Commvault
Interact with Commvault software to access job details, security posture, and SLA status of the commcell.
Documentation
Commvault MCP Server
A Model Context Protocol (MCP) server for seamless integration with Commvault environments. This server enables AI agents to securely access and manage job details, commcell metrics, client and storage information, user permissions, plan configurations, and backup schedules.
Features
The Commvault MCP Server enables seamless integration with Commvault environments, offering the following:
| Category | Features |
|---|---|
| Job Management | • View job details and history • Control jobs (suspend, resume, resubmit, kill) • Monitor job status and performance |
| Commcell Management | • Retrieve SLA status and compliance • View security posture and scores • Access storage space utilization metrics • Get commcell details and entity counts |
| Client Management | • Access client groups and client information • Manage subclients and client properties • View client associations |
| Storage Management | • View storage policies and configurations • Access storage pool information • Monitor storage resources |
| User Management | • List users and user groups • Access security associations |
| Plan Management | • View plan configurations and details • Access plan components and settings |
| Schedule Management | • Access backup schedules • View schedule configurations • Monitor schedule performance |
| DocuSign Integration | • Setup Docusign Vault & Workflow • Backup envelopes to Commvault S3 vault • List & restore DocuSign envelope backups |
| Salesforce Integration | • Resolve Salesforce org ID to Commvault client • Browse backed-up Salesforce object records from latest snapshot • Filter records with optional WHERE-clause queries • Paginated access to large record sets |
Prerequisites
Before running the Commvault MCP Server, ensure the following requirements are met:
1. Python Environment
- Python 3.11 or higher
uvpackage manager (used for dependency management and running the server)
2. Authentication & Security Configuration
The Commvault MCP Server supports two authentication methods:
Option 1: OAuth Authentication
Note: OAuth authentication is only supported for Commvault environments running SP42 CU 27 and above. OAuth must be properly configured in the CommServe before using this option.
When using OAuth authentication, you'll need:
- Discovery Endpoint URL: The OAuth discovery/metadata endpoint
- Client ID: Your OAuth application's client identifier
- Client Secret: Your OAuth application's client secret
- Required Scopes: Required OAuth scopes
- Base URL: Base URL of the MCP Server
Important: The redirect URI must be set to
OAUTH_BASE_URL/auth/callbackin your OAuth provider's app/client configuration.
Option 2: Traditional Token-Based Authentication
The following values will be collected during the setup process:
-
Commvault Access Credentials: You need a valid
access_tokenandrefresh_tokento authenticate with the Commvault API. Learn how to generate these tokens here: Creating an Access Token – Commvault Docs -
Secret Key: This secret must be included by the MCP Client in the
Authorizationheader of all tool requests. It acts as a security layer for tool access in remote server. You can set your own.
Important: When using traditional token-based authentication, the setup script requires a secure, OS-native keyring backend to store sensitive credentials securely. Only secure backends are allowed for security reasons.
Running multiple MCP servers on the same host? The OS keyring is per-user, so by default every install writes to the same keyring slots and the most recent
setup.pyrun overwrites the previous install's credentials. Set a uniqueMCP_INSTANCE_IDper install — see Running Multiple Instances on the Same Host under Additional Configuration.
Supported Secure Backends by Platform
| Platform | Supported Backends | Description |
|---|---|---|
| Windows | WinVaultKeyring, WinCredentialStore | Uses Windows Credential Manager (Windows Vault) for secure storage |
| macOS | macOS Keyring | Uses the native macOS Keychain for secure storage |
| Linux | SecretService (GNOME), KWallet (KDE) | Uses Freedesktop Secret Service API (GNOME) or KWallet (KDE) for secure storage |
Setup
1. Clone the repository
git clone https://github.com/Commvault/commvault-mcp-server.git
cd commvault-mcp-server
2. Run the Setup Script
The setup script will guide you through configuration options including:
- Metallic or on-premise deployment — for Metallic setups, the gateway URL is configured automatically
- Transport mode (stdio, streamable-http, or sse)
- Server connection details (for remote modes)
- Authentication method (traditional tokens or OAuth)
- OAuth configuration (if selected)
- Secure token storage
uv run setup.py
Metallic (Cloud) Setup
When prompted "Is this a Metallic setup?", select yes. The setup script will automatically configure:
- Gateway URL:
https://api.metallic.io
No additional configuration is needed for the server URL; all other setup steps (transport mode, authentication, etc.) proceed as normal.
3. Start the MCP Server
uv run -m src.server
Secure Production Deployment
For production deployments, it is recommended to use a reverse proxy with TLS/HTTPS and security headers. The MCP server should bind to 127.0.0.1 (localhost only) to prevent direct public access.
