosting an S3 endpoint is typically managed by backup, infrastructure, or MSP administrators who install, maintain, and host the endpoints for use by DocuSign workload and application administrators.

   1. Create an S3 endpoint.

5. Workload admin configuration.

   Creating S3 vaults, creating/associating S3 users, and using S3 Vaults for backup and restore are typically performed by DocuSign workload and application administrators.

   1. Create an S3 Vault.

   2. Get S3 Vault Keys.

Configuration

The DocuSign backup and restore connector uses a config.yaml file to store DocuSign and S3 Vault connection details. You can use environment variables for sensitive credentials.

Example configuration:

docusign:
  integrationKey: "${DOCUSIGN_APP_KEY}"
  userId: "${DOCUSIGN_APP_USER_ID}"
  authServer: "account-d.docusign.com"
  privateKeyPath: "${DOCUSIGN_APP_PRIVATE_KEY}"
  scopes: "signature impersonation"
  basePath: "https://demo.docusign.net/restapi"

aws:
  endpoint: "http://s3-vault-endpoint:port/S3"
  bucket: "docusign"
  accessKeyId: "${S3_VAULT_ACCESS_KEY}"
  secretAccessKey: "${S3_VAULT_KEY_SECRET}"
  region: "east-us-1"

fromDate: "2024-07-01T00:00:00Z"

Configuration Parameters:

• docusign.integrationKey - DocuSign integration app key or environment variable
• docusign.userId - DocuSign app user ID or environment variable
• docusign.authServer - DocuSign auth server (e.g., account.docusign.com)
• docusign.privateKeyPath - Path to RSA private key file or environment variable
• docusign.scopes - Required scopes: signature impersonation
• docusign.basePath - DocuSign API base path (e.g., https://{server}.docusign.net/restapi/)
• aws.endpoint - Commvault S3 Vault endpoint
• aws.bucket - S3 bucket name for backups
• aws.accessKeyId - S3 Vault access key or environment variable
• aws.secretAccessKey - S3 Vault secret key or environment variable
• aws.region - Typically east-us-1 for Commvault S3 Vault
• fromDate - Start date for envelope backup (format: 2024-07-01T00:00:00Z); if not specified, defaults to last 7 days

Run DocuSign Backup

Use the following command to back up completed DocuSign envelopes to S3 Vault:

./backup_docusign --backup --backupConfigFile ./config.yaml

Optional parameters: - --bucket - Override S3 bucket name from config - --backupConfigFile - Path to configuration file (default: .backup_config.ini)

List DocuSign Backups

Use the following command to view available backups stored in S3:

./backup_docusign --list-backup

To list backups from a specific path, use the following command:

./backup_docusign --list-backup --from 2025-08-01/

Example output:

2025-09-25 09:10:34,769 [INFO] docusign_backup: ----- Starting List Backup -----
2025-09-25 09:10:34,944 [INFO] docusign_backup: Listing backup folders from: [/], bucket: [docusign_1]
2025-09-25 09:10:36,400 [INFO] docusign_backup: 2025-09-25
2025-09-25 09:10:37,263 [INFO] docusign_backup:    └── 2025-09-25/c54ec92c-30df-48da-a8f3-5dc5d46c7976/Summary.pdf
2025-09-25 09:10:37,263 [INFO] docusign_backup:    └── 2025-09-25/c54ec92c-30df-48da-a8f3-5dc5d46c7976/Test doc for sign 1.docx.pdf
2025-09-25 09:10:37,263 [INFO] docusign_backup:    └── 2025-09-25/c54ec92c-30df-48da-a8f3-5dc5d46c7976/metadata.json
2025-09-25 09:10:37,264 [INFO] docusign_backup: docusign-backup
2025-09-25 09:10:38,055 [INFO] docusign_backup:    └── docusign-backup/last-run.txt
2025-09-25 09:10:38,056 [INFO] docusign_backup: ----- END List Backup -----

Restore DocuSign Backups

Use the following command to restore a specific backup from S3 to a local folder:

./backup_docusign --restore --from 2025-08-01/0252f683-60d9-4b48-a447-a751ad7397ec

To restore all backups, use the following command:

./backup_docusign --restore --from /

Optional parameters: - --restore-path - Local path for restored files (default: ./restored)

Example output:

2025-11-28 17:40:38,670 [INFO] docusign_backup: ----- Starting Restore From Backup -----
2025-11-28 17:40:38,671 [INFO] docusign_backup: Files will be restored to 'restored' directory.
2025-11-28 17:40:38,837 [INFO] docusign_backup: Restoring backup from: 2025-11-28/c54ec92c-30df-48da-a8f3-5dc5d46c7976
2025-11-28 17:40:41,176 [INFO] docusign_backup: Restored: 2025-11-28/c54ec92c-30df-48da-a8f3-5dc5d46c7976/Summary.pdf --> restored/2025-11-28/c54ec92c-30df-48da-a8f3-5dc5d46c7976/Summary.pdf
2025-11-28 17:40:41,190 [INFO] docusign_backup: Restored: 2025-11-28/c54ec92c-30df-48da-a8f3-5dc5d46c7976/Test doc for sign 1.docx.pdf --> restored/2025-11-28/c54ec92c-30df-48da-a8f3-5dc5d46c7976/Test doc for sign 1.docx.pdf
2025-11-28 17:40:41,215 [INFO] docusign_backup: Restored: 2025-11-28/c54ec92c-30df-48da-a8f3-5dc5d46c7976/metadata.json --> restored/2025-11-28/c54ec92c-30df-48da-a8f3-5dc5d46c7976/metadata.json
2025-11-28 17:40:41,241 [INFO] docusign_backup: ----- End Restore From Backup -----

Command Reference

Usage:

./backup_docusign [--backup] [--list-backup] [--restore] [--from PATH] [--backupConfigFile FILE] [--bucket NAME] [--restore-path PATH]

Options: