# Domain Reservation Commands

### Overview <a href="#overview" id="overview"></a>

Keeper Commander provides domain management capabilities for enterprise administrators to reserve and manage domains. These commands allow Keeper Admin to claim domains for their enterprise, ensuring that user accounts with email addresses from these domains can only be created within the authorized enterprise.

**What's a Reserved Domain?** A reserved domain is a DNS domain (e.g. `company.com`) that has been registered to a specific Keeper enterprise tenant. Once reserved, only that enterprise can create accounts with email addresses from that domain, preventing unauthorized account creation.

{% hint style="info" %}
Domain Reservation APIs will be available in May 2026
{% endhint %}

***

### User Commands <a href="#user-commands" id="user-commands"></a>

#### Enterprise Administrator Commands <a href="#enterprise-administrator-commands" id="enterprise-administrator-commands"></a>

These commands are available to **Keeper Administrators** for managing enterprise domains:

* [`domain list`](#list-domains---list-reserved-domains) – View all reserved domains for your enterprise
* [`domain reserve`](#reserve-domain---reserve-and-manage-domains) – Reserve and remove domains from your enterprise
* [`domain alias list`](#domain-reservation-workflow-1) – View all domain aliases for your enterprise
* [`domain alias create`](#domain-alias-create-create-a-domain-alias) – Create a domain alias for your enterprise
* [`domain alias delete`](#domain-alias-delete-delete-a-domain-alias) – Delete a domain alias for your enterprise

***

### Terminology <a href="#terminology" id="terminology"></a>

The table below describes domain management terminology used in Keeper's platform.

| Terminology             | Description                                                                                                                                            |
| ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ |
| **Reserved Domain**     | A DNS domain that has been verified and claimed by an enterprise. Only this enterprise can create user accounts with email addresses from this domain. |
| **Domain Verification** | The process of proving domain ownership by adding a DNS TXT record containing a Keeper-provided token.                                                 |
| **Verification Token**  | A unique string generated by Keeper that must be added to your domain's DNS TXT records to prove ownership.                                            |
| **Domain Alias**        | An additional domain name mapped to an existing reserved domain within the same enterprise.                                                            |
| **Enterprise Admin**    | The highest level of administrative access in Keeper Enterprise, required to manage reserved domains.                                                  |

***

### Domain Management Commands <a href="#domain-management-commands-1" id="domain-management-commands-1"></a>

<table><thead><tr><th width="206.10546875">Command</th><th>Alias</th><th>Action</th><th>Description</th><th>Permission</th></tr></thead><tbody><tr><td><a href="#list-domains---list-reserved-domains"><code>domain list</code></a></td><td><code>dl</code></td><td>-</td><td>List all reserved domains</td><td>Enterprise Admin</td></tr><tr><td><a href="#step-1-generate-verification-token"><code>domain reserve</code></a></td><td><code>dr</code></td><td><code>token</code></td><td>Generate verification token</td><td>Enterprise Admin</td></tr><tr><td><a href="#step-2-add-domain-after-verification"><code>domain reserve</code></a></td><td><code>dr</code></td><td><code>add</code></td><td>Add verified domain</td><td>Enterprise Admin</td></tr><tr><td><a href="#step-3-remove-reserved-domain"><code>domain reserve</code></a></td><td><code>dr</code></td><td><code>delete</code></td><td>Remove reserved domain</td><td>Enterprise Admin</td></tr><tr><td><a href="#domain-alias-list-list-domain-aliases"><code>domain alias list</code></a></td><td><code>dal</code></td><td>-</td><td>List all domain aliases</td><td>Enterprise Admin</td></tr><tr><td><a href="#domain-alias-create-create-a-domain-alias"><code>domain alias create</code></a></td><td><code>dac</code></td><td>-</td><td>Create a domain alias</td><td>Enterprise Admin</td></tr><tr><td><a href="#domain-alias-delete-delete-a-domain-alias"><code>domain alias delete</code></a></td><td><code>dad</code></td><td>-</td><td>Delete a domain alias</td><td>Enterprise Admin</td></tr></tbody></table>

#### `domain list` - List Reserved Domains <a href="#list-domains---list-reserved-domains" id="list-domains---list-reserved-domains"></a>

Lists all domains currently reserved for your enterprise.

