Commander SDK for Python

Setup instructions for the Commander SDK for Python

Overview

The new Python SDK enables full integration with the Keeper platform, including Enterprise, Vault, and Admin operations, through the keepersdk library available on PyPI.

This SDK provides fully executable functions that can be accessed directly from Python, eliminating the need for any command-line wrappers or the Commander CLI itself.

Installation and Setup

Requirements

The system should have Python version 3.10 or newer

Create and Activate Virtual Environment

python3 -m venv venv
source venv/bin/activate

Install with PyPi

pip install keepersdk

Install from Source Code

Source Code - Clone the source code from the Github repository

git clone https://github.com/Keeper-Security/keeper-sdk-python.git
cd keeper-sdk-python

The "master" branch will mirror the production release. The "release" branch references the upcoming release. To optionally switch to the release branch:

git checkout release

Install Dependencies

cd keepersdk-package
pip install -r requirements.txt
pip install setuptools.py
python setup.py install

Requirement for Client

If you are accessing keepersdk from a new device, you need to ensure that there is a config.json file present. This ensures that the client source doesn't contain any hardcoded credentials.

Create the config.json file in the .keeper folder of the current user.

A sample showing the structure of the config.json needed is shown below:

{
  "users": [
    {
      "user": "[email protected]",
      "password":"yourpassword",
      "server": "keepersecurity.com",
      "last_device": {
        "device_token": ""
      }
    }
  ],
  "servers": [
    {
      "server": "keepersecurity.com",
      "server_key_id": 10
    }
  ],
  "devices": [
    {
      "device_token": "",
      "private_key": "",
      "server_info": [
        {
          "server": "keepersecurity.com",
          "clone_code": ""
        }
      ]
    }
  ],
  "last_login": "[email protected]",
  "last_server": "keepersecurity.com"
}

Create an Application

Create a .py file to act as a client to access the keepersdk and execute the vault and admin functions.

Sample code to list records has been shown below:

import sqlite3
import getpass

from keepersdk.authentication import login_auth, configuration, endpoint
from keepersdk.vault import sqlite_storage, vault_online, vault_record

# Initialize configuration and authentication context
config = configuration.JsonConfigurationStorage()
keeper_endpoint = endpoint.KeeperEndpoint(config)
login_auth_context = login_auth.LoginAuth(keeper_endpoint)

# Authenticate user
login_auth_context.login(config.get().users()[0].username, config.get().users()[0].password)

while not login_auth_context.login_step.is_final():
    if isinstance(login_auth_context.login_step, login_auth.LoginStepDeviceApproval):
        login_auth_context.login_step.send_push(login_auth.DeviceApprovalChannel.KeeperPush)
        print("Device approval request sent. Login to existing vault/console or ask admin to approve this device and then press return/enter to resume")
        input()
    elif isinstance(login_auth_context.login_step, login_auth.LoginStepPassword):
        password = getpass.getpass('Enter password: ')
        login_auth_context.login_step.verify_password(password)
    elif isinstance(login_auth_context.login_step, login_auth.LoginStepTwoFactor):
        channel = login_auth_context.login_step.get_channels()[0]
        code = getpass.getpass(f'Enter 2FA code for {channel.channel_name}: ')
        login_auth_context.login_step.send_code(channel.channel_uid, code)
    else:
        raise NotImplementedError()

# Check if login was successful
if isinstance(login_auth_context.login_step, login_auth.LoginStepConnected):
    # Obtain authenticated session
    keeper_auth = login_auth_context.login_step.take_keeper_auth()
    
    # Set up vault storage (using SQLite in-memory database)
    conn = sqlite3.Connection('file::memory:', uri=True)
    vault_storage = sqlite_storage.SqliteVaultStorage(
        lambda: conn,
        vault_owner=bytes(keeper_auth.auth_context.username, 'utf-8')
    )
    
    # Initialize vault and synchronize with Keeper servers
    vault = vault_online.VaultOnline(keeper_auth, vault_storage)
    vault.sync_down()
    
    # Access and display vault records
    print("Vault Records:")
    print("-" * 50)
    for record in vault.vault_data.records():
        print(f'Title: {record.title}')
        
        # Handle legacy (v2) records
        if record.version == 2:
            legacy_record = vault.vault_data.load_record(record.record_uid)
            if isinstance(legacy_record, vault_record.PasswordRecord):
                print(f'Username: {legacy_record.login}')
                print(f'URL: {legacy_record.link}')
        
        # Handle modern (v3+) records
        elif record.version >= 3:
            print(f'Record Type: {record.record_type}')
        
        print("-" * 50)
    vault.close()
    keeper_auth.close()

Documentation

The full Commander SDK documentation and references are below:

PreviousPython Developer SetupNextCommander CLI as SDK

Last updated

Was this helpful?