PAM Rotation Info JSON

PAM Rotation Info — JSON Output

The pam rotation info command now supports --format json for machine-readable output, enabling use in CI/CD pipelines, declarative tooling, and scripts that consume rotation status programmatically.

Applies to: Keeper Commander 17.3+ (PR #2003, merged 2026-04-30)

Syntax

pam rotation info -r <record-uid> [--format table|json] [--output <file>]

Options

Option

Description

-r <uid>

UID of the PAM record to query rotation info for

--format table|json

Output format. Default: table

--output <file>

Write output to a file instead of stdout

Table output (default)

Standard human-readable output, unchanged from previous versions.

My Vault> pam rotation info -r a1b2c3d4
Status:           Online
Ready to rotate:  Yes
PAM Config UID:   f6e5d4c3...
Gateway:          prod-gateway-01
Schedule:         cron (0 3 * * *)
...

JSON output

When --format json is passed, the command returns a structured JSON object to stdout (or the file specified by --output).

My Vault> pam rotation info -r a1b2c3d4 --format json

Online status — full JSON schema

{
  "status": "Online",
  "ready_to_rotate": true,
  "pam_config_uid": "f6e5d4c3...",
  "node_id": 12345,
  "gateway_name": "prod-gateway-01",
  "gateway_uid": "9a8b7c6d...",
  "admin_resource_uid": "1a2b3c4d...",
  "password_complexity": 3,
  "password_complexity_detail": "12+ chars, upper, lower, digit, symbol",
  "schedule_type": "cron",
  "schedule_data": "0 3 * * *",
  "disabled": false,
  "script_name": null
}

Non-online status — minimal JSON schema

When the record is not reachable or not configured for rotation:

{
  "status": "Offline",
  "ready_to_rotate": false
}

JSON field reference

Field

Type

Description

status

string

Rotation gateway status (e.g. Online, Offline)

ready_to_rotate

boolean

Whether the record is ready for an immediate rotation

pam_config_uid

string

UID of the associated PAM configuration

node_id

integer

Enterprise node ID

gateway_name

string

Display name of the connected gateway

gateway_uid

string

UID of the connected gateway record

admin_resource_uid

string

UID of the admin credential used for rotation

password_complexity

integer

Complexity level (1–4)

password_complexity_detail

string

Human-readable complexity description

schedule_type

string

cron, interval, or manual

schedule_data

string

Schedule definition (cron expression or interval value)

disabled

boolean

Whether rotation is currently disabled on this record

script_name

string | null

Post-rotation script name, if configured

Examples

Write JSON to a file

My Vault> pam rotation info -r a1b2c3d4 --format json --output /tmp/rotation-status.json

Shell pipeline — check readiness

keeper pam rotation info -r a1b2c3d4 --format json \
  | python3 -c "import json,sys; d=json.load(sys.stdin); sys.exit(0 if d['ready_to_rotate'] else 1)"
echo "Exit: $?"

Audit all records in a folder (using `pam rotation info` per UID)

for uid in $(keeper pam project list --format json | jq -r '.[].uid'); do
  keeper pam rotation info -r "$uid" --format json >> /tmp/rotation-audit.jsonl
done

Notes

--format json is available on both pam rotation info (v2 router) and the legacy pam rotation info (v1 endpoint) — both return the same schema.
When --output is used with --format json, the file is written as pretty-printed JSON.
Table output is preserved unchanged; --format json is additive.

PreviousPAM Project Import/Export NextPAM Tunnel Non-Interactive Modes

Last updated 5 days ago

Was this helpful?

hashtagPAM Rotation Info — JSON Output

hashtagSyntax

hashtagOptions

hashtagTable output (default)

hashtagJSON output

hashtagOnline status — full JSON schema

hashtagNon-online status — minimal JSON schema

hashtagJSON field reference

hashtagExamples

hashtagWrite JSON to a file

hashtagShell pipeline — check readiness

hashtagAudit all records in a folder (using pam rotation info per UID)

hashtagNotes