Compliance command

Overview

This is the set of commands which we use related to sharing with user

Compliance Report

The compliance-report command allows administrators to generate compliance reports from the command line just as they would in the Keeper Admin Console. It provides visibility into record permissions by node, user, and record title, supports filtering by owned or shared records, and enables exporting the results to a file for auditing, analysis, or record-keeping purposes.

DotNet CLI

Command: Coming Soon

DotNet SDK

Function: Coming Soon

Power Commander

Command: Get-KeeperComplianceReport

Parameter

Description

-Format

table (default), json, or csv.

-Output

File path for json or csv. Not used for table.

-Username

Limit to records owned by listed enterprise email(s). Repeatable.

-Node

Limit to owners under the given enterprise node (and descendants, per resolution logic).

-JobTitle

Limit to owners whose job title matches (repeatable).

-Record

Filter by record UID or title pattern (wildcard). Repeatable.

-Team

Limit to records owned by members of the given team(s). Repeatable.

-Url

Keep records whose Login URL contains the given substring(s). Repeatable.

-Shared

Only shared records.

-DeletedItems

Only records in trash. Cannot be combined with -ActiveItems.

-ActiveItems

Only active (not in trash) records. Cannot be combined with -DeletedItems.

-Rebuild

Rebuild the in-session compliance cache from Keeper.

-NoRebuild

Use existing in-session cache when valid; build once if missing.

-NoCache

After the report, clear the in-session compliance cache.

-Aging

Add aging columns from audit data: Created, Last Password Change, Last Modified, Last Rotation (extra API work; uses a separate aging cache with a one-day TTL per record).

Example:

PS > Get-KeeperComplianceReport -Username [email protected]


record_uid             title           type  username                         permissions                  url          in_trash shared_folder_uid
----------             -----           ----  --------                         -----------                  ---          -------- -----------------
MHNV99kNkUmIN6FCWmRfeg Facebook              [email protected]                 owner,edit,share,share_admin facebook.com    False sQ8XAqyz_6i6yGHrgbbpjw
rM9REkN_YGeogYUbgRxFeg Twitter               [email protected]                 owner,edit,share,share_admin twitter.com     False nk41p6S-nVH8I-vYPwM4mg
rnGPMp4bHsgrinfJj2JlSA n                     [email protected]                 owner,edit,share,share_admin                 False
wN-a2c22g2NQxJleVlatbw Audit Log: JSON login [email protected]                 owner,edit,share,share_admin                 False
xRJRlK36SFaaVEoTfesadw Twitter               [email protected]                 owner,edit,share,share_admin twitter.com     False
zsaOU8Rusa6C05EVEC-wCQ a1              login [email protected]                 owner,edit,share,share_admin                 False xI8S-WbmUfbP5Q5AZ6C4Tg

Python CLI

Command: compliance report

Flags:

--format : Format of output {table,csv,json}. --output : Output path to resulting output file (ignored for "table" format). --rebuild, -r : rebuild local data from source. --no-rebuild, -nr : prevent remote data fetching if local cache present. --no-cache, -nc : remove any local non-memory storage of data after report is generated. --node : Node ID or name of node (defaults to root node). --regex : Allow use of regular expressions in search criteria. --username, -u : Username user(s) whose records are to be included in report. --job-title, -jt : JOB_TITLE job title(s) of users whose records are to be included in report. --team : Team name or UID of team(s) whose members' records are to be included in report. --record : Record UID or title of record(s) to include in report. --url URL : URL of record(s) to include in report. --shared : Show shared records only. --deleted-items : Show deleted records only. --active-items : Show active records only.

