Connect AI systems with your Commvault environment using the Commvault MCP Server. The server provides secure, read and write access to backup jobs, storage pools, users, and plans. It follows the Model Context Protocol (MCP) to enable automated visibility, faster decisions, and smoother protection workflows.
The Commvault MCP Server supports the following personas:
-
Backup admins: Monitor job health, and check SLAs. Query job history or assess failed jobs.
-
AI integrators and developers: Connect AI tools securely to Commvault using MCP endpoints and setup workloads such as DocuSign.
-
IT automation teams: Integrate Commvault workflows into other platforms such as ServiceNow.
To access the Commvault MCP Server repository on GitHub, click here.
Note
This feature is part of the Commvault Early Adopter program. The Commvault Early Adopter program was created to engage customer feedback on specific features. Commvault works with select customers to discuss, plan, and help deploy the feature release, and to proactively assist with any issues. If you are interested in becoming part of the Commvault Early Adopter program, please contact us at earlyadopter@commvault.com.
Configure MCP Server
-
Install Python 3.11 or higher and uv package manager on your machine.
-
To clone the repository, run:
git clone https://github.com/Commvault/commvault-mcp-server.gitcd commvault-mcp-server -
Run the setup script:
uv run setup.pyThe setup wizard guides you through choosing transport mode (such as stdio, streamable-http, or sse), providing connection details and selecting authentication type.
For supported authentication types and client configuration examples, see Supported Authentication Methods and Configure AI Clients.
-
Start the server:
uv run -m src.server
Supported Authentication Methods
The Commvault MCP Server supports the following authentication methods.
OAuth
OAuth is the preferred method that provides modern identity management through supported providers. Use OAuth when Commvault is configured with modern identity providers.
Important
OAuth authentication is supported only for Commvault environments running Innovation Release 11.42.27 and later. Ensure OAuth is configured in the CommServe before using this option.
You need the following information:
-
Discovery endpoint URL: The OAuth discovery/metadata endpoint.
-
Client ID: The OAuth application's client identifier.
-
Client secret: The OAuth application's client secret.
-
Base URL: The base URL of the MCP server.
-
Redirect URI: Set to
OAUTH_BASE_URL/auth/callbackin your OAuth provider's app/client configuration.
Token-based authentication
Use this authentication method when OAuth is not available.
You need the following:
-
A valid
access_tokenandrefresh_tokento authenticate with the Commvault API. For information about creating the access and refresh tokens, see Creating an Access Token. -
A secret key for MCP client access. This secret acts as a security layer for remote tool access and must be included by the MCP client in the Authorization header of all tool requests.
Configure AI Clients
The MCP server can connect with various AI clients. Each client requires its own configuration file or settings entry that define how it communicates with the MCP server. For detailed integration steps, see your AI client's documentation.
Note
npx is required if you use token-based authentication. You can get it by installing Node.js, which includes npx by default.
The following examples show Claude configurations for both remote and local setups.
Remote MCP Server
Client on Windows
{
"mcpServers": {
"Commvault": {
"command": "cmd",
"args": [
"/c",
"npx",
"mcp-remote",
"HOST:PORT/mcp",
"--header",
"Authorization: <secret stored in server keyring>"
]
}
}
}Streamable HTTP / SSE
{
"mcpServers": {
"Commvault": {
"command": "npx",
"args": [
"mcp-remote",
"HOST:PORT/mcp",
"--header",
"Authorization: <secret stored in server keyring>"
]
}
}
}Local MCP Server (STDIO)
Unix
{
"mcpServers": {
"Commvault": {
"command": "/path/to/.venv/bin/python",
"args": ["/path/to/src/server.py"]
}
}
}Windows
{
"mcpServers": {
"Commvault": {
"command": "C:\\YOUR\\PATH\\TO\\commvault-mcp-server\\.venv\\Scripts\\python.exe",
"args": ["C:\\YOUR\\PATH\\TO\\commvault-mcp-server\\src\\server.py"]
}
}
}Integrations
Extend the MCP Server with optional integrations to connect Commvault with third-party platforms.
DocuSign
Backup completed DocuSign envelopes to a Commvault S3 vault. Automate listing and restore operations directly through the AI assistant.
-
Set the following environment variable:
ENABLE_DOCUSIGN_TOOLS=true -
Configure an S3 vault in Commvault. For information about configuring an S3 vault, see Getting Started with S3 Vault.
-
In the
config/directory, perform the following:-
Create
docusign_config.jsonfile using the following template.Template for docusign_config file
{ "docusign": { "integrationKey": "YOUR_INTEGRATION_KEY_HERE", "userId": "YOUR_USER_ID_HERE", "authServer": "account-d.docusign.com", "scopes": "signature impersonation", "basePath": "https://demo.docusign.net/restapi" }, "fromDate": "YYYY-MM-DDTHH:MM:SSZ" } -
Add your DocuSign private key file
docusign_key.pem.
-
ServiceNow
The MCP server supporting ServiceNow actions must be added to your AI client to enable the integration.
Example workflow: Create incident tickets when backup jobs fail.
-
AI client analyzes failed jobs in Commvault through MCP.
-
Identifies all failed jobs.
-
Creates ServiceNow tickets for each failure.
-
Confirms creation within your ServiceNow dashboard.
Use Cases
The following examples show common ways to use the Commvault MCP Server; actual use cases may vary by environment and integration.
-
Backup a DocuSign workload: The AI assistant can configure a plan, triggers backup, and set a weekly schedule.
-
Check SLA health: The AI assistant can retrieve SLA data and highlight missed targets.
-
Investigate failed jobs: The AI client runs job analysis and identifies failure causes through Commvault MCP.
-
Create incident tickets: Combine ServiceNow and Commvault MCPs to generate tickets through conversations.