**Command Syntax**

```
domain list [--format=FORMAT] [--output=FILE]
```

**Alias:** `ld`

**Parameters**

* `--format`: Output format (`table` or `json`). Default: `table`
* `--output`: Output file name for exporting results

**Permission Required:** Enterprise Admin

**Examples**

**Example 1: Display reserved domains in table format**

```
My Vault> domain list
Domain Name
--------------------
example.com
company.com
enterprise.net
```

**Example 2: Display reserved domains as JSON**

```
My Vault> domain list --format=json
[
  "example.com",
  "company.com",
  "enterprise.net"
]
```

**Example 3: Save domain list to file**

```
My Vault> domain list --format=json --output=domains.json
Results saved to domains.json
```

**Example 4: Using alias command**

```
My Vault> dl
Domain Name
-------------
example.com
company.com
```

***

#### `domain reserve` - Reserve and Manage Domains <a href="#reserve-domain---reserve-and-manage-domains" id="reserve-domain---reserve-and-manage-domains"></a>

Reserve, verify, or remove domains from your enterprise. This command supports a three-step workflow for domain verification.

**Command Syntax**

```
domain reserve --action=ACTION --domain=DOMAIN
```

**Alias:** `dr`

**Parameters**

* `--action`: Required. Action to perform:
  * `token` – Generate verification token for DNS
  * `add` – Add domain after DNS verification
  * `delete` – Remove reserved domain
* `--domain`: Required. The domain name to manage (e.g., `example.com`)

**Permission Required:** Enterprise Admin

***

### Domain Reservation Workflow <a href="#domain-reservation-workflow" id="domain-reservation-workflow"></a>

#### Step 1: Generate Verification Token <a href="#step-1-generate-verification-token" id="step-1-generate-verification-token"></a>

Generate a DNS verification token for your domain.

**Command Syntax**

```
domain reserve --action token --domain DOMAIN
```

**Examples**

**Example 1: Generate token for domain**

```
My Vault> domain reserve --action token --domain example.com

Token generated successfully!

Domain: example.com
Token:  abc123def456ghi789

Next steps:
1. Log into your domain registrar or DNS provider
2. Add a TXT record for domain "example.com" with value:
   abc123def456ghi789
3. Wait for DNS propagation (may take a few minutes)
4. Run: domain reserve --action add --domain example.com
```

#### Step 2: Add Domain After Verification <a href="#step-2-add-domain-after-verification" id="step-2-add-domain-after-verification"></a>

After adding the TXT record to your DNS, verify and reserve the domain.

**Command Syntax**

```
domain reserve --action add --domain DOMAIN
```

**Examples**

**Example 1: Add verified domain**

```
My Vault> domain reserve --action add --domain example.com
Domain "example.com" has been reserved for the enterprise
```

#### Step 3: Remove Reserved Domain <a href="#step-3-remove-reserved-domain" id="step-3-remove-reserved-domain"></a>

Remove a domain from your enterprise's reserved list.

**Optional Parameters**

* `--force` : for skip confirmation prompt

**Command Syntax**

```
domain reserve --action delete --domain DOMAIN --force
```

**Examples**

**Example 1: Remove domain with --force flag (for skip confirmation prompt)**

```
My Vault> domain reserve --action delete --domain old-company.com --force
Domain "old-company.com" has been removed from the enterprise
```

**Example 2: Remove domain without --force flag**

```
My Vault> domain reserve --action delete --domain old-company.com
Are you sure you want to delete domain "old-company.com"? (y/n): y
Domain "old-company.com" has been removed from the enterprise
```

***

### Domain Alias Commands <a href="#domain-reservation-workflow" id="domain-reservation-workflow"></a>

A domain alias is an additional domain name mapped to an existing reserved domain in your enterprise. Aliases allow accounts from multiple domains to be associated with the same enterprise without separately reserving each one.

The primary domain must already be reserved by the enterprise before an alias can be created. Requires Enterprise Admin with "Manage Users" permission.

#### **`domain alias list` - List Domain Aliases**

Lists all domain aliases currently configured for your enterprise.

**Command Syntax**

```
domain alias list [--format=FORMAT] [--output=FILE]
```

**Alias:** `dal`

**Parameters**

* `--format`: Output format (`table` or `json`). Default: `table`
* `--output`: Output file name for exporting results

**Permission Required:** Enterprise Admin

**Examples**

**Example 1: List aliases in table format**

```
My Vault> domain alias list
Domain        Alias
----------    --------------------
example.com   alias1.com
example.com   alias2.net
```

**Example 2: List aliases as JSON**

```
My Vault> domain alias list --format=json
[
  { "domain": "example.com", "alias": "alias1.com" },
  { "domain": "example.com", "alias": "alias2.net" }
]
```

**Example 3: Using alias command**

```
My Vault> dal
Domain        Alias
----------    --------------------
example.com   alias1.com
```

***

#### **`domain alias create` - Create a Domain Alias**

Creates one or more aliases for a domain already reserved by your enterprise. Repeat `--alias` to create multiple aliases in a single command.