Quick Setup
- Configure MCP Server for localhost: Set
MCP_HOST=127.0.0.1in your.envfile - Install reverse proxy: Choose nginx or Caddy
- Configure TLS: Use Let's Encrypt for automatic certificate management
- Add security headers: Configure OWASP-recommended headers (HSTS, X-Frame-Options, CSP, etc.)
- Update client config: Use
https://your-domain.com/mcpinstead ofhttp://HOST:PORT/mcp
Running with Docker
The Docker image runs the server in OAuth mode only.
Prerequisites: Docker installed, and a Commvault environment running SP42 CU 27 or above with OAuth configured.
1. Generate a .env file
Run the interactive setup script on your host machine. When prompted for the authentication method, select OAuth.
uv run setup.py
This produces a .env file with all required variables, including the OAuth endpoints and credentials.
2. Build the image
docker build -t commvault-mcp-server .
3. Run the container
Pass the generated .env file to the container at runtime:
docker run --rm -p 9090:9090 --env-file .env commvault-mcp-server
Configuring Clients
Note:
npxis required while using Token-Based Authentication. You can get it by installing Node.js which includesnpxby default.
While using OAuth
Refer to your AI client’s documentation for integration steps. For example, Claude requires specifying a server name and the MCP server URL in its connector configuration.
Remote MCP Server (Streamable HTTP / SSE)
{
"mcpServers": {
"Commvault": {
"command": "npx",
"args": ["mcp-remote", "HOST:PORT/mcp", "--header", "Authorization: <secret stored in server keyring>"]
}
}
}
Remote MCP Server (Client on Windows)
{
"mcpServers": {
"Commvault": {
"command": "cmd",
"args": ["/c", "npx", "mcp-remote", "HOST:PORT/mcp", "--header", "Authorization: <secret stored in server keyring>"]
}
}
}
Remote MCP Server (HTTP)
{
"mcpServers": {
"Commvault": {
"command": "npx",
"args": ["mcp-remote", "HOST:PORT/mcp", "--header", "Authorization: <secret stored in server keyring>", "--allow-http"]
}
}
}
Local MCP Server (STDIO) - Unix
{
"mcpServers": {
"Commvault": {
"command": "C:\\YOUR\\PATH\\TO\\commvault-mcp-server\\.venv\\bin\\python",
"args": [
"C:\\YOUR\\PATH\\TO\\commvault-mcp-server\\src\\server.py"
]
}
}
}
Local MCP Server (STDIO) - Windows
{
"mcpServers": {
"Commvault": {
"command": "C:\\YOUR\\PATH\\TO\\commvault-mcp-server\\.venv\\Scripts\\python.exe",
"args": [
"C:\\YOUR\\PATH\\TO\\commvault-mcp-server\\src\\server.py"
]
}
}
}
Additional Configuration
Note: These are optional configurations that extend the MCP server's capabilities.
Running Multiple Instances on the Same Host
The OS keyring used to store the server secret and Commvault API tokens is per-user. By default every install of the MCP server on a given host writes to the same keyring entries under the service name commvault-mcp-server. If you run two or more MCP server installs under the same OS user, each rerun of setup.py silently overwrites the other instances' credentials, which typically surfaces as a 401 Invalid token after a restart or reboot of the unaffected instance.
To run multiple MCP server instances on the same host under the same OS user, set a unique MCP_INSTANCE_ID per install. The setup script prompts for it at the start; you can also set it directly in each install's .env:
# Instance A's .env
MCP_INSTANCE_ID=prod
# Instance B's .env
MCP_INSTANCE_ID=dr
With an instance ID set, the keyring service name becomes commvault-mcp-server:<MCP_INSTANCE_ID>, isolating each install's server_secret, server_secret_expiry, access_token, and refresh_token.
Rules and notes
- Allowed characters: letters, digits,
.,-,_(max 32 chars). - Leaving
MCP_INSTANCE_IDunset (or setting it todefault) preserves the original behaviour and reuses the existingcommvault-mcp-serverkeyring entries, so existing single-instance installs do not need to do anything. - Each install should still live in its own directory with its own
.envso transport mode, port,CC_SERVER_URL, etc. don't collide. The instance ID only namespaces the keyring. - After changing
MCP_INSTANCE_IDfor an existing install, rerunuv run setup.pyso the secret and tokens are written under the new namespaced service name. - Alternative isolation strategies that also work: run each instance under a dedicated OS user, or in its own host/VM/container.
