Teradata MCP Server

How to use

You interact with the Teradata MCP Server through an MCP client. The server exposes a set of tools for querying data, inspecting schemas, and performing basic analytics. To get started, configure a client to connect using the server’s runtime command, then issue operations like running SELECT queries, listing databases and tables, or analyzing data quality and distribution across your Teradata environment.

How to install

Prerequisites: you need a machine with Node.js tooling compatible with the MCP runtime, or the MCP runtime environment used by the server (for example UV-based tooling). Ensure you have network access to Teradata and any identity provider you plan to use for OAuth 2.1 authentication.

# Basic setup (no authentication)
# Start by ensuring you have the MCP runtime available
# The following example uses the MCP runtime to run the Teradata MCP server with a Teradata connection string
uv install
uv run teradata-mcp teradatasql://user:password@host/database

# OAuth-enabled setup (requires Keycloak and OAuth config)
cp .env.example .env
# Edit .env to enable OAuth and provide Keycloak details, then run:
uv run teradata-mcp teradatasql://user:password@host/database

Additional configuration and usage notes

OAuth 2.1 is enabled to secure access to Teradata resources. You can configure Keycloak integration, define resource server URLs, and specify required scopes to enforce fine-grained permissions. The server supports token validation via JWKS endpoints, token introspection for opaque tokens, and RFC 9728 compliant protected resource metadata.

Transport compatibility covers multiple MCP transports. OAuth endpoints are available through the SSE and Streamable HTTP transports, while the Stdio transport authenticates via environment settings. Discovery endpoints provide information about protected resources, server capabilities, and health status.

{
  "mcpServers": {
    "teradata": {
      "type": "stdio",
      "name": "teradata",
      "command": "uv",
      "args": [
        "run",
        "teradata-mcp",
        "teradatasql://user:password@host/database"
      ],
      "env": {
        "DATABASE_URI": "teradatasql://user:password@host/database",
        "OAUTH_ENABLED": "true",
        "KEYCLOAK_URL": "https://your-keycloak.example.com",
        "KEYCLOAK_REALM": "teradata-realm",
        "KEYCLOAK_CLIENT_ID": "teradata-mcp",
        "KEYCLOAK_CLIENT_SECRET": "your-client-secret",
        "OAUTH_RESOURCE_SERVER_URL": "https://your-mcp-server.example.com"
      }
    }
  }
}

Security and troubleshooting

Follow security best practices to protect credentials and tokens. Always use HTTPS in production, manage client secrets securely, and assign only the required scopes to clients. Monitor access logs and implement proper token refresh for long-running applications.

If you encounter issues, verify the OAuth configuration, test Keycloak connectivity, and check the MCP server health endpoint. Review the DATABASE_URI format, network connectivity to Teradata, and credential correctness. Retries for database connections are configured to improve reliability.

query

Execute SELECT queries to read data from the database with required scopes teradata:query and teradata:read, returning results as an array of objects.

list_db

List all databases in the Teradata system with read access (teradata:read). Returns a list of databases.

list_tables

List objects within a database; requires teradata:read and accepts a db_name input.

show_tables_details

Show detailed information about a table’s columns and data types; requires teradata:read and accepts table_name and db_name inputs.

list_missing_values

List top features with missing values in a table; requires teradata:read.

list_negative_values

List features with negative values in a table; requires teradata:read.

list_distinct_values

List the number of distinct values for a column in a table; requires teradata:read.

standard_deviation

Compute mean and standard deviation for a column in a table; requires teradata:read.