Email Configuration Commands
Manage email provider configurations for sending one-time shares and notifications.
Overview
The email-config command manages email provider configurations used for sending one-time share links and notifications directly from Commander. Configurations are stored encrypted in your Keeper vault. By sending secure emails through Commander, zero knowledge is preserved and Keeper's backend servers have no access to the content.
Supported Providers:
SMTP - Available on all installations (binary, pip, pip with [email])
SendGrid - Only available with
pip install keepercommander[email]AWS SES - Only available with
pip install keepercommander[email]Gmail OAuth - Only available with
pip install keepercommander[email]Microsoft OAuth - Only available with
pip install keepercommander[email]
Note: Binary installations and basic pip installations pip install keepercommander only support SMTP.
Use Cases
The email configuration is used when sending emails directly from Commander, using the customer's configured email provider instead of sending the email through Keeper's servers. Use cases where this is applicable include:
Sending one-time share links with the record-add command
Rotating a password and sending a one-time share with the pam action rotate command
Automating the rotation and delivery of new employee credentials with the credential-provision command
Email Configuration Commands
email-config create
Command: email-config create
Detail: Create a new email provider configuration. Configurations are stored encrypted in your Keeper vault and can be used with record-add and one-time-share commands.
Common Parameters:
--name <NAME>- Configuration name (required)--provider <PROVIDER>- Provider type:smtp,sendgrid,ses,gmail-oauth,microsoft-oauth(required)--from-address <EMAIL>- Sender email address (required)--from-name <NAME>- Sender display name (optional)
SMTP Provider Parameters:
--smtp-host <HOST>- SMTP server hostname--smtp-port <PORT>- SMTP server port (default: 587)--smtp-username <USERNAME>- SMTP username--smtp-password <PASSWORD>- SMTP password--smtp-use-tls|--smtp-no-tls- Enable / Disable TLS--smtp-use-ssl- Enable SSL
SendGrid Provider Parameters:
--sendgrid-api-key <KEY>- SendGrid API key
AWS SES Provider Parameters:
--aws-region <REGION>- AWS region (e.g., us-east-1)--aws-access-key <KEY>- AWS access key ID--aws-secret-key <SECRET>- AWS secret access key
OAuth Provider Parameters (Gmail and Microsoft):
--oauth-client-id <ID>- OAuth client ID--oauth-client-secret <SECRET>- OAuth client secret--oauth-tenant-id <ID>- Azure tenant ID (Microsoft only, use 'common' for multi-tenant)--oauth-port <PORT>- Local callback port (default: 8080)
OAuth Manual Token Parameters (Advanced):
--oauth-access-token <TOKEN>- Access token--oauth-refresh-token <TOKEN>- Refresh token--oauth-token-expiry <DATETIME>- Token expiry (ISO-8601 format)
Examples:
SMTP example uses Gmail's SMTP server with app password authentication. Use port 587 with "Use TLS" set to "true", or use port 465 with "Use SSL" set to "true".
SendGrid requires verified sender domain and API key
Gmail OAuth opens browser for authorization (tokens stored in vault)
Microsoft OAuth supports single and multi-tenant configurations
AWS SES requires IAM credentials with SES send permissions
email-config list
Command: email-config list
Detail: Display all configured email providers with their basic information.
Examples:
Output:
email-config test
Command: email-config test <NAME>
Detail: Test email configuration by verifying connection and authentication. Optionally send a test email.
Parameters:
<NAME>- Configuration name to test--send-to <EMAIL>- Send test email to specified address (optional)
Examples:
Output (connection test):
Output (with --send-to):
email-config delete
Command: email-config delete <NAME>
Detail: Delete an email configuration from your Keeper vault.
Parameters:
<NAME>- Configuration name to delete
Examples:
email-config update
Command: email-config update <NAME> [OPTIONS]
Detail: Update an existing email configuration. Accepts the same parameters as create command.
Parameters:
<NAME>- Configuration name to update[OPTIONS]- Same options ascreatecommand
Examples:
Using Email Configurations
Email configurations are used with commands that support email delivery.
With record-add:
Installation Requirements
Email provider support depends on installation method:
SMTP
✅
✅
✅
SendGrid
❌
❌
✅
AWS SES
❌
❌
✅
Gmail OAuth
❌
❌
✅
Microsoft OAuth
❌
❌
✅
Install with full email support:
OAuth Interactive Flow
When creating Gmail or Microsoft OAuth configurations without --oauth-access-token, Commander starts an interactive authorization flow:
Local web server starts on port 8080 (configurable with
--oauth-port)Browser opens to provider's authorization page
User logs in and authorizes application
Browser redirects to localhost with authorization code
Commander exchanges code for tokens
Tokens are encrypted and stored in Keeper vault
Token Management:
Access tokens expire after 1 hour
Commander automatically refreshes using refresh token
Refresh happens before sending email if token expired
Updated tokens saved to vault automatically
Troubleshooting
Error: "Provider is not available in the binary installation"
Binary installations only support SMTP. Switch to pip installation:
Error: "Missing required dependencies for provider"
Install with email extras:
Error: "Interactive OAuth flow is not available on binary installation"
Options:
Switch to pip installation (recommended)
Use SMTP provider instead
Provide OAuth tokens manually using
--oauth-access-token,--oauth-refresh-token,--oauth-token-expiry
Error: "Port 8080 already in use"
Use different port for OAuth callback:
Error: "email-config not found"
Configuration name doesn't exist. List available configs:
Last updated
Was this helpful?