Wasabi Covert Copy with Commvault

  • Updated on Jan 14, 2026
  • Published on Jan 13, 2026
  • 4 minute(s) read
Prev Next

Commvault has been validated for use with Wasabi. Follow the steps below to configure Wasabi as a cloud storage target.

The data restoration process is handled by your specific backup software application. As there are many potential variables that will affect your unique environment, Wasabi strongly recommends that you seek the guidance of your backup software's technical support team in the event that you encounter difficulty or have application-specific inquiries.

This article describes the procedure to use Wasabi Covert Copy to protect a “Golden Copy” of Commvault backups for use in case of a disaster that affects other copies of backups.

Covert Copy is a static, one-time copy, not an ongoing replication.

Prerequisites

  • Commvault deployment installed and configured.

  • An active Wasabi storage account

  • Multi-Factor Authentication (MFA) is enabled for the Wasabi account root user. See MFA (Multi-Factor Authentication) for details on how to enable and use MFA on your account.

  • Multi-User Authentication (MUA) is enabled for the Wasabi account root user. See MUA (Multi-User Authentication) for details on how to enable and use MUA.

Configuring for Covert Copy

In order to create a covert copy, the source bucket must have versioning enabled. A lifecycle policy will need to configured to delete noncurrent versions of objects. Follow the steps below to create a version-enabled bucket and the required lifecycle policies.

  1. Log in to your Wasabi console and create a new bucket.

  1. Toggle Bucket Versioning on and continue through the prompts until you create the bucket.

  1. Once the bucket is created, navigate to Settings > Lifecycle and create a lifecycle policy as shown below.

  1. Follow the instructions in Configuring Wasabi as a Cloud Storage Target to configure Wasabi as a cloud storage target and perform backups per desired schedule.

Pausing Backups

Before you create a covert copy, disable future backup jobs to the cloud storage location.

  1. Log in to the Commvault Command Center and navigate to the cloud storage target created earlier. Click Backup Locations.

  1. In the Bucket section, select the Wasabi bucket.

  1. Under the Configuration section, move the slider to Disable backup location for future backups.

Creating a Covert Copy

  1. Log in to the Wasabi Console.

  2. Navigate to Buckets and search for the bucket created earlier. Click the three vertical dots next to the bucket.

  1. Click Covert Copy.

  1. Enter the region for the Covert Copy bucket. For the other settings, it is recommended to keep the default values as shown in the screenshot below. Click Next.

This configuration example discusses the use of Wasabi's us-central-1 storage region for the Covert Copy bucket. For a list of regions, see Available Storage Regions. The region must be in the same continent as the source bucket.

  1. Enter your MFA code on the next screen. Then, click Create Bucket.

  1. Move the slider to enable Show Covert Copy Buckets on your list of buckets. The Covert Copy Status will show In Progress until all objects in the source bucket have been copied to the Covert Copy bucket.

  1. There is no estimated time for how long the Covert Copy process will take, as there are many variables affecting it, such as how many objects are in the source bucket. It may take a significant amount of time. When the process is complete, the Covert Copy Status will show Covert Copy Completed.

Resuming Backups

Enable the Wasabi storage location for future backups. Log in to the Commvault Command Center and disable the setting, as shown below.

Restoring From the Covert Copy

Restoring from the covert copy will involve pausing your current backup activity as the Wasabi cloud storage target will need to be modified to point to the covert copy bucket.

  1. The root user must submit a Wasabi Support ticket by emailing Wasabi Support: support@wasabi.com. In the email, request Restore Mode and include the name of your Covert Copy bucket. After Wasabi Support enables Restore Mode, the Covert Copy bucket will be visible to Commvault and will allow a restore to be performed from backups in the bucket.

  2. Log in to the Commvault Command Center and navigate to the cloud storage target created earlier. Click Backup Locations.

  1. In the Bucket section, click on the Wasabi bucket.

  2. Under the Configuration section, move the slider to Disable backup location for future backups so backups are not written to the  covert copy bucket.

  1. Under Cloud access paths, click on the Wasabi bucket to edit the configuration.

  1. In the Edit cloud access path dialog box, change the following fields and click Save.

  • Service host—Enter the Service URL of the region where the covert copy bucket is located.

  • Bucket—Enter the name of the covert copy bucket.

  1. You will see the cloud storage location using the covert copy bucket.

  1. Navigate to Protect > Virtualization > Virtual machines and click on the desired VM.

  1. Select the desired recovery point and click Restore and follow the steps to restore the VM.

  1. After a successful restore, email Wasabi Support (support@wasabi.com) to request that Restore Mode be disabled for your Covert Copy bucket.

  2. When ready, follow the steps 2–6 to change the bucket configuration from the covert copy bucket to the original bucket.

  3. Resume the backup activity as detailed in Resuming Backups.

Refreshing Your Covert Copy

By default, your Covert Copy bucket will auto-renew its Object Lock retention period every 30 days. To keep your Golden Copy of data in line with your most recent backups, it is recommended to perform a new Covert Copy job every 30 days.

If you want to replace your old Covert Copy bucket with your new bucket, you will need to turn off Auto Renewal, as detailed Retention Period Settings.