Example:

My Vault> compliace report

Record UID              Title                                               Record Type              Username                                 Permissions                   URL                                              In Trash    Shared Folder UID
----------------------  --------------------------------------------------  -----------------------  ---------------------------------------  ----------------------------  -----------------------------------------------  ----------  ----------------------
0PrTTeT6kvFiX26iT44LXA  L                                                   login                    [email protected]                  owner,edit,share,share_admin                                                   True
0Whot6iNYx9nIFNZu3QP1A  Gateway test - VNC Machine                          pamMachine               [email protected]              owner,edit,share,share_admin                                                   True
0hm9atvqJI5sHI61r1NJZQ  Facebook                                            login                    [email protected]          owner,edit,share,share_admin  facebook.com                                     False
0oPd6C358MuQT-GzOvlA8Q  Workflow - VNC Machine                              pamMachine               [email protected]              owner,edit,share,share_admin                                                   False       t5qV_CaToHs7sOFmyUdbaQ

Python SDK

Function:

def generate_default_report(self) -> List[ComplianceReportEntry]:

Compliance Team Report

Shared folders can be shared with both Keeper Teams and individual users. The compliance report provides visibility into shared folder access, allowing administrators to view the permissions and access levels that each team has to these shared folders.

DotNet CLI

Command: Coming Soon

DotNet SDK

Function: Coming Soon

Power Commander

Command: Get-KeeperComplianceTeamReport

Parameters

Parameter

Description

-Format

table (default), json, csv.

-Output

Path for json / csv (ignored for table).

-Node

Limit to owners under this enterprise node (and descendants per internal resolution).

-Team

Filter by team name or UID (repeatable).

-ShowTeamUsers

Add team_users: member emails for each team (comma-separated in table).

-Rebuild

Rebuild compliance cache.

-NoRebuild

Use cache when valid.

-NoCache

Clear compliance cache after completion.

Example:

PS > Get-KeeperComplianceTeamReport

team_name                   team_uid               node       shared_folder_name shared_folder_uid      permissions         records
---------                   --------               ----       ------------------ -----------------      -----------         -------
aas                         tgdrmPFRqbXCB9-pDNdupA 22_jan     H1                 my2whFiHJT4IaJGH31K4hg Can Share                 1
Terraform Developer         zGvmeHVgIc9OILmT4hf8RA 21_jan     H1                 my2whFiHJT4IaJGH31K4hg Can Share; Can Edit       1

Python CLI

Command: compliance team-report

Flags:

--format : Format of output {table,csv,json}. --output : Output path to resulting output file (ignored for "table" format). --rebuild, -r : Rebuild local data from source. --no-rebuild, -nr : Prevent remote data fetching if local cache present. --no-cache, -nc : Remove any local non-memory storage of data after report is generated. --node : Node ID or name of node (defaults to root node). --regex : Allow use of regular expressions in search criteria. --show-team-users, -tu : show all members of each team.

Example:

My Vault> compliance team-report 
                                                                                
Team Access Report

Team Name    Team UID    Shared Folder Name    Shared Folder UID    Permissions    Records
-----------  ----------  --------------------  -------------------  -------------  ---------

Python SDK

Function:

def generate_team_report(self) -> List[TeamReportEntry]:

Compliance Record Access Report

The compliance record-access report provides a list of all records that have either (a) been accessed by or (b) are currently accessible to specified user(s). The report also includes relevant event details such as the application used, IP address, timestamp, and other associated access information for auditing and compliance purposes.

DotNet CLI

Command: Coming Soon

DotNet SDK

Function: Coming Soon

Power Commander

Command: Get-KeeperComplianceRecordAccessReport

Parameters

Parameter

Description

-Email

Users to report on: enterprise email(s), numeric enterprise user ID(s), and @all. Repeat -Email for multiple values. If omitted, behaves as @all. Example -Email user1, user2...

-ReportType

history: audit-driven record access. vault: all vault records per user from the compliance snapshot, with audit fields when available.

-Format

table, json, or csv.

-Output

File path for json or csv export.

-Node

Optional. With Username / Team, limits which enterprise users are in scope (same semantics as other compliance reports).

-Username

Optional. Filter to specific enterprise user email(s).

-Team

Optional. Filter to members of the given team(s) (name or UID).