Trusted Proxy Configuration
When deployed behind a reverse proxy or load balancer, configure TRUSTED_PROXY_IPS environment variable with comma-separated proxy IP addresses to enable per-client rate limiting using the X-Forwarded-For header. For example:
export TRUSTED_PROXY_IPS="10.0.0.1,10.0.0.2,192.168.1.100"
Salesforce Backup Integration
The Salesforce integration enables browsing of backed-up Salesforce records stored in Commvault. It provides two tools:
| Tool | Description |
|---|---|
get_salesforce_client | Resolves a Salesforce Organisation ID (15- or 18-character) to the corresponding Commvault clientId |
get_salesforce_records | Fetches backed-up records for a Salesforce object (e.g. Account, Contact, Opportunity) from the latest backup snapshot |
Prerequisites
- Environment Variable: Set
ENABLE_SALESFORCE_TOOLS=truein your environment - Commvault Salesforce Backup: At least one Salesforce organisation must be configured and backed up in Commvault
Usage Example
To browse backed-up Account records for a Salesforce org:
Get all backed-up Account records for Salesforce org 00D2w000005mBCpEAM
The tool will automatically resolve the org ID to a Commvault client and return the latest backed-up records.
Parameters for get_salesforce_records
| Parameter | Required | Description |
|---|---|---|
salesforce_org_id | Yes | Salesforce Organisation ID (15 or 18 characters) |
object_name | Yes | Salesforce API object name (e.g. Account, Contact) |
limit | No | Max records to return (default 50, max 1000) |
offset | No | Pagination offset (default 0) |
free_query | No | Optional WHERE-clause filter (e.g. "Name = 'Acme'") |
DocuSign Backup Integration
The DocuSign backup integration enables backup of completed DocuSign envelopes to a Commvault S3 vault. This integration provides comprehensive document management capabilities including backup, listing, and restore operations.
Prerequisites
- Environment Variable: Set
ENABLE_DOCUSIGN_TOOLS=truein your environment - Commvault S3 Vault: Configure an S3 endpoint in Commvault
- Learn more: Getting Started with S3 Vault
- DocuSign API Access: Valid DocuSign integration credentials
Configuration Files
Create the following files in the config/ directory:
1. DocuSign Configuration (docusign_config.json)
Based on the template file config/docusign_config_template.json:
{
"docusign": {
"integrationKey": "YOUR_INTEGRATION_KEY_HERE",
"userId": "YOUR_USER_ID_HERE",
"authServer": "account-d.docusign.com",
"scopes": "signature impersonation",
"basePath": "https://demo.docusign.net/restapi"
},
"fromDate": "2024-07-01T00:00:00Z"
}
2. DocuSign Private Key (docusign_key.pem)
Place your DocuSign private key file in the config/ directory as docusign_key.pem.
Note on LiteLLM
We do not recommend using LiteLLM as an MCP client. LiteLLM's per-turn session lifecycle triggers cosmetic ClosedResourceError tracebacks in the server terminal due to a race condition in the upstream mcp Python SDK — these are harmless but noisy.
Security Considerations
Multi-Server Trust Boundary (Tool Poisoning & Tool Shadowing)
The MCP protocol enforces no isolation between servers that share a single agent session. Any other MCP server running in the same session as the Commvault MCP has the practical ability to influence the agent's reasoning about Commvault operations, even without direct access to CommServe or any privileges against it.
Two attack paths follow from this architectural property:
- Tool Poisoning — A malicious server's tool description coerces the agent to read the operator's stored Commvault auth token from host-side storage (e.g.
~/.claude.json, a project-level.mcp.json, or the OS keychain entry forcommvault-mcp-server) and pass the token value as a parameter to an attacker-controlled tool, which then exfiltrates it. - Tool Shadowing — A malicious server's tool description names Commvault tool identifiers (e.g.
kill_job,disable_schedule,set_user_enabled) and instructs the agent to perform additional or modified Commvault operations whenever the operator legitimately invokes those tools. The Commvault MCP itself is the actor in these calls; its code and responses are not corrupted. The corruption lives in the agent's reasoning, induced by the third-party server's metadata.
Neither path requires any defect in the Commvault MCP Server code. Both are properties of the MCP architecture as currently specified.
Recommendations for operators:
- Install only first-party or independently audited MCP servers in agent sessions that include Commvault tools.
- Where feasible, use an isolated agent session in which the Commvault MCP is the only integration.
- Where isolation is not feasible, restrict the agent's general filesystem and outbound-network tool capabilities for the duration of the session.
Credential Hygiene
- Use short-lived access tokens with explicit refresh rather than long-lived bearer tokens. A bounded token lifetime limits the window during which an exfiltrated credential remains usable, and rotation invalidates leaked tokens before an attacker can act on them.
- Restrict outbound traffic from the MCP host. Where your environment supports it, apply a network policy that limits outbound HTTP/HTTPS from the host running the MCP server to a documented allowlist. Unexpected outbound calls from an MCP host are the principal exfiltration channel for this class of attack and the most reliable detection signal.
Contributing
- We're continuing to add more functionality to this MCP server. If you'd like to leave feedback, file a bug or provide a feature request, please open an issue on this repository.
- Pull requests are welcome! For major changes, please open an issue first to discuss what you would like to change.
License
This project is licensed under the Apache License. See the LICENSE file for details.