**Command Syntax**

```
domain alias create --domain=DOMAIN --alias=ALIAS [--alias=ALIAS ...] [--format=FORMAT]
```

**Alias:** `dac`

**Parameters**

* `--domain`: Required. The reserved domain to create an alias for
* `--alias`: Required. Alias to create (can be repeated for multiple)
* `--format`: Output format (`text` or `json`). Default: `text`

**Permission Required:** Enterprise Admin

**Examples**

**Example 1: Create domain alias**

```
My Vault> domain alias create --domain example.com --alias alias1.com
Created domain alias 'alias1.com' for domain 'example.com'
```

**Example 3: JSON output**

```
My Vault> domain alias create --domain example.com --alias alias1.com --format json
[
  {
    "domain": "example.com",
    "alias": "alias1.com",
    "status": 0,
    "status_message": "Success"
  }
]
```

***

#### **`domain alias delete` - Delete a Domain Alias**

Remove one or more aliases from a reserved domain. A confirmation prompt is shown by default.

**Command Syntax**

```
domain alias delete --domain=DOMAIN --alias=ALIAS [--alias=ALIAS ...] [--format=FORMAT] [--force]
```

**Alias:** `dad`

**Parameters**

* `--domain`: Required. The domain whose alias(es) to delete
* `--alias`: Required. Alias to delete (can be repeated for multiple)
* `--format`: Output format (`text` or `json`). Default: `text`
* `--force`: Skip confirmation prompt

**Permission Required:** Enterprise Admin

**Examples**

**Example 1: Delete an alias with confirmation prompt**

```
My Vault> domain alias delete --domain example.com --alias alias1.com
Are you sure you want to delete alias(es) [alias1.com] for domain "example.com"? (y/N): y
Deleted domain alias 'alias1.com' for domain 'example.com'
```

**Example 2: Delete an alias without confirmation**

```
My Vault> domain alias delete --domain example.com --alias alias1.com --force
Deleted domain alias 'alias1.com' for domain 'example.com'
```

***

### DNS Configuration Guide <a href="#dns-configuration-guide" id="dns-configuration-guide"></a>

#### Adding TXT Record for Domain Verification <a href="#adding-txt-record-for-domain-verification" id="adding-txt-record-for-domain-verification"></a>

**Step-by-Step Process**

1. **Generate Token**

   ```
   domain reserve --action token --domain example.com
   ```
2. **Access DNS Provider**
   * Log into your domain registrar or DNS hosting provider (e.g., GoDaddy, Cloudflare, Route53, Namecheap)
3. **Add TXT Record**
   * **Record Type:** TXT
   * **Host/Name:** `example.com`
   * **Value:** `abc123def456ghi789` (use your actual token)
4. **Add Domain**

   ```
   domain reserve --action add --domain example.com
   ```

***

### Complete Workflow Example <a href="#complete-workflow-example" id="complete-workflow-example"></a>

Here's a complete example of reserving a new domain:

```
# Step 1: List current domains
My Vault> domain list
Domain Name
-------------
company.com

# Step 2: Generate token for new domain
My Vault> domain reserve --action token --domain newacquisition.com

Token generated successfully!

Domain: newacquisition.com
Token:  def789ghi123jkl456

Next steps:
1. Log into your domain registrar or DNS provider
2. Add a TXT record for domain "newacquisition.com" with value:
   def789ghi123jkl456
3. Wait for DNS propagation (may take a few minutes)
4. Run: domain reserve --action add --domain newacquisition.com

# Step 3: [User adds TXT record to DNS]

# Step 4: Add domain after verification
My Vault> domain reserve --action add --domain newacquisition.com --force
Domain "newacquisition.com" has been reserved for the enterprise

# Step 5: Verify the domain was added
My Vault> domain list
Domain Name
------------
company.com
newacquisition.com
```

***

For more information about Keeper Commander, visit the [Commander CLI Documentation](https://docs.keeper.io/keeperpam/commander-cli).