-Pattern

Optional. Wildcard filters (-like on each column). Cannot be used with PatternRegex (different parameter sets).

-PatternRegex

Optional. Regex filters on the tab‑joined row. Cannot be used with Pattern. example "login"

-Rebuild

Rebuild the in-session compliance snapshot cache from the server.

-NoRebuild

Prefer using an existing in-session cache when possible.

-NoCache

Clear the in-session compliance cache after the command finishes.

-Aging

Add aging columns: created, last_pw_change, last_modified, last_rotation.

Example:

PS > Get-KeeperComplianceRecordAccessReport -Format json -Aging

[
  {
    "vault_owner": "[email protected]",
    "record_uid": "yAgxq69uEhtJFsMZ9vqH3A",
    "record_title": "test server creds",
    "record_type": "serverCredentials",
    "record_url": "",
    "has_attachments": false,
    "in_trash": true,
    "record_owner": "[email protected]",
    "ip_address": "15.207.138.241",
    "device": "Example 17.1.9",
    "last_access": "2025-11-21T10:45:48+05:30",
    "created": "2025-11-21T10:44:55+05:30",
    "last_pw_change": null,
    "last_modified": "2025-11-21T10:45:48+05:30",
    "last_rotation": null
  },
  {
    "vault_owner": "[email protected]",
    "record_uid": "d4x9bfaAXQqFp9KSlHXBWQ",
    "record_title": "My Site Login",
    "record_type": "login",
    "record_url": "example.com/login",
    "has_attachments": false,
    "in_trash": false,
    "record_owner": "[email protected]",
    "ip_address": "10.0.12.33",
    "device": "Example 17.2.0",
    "last_access": "2026-03-27T11:37:39+05:30",
    "created": "2026-03-27T11:37:39+05:30",
    "last_pw_change": null,
    "last_modified": "2026-03-27T11:37:39+05:30",
    "last_rotation": null
  }
]

Python CLI

Command: compliance record-access-report

Flags:

--format : Format of output {table,csv,json}. --output : Output path to resulting output file (ignored for "table" format). --rebuild, -r : Rebuild local data from source. --no-rebuild, -nr : Prevent remote data fetching if local cache present. --no-cache, -nc : Remove any local non-memory storage of data after report is generated. --node : Node ID or name of node (defaults to root node). --regex : Allow use of regular expressions in search criteria. --username, -u : Username user(s) whose records are to be included in report. --email, -e : Email username(s) or ID(s), use "@all" for all users. --report-type : Type of record-access data: "history" or "vault" {history,vault}. --aging : Include record-aging data.

Example:

My Vault> compliance record-access-report
                                                                                
Record Access Report (history)

Vault Owner                        Record UID              Record Title                       Record Type              Record URL     Has Attachments    In Trash    Record Owner                       IP Address    Device            Last Access
---------------------------------  ----------------------  ---------------------------------  -----------------------  -------------  -----------------  ----------  ---------------------------------  ------------  ----------------  -------------------
[email protected]                 ZMwO7u9zJ9bpgmKHDND7WA  PAM Test - MySQL Database          pamDatabase                             False              False       a.test@example@example...          10.15.12.71   Web App 17.6.0    2026-02-12 12:16:13
[email protected]             2-_yTwwBwcKVU6NmmmShjg  PAM Test Dev - VNC Admin           pamUser                                 False              False       a.test@example@example...          10.15.12.71   Web App 17.6.0    2026-02-13 16:45:21
                                   2HnszgPlJ0sZ-tmfXPMglw  PAM Test Dev - RDP Admin           pamUser                                 False              False       a.test@example@example...          10.15.12.71   Web App 17.6.0    2026-02-13 16:45:23
                                   2fD3NGhYtxHlYMc3Q8byCw  Commander Service Mode             login                                   True               False       a.test@example@example...          10.15.11.145  Web App 17.4.1    2025-10-10 15:20:26
                                   6pQAU-fq-oF-fikPZm7wHQ  PAM Test Dev - SSH Machine wit...  pamMachine                              False              False       a.test@example@example...          10.15.12.71   Commander 17.2.0  2026-02-13 16:51:49

My Vault> compliance record-access-report --aging
                                                                                
Record Access Report (history)

Vault Owner                        Record UID              Record Title                       Record Type              Record URL     Has Attachments    In Trash    Record Owner                       IP Address    Device            Last Access          Created              Last Pw Change       Last Modified        Last Rotation
---------------------------------  ----------------------  ---------------------------------  -----------------------  -------------  -----------------  ----------  ---------------------------------  ------------  ----------------  -------------------  -------------------  -------------------  -------------------  ---------------
a.test@example                      ZMwO7u9zJ9bpgmKHDND7WA  PAM Test - MySQL Database          pamDatabase                             False              False       a.test@example@example...         10.15.12.71   Web App 17.6.0    2026-02-12 12:16:13  2026-02-12 01:15:33  2026-02-12 01:15:33  2026-02-12 21:45:39
a.mang@example                      2-_yTwwBwcKVU6NmmmShjg  PAM Test Dev - VNC Admin           pamUser                                 False              False       a.test@example@example...         10.15.12.71   Web App 17.6.0    2026-02-13 16:45:21  2026-02-13 16:45:21  2026-02-13 16:45:21  2026-02-13 16:45:21
                                   2HnszgPlJ0sZ-tmfXPMglw  PAM Test Dev - RDP Admin           pamUser                                 False              False        a.test@example@example...         10.15.12.71   Web App 17.6.0    2026-02-13 16:45:23  2026-02-13 16:45:23  2026-02-13 16:45:23  2026-02-13 16:45:23

Python SDK

Function:

def generate_record_access_report(self, report_type: str = REPORT_TYPE_HISTORY) -> List[RecordAccessReportEntry]:

Compliance Summary Report

The compliance summary report displays aggregated information about records within the enterprise, grouped by record owner by default. Support for grouping by additional entities may be added in future enhancements to this feature.

DotNet CLI

Command: Coming Soon

DotNet SDK

Function: Coming Soon

Power Commander

Command: Get-KeeperComplianceSummaryReport

Parameters

Parameter

Description

-Format

table, json, csv.

-Output

File path for json / csv.

-Node

Filter with node.

-Team

Limit to members of listed team(s).

-Rebuild / -NoRebuild / -NoCache

Same cache semantics as other compliance reports.

Example:

Get-KeeperComplianceSummaryReport


email                                  total_items total_owned active_owned deleted_owned
-----                                  ----------- ----------- ------------ -------------
[email protected]                               30          29           16            13
[email protected]                               12           6            4             2
[email protected]                                0           0            0             0

TOTAL                                                       35           20            15

Python CLI

Command: compliance summary-report

Flags:

Example:

My Vault> compliance summary-report --rebuild
                                                                                
Compliance Summary Report

Email                                      Total Items    Total Owned    Active Owned    Deleted Owned
---------------------------------------  -------------  -------------  --------------  ---------------
[email protected]                                29             26              26                0
[email protected]                        46             43              21               22
TOTAL                                              239            217             128               89

Python SDK

Function:

def generate_summary_report(self) -> List[SummaryReportEntry]:

Compliance Shared Folder Report

Similar to the compliance team-report command, this command generates a report detailing the access that all entities—both teams and individual users—have to all shared folders across the enterprise.

DotNet CLI

Command: Coming Soon

DotNet SDK

Function: Coming Soon

Power Commander

Command: Get-KeeperComplianceSharedFolderReport

Parameters

Parameter

Description

-Format

table, json, csv.

-Output

Output file for json / csv.

-Node

Limit owner scope for snapshot fetch.

-Team

Filter which folders appear: folder must match user and/or team filters (same pattern as team report).

-ShowTeamUsers (-tu)

Include team members in the email column as (TU)email.

-Rebuild / -NoRebuild / -NoCache

Cache control.

Example:


PS > Get-KeeperComplianceSharedFolderReport
WARNING: Failed to decrypt or parse compliance metadata for 2 record payload(s). Some title/type/url fields may be blank.


shared_folder_uid      team_uid                                       team_name                        record_uid                                                             record_title                                       email
-----------------      --------                                       ---------                        ----------                                                             ------------                                       -----
3T61yvsZqkXJT7LVdMo0mQ                                                                                 AlAK7SgW1JeQHw0ZN1oSRw, F2DwX0cdJU5HEiWMs89Lzw                         Service Mode Config, ship card Details             [email protected], [email protected], [email protected]
661n5hg7DBimuc6rsDWLNg                                                                                 Ly-ES_5h-ibzJ3fHgKIKtg                                                 AutoGenPass                                        [email protected], [email protected]
6T9c_-Tzbz2ss2vKMjPiyg                                                                                 Sh9OWEj3H-M3sKFrohM-mA                                                 test12345                                          [email protected]

Python CLI

Command: compliance shared-folder-report

Flags: --format : Format of output {table,csv,json}. --output : Output path to resulting output file (ignored for "table" format). --rebuild, -r : Rebuild local data from source. --no-rebuild, -nr : Prevent remote data fetching if local cache present. --no-cache, -nc : Remove any local non-memory storage of data after report is generated. --node : Node ID or name of node (defaults to root node). --regex : Allow use of regular expressions in search criteria. --show-team-users, -tu : Show all members of each team.

Example:

My Vault> compliance shared-folder-report --no-rebuild                                                                               
Shared Folder Report
Shared Folder UID       Team UID    Team Name    Record UID              Record Title                                        Email
----------------------  ----------  -----------  ----------------------  --------------------------------------------------  ----------------------------------
GJCmJHY9a05AzaPpsJivkA                           bV41wijyqUqpoxk4QBShVw  Test Configuration                                  [email protected]
                                                 XtxaE5xeF6E5_qpLtkKuMA  Test - MySQL Admin User
                                                 io74G1PolvKpeJ4o6rSFQA  Test - MySQL Rotation User
                                                 tiSBTPbX0l-LropVz_yOwA  Test - VNC Admin
                                                 rMcu4KrG7fPngpzOG0whig  Test - SSH Admin with Private Key
                                                 s9lDKvwGOT9xIwkhAeuxxg  Test - RDP User
                                                 AW9fRQkNVN1ud_SADgU2JA  Test - RDP Admin
                                                 VEP5gFHUFsZPNGzSjWaL0Q  Test - SSH Admin with Password
usvKj4LuyMqVqShQRip_Uw                           6pQAU-fq-oF-fikPZm7wHQ  PAM Test Dev - SSH Machine with Password Access     [email protected]
                                                 BwZWlg_2hdACmIh6_ZW3Qg  PAM Test Dev - RDP Machine
                                                 sCM-ej35HG1ZmmLu8bwUyw  PAM Test Dev - MySQL Database
                                                 OtR_D2g2pUCRg1yeoSR2Ww  PAM Test Dev - SSH Machine with Private Key Access
                                                 c-P7AHK38i-guOS5dT8tww  PAM Test Dev - Bing Remote Browser
                                                 76GpFaYlejEq2Mks7UKSoA  PAM Test Dev - VNC Machine

Python SDK

Function:

def generate_shared_folder_report(self) -> List[SharedFolderReportEntry]:

PreviousBreach Watch Report Command NextExternal Shares Report Command

Last updated 21 days ago

Was this helpful?

hashtagOverview

hashtagCompliance Report

hashtagCompliance Team Report

hashtagCompliance Record Access Report

hashtagCompliance Summary Report

hashtagCompliance Shared Folder Report

Overview

Compliance Report

Compliance Team Report

Compliance Record Access Report

Compliance Summary Report

Compliance Shared Folder Report