search

Terraform Provider for Commander

Terraform provider that interacts with Keeper Commander for tenant management

circle-exclamation

This integration is COMING SOON. ETA is March 2026

hashtag
About

Terraform Provider for Commander lets you manage Keeper Security enterprise and MSP configuration as infrastructure-as-code. The provider uses the Keeper Commander Service Mode REST API to manage your Keeper resources from Terraform, so you get declarative config, version control, and a clear audit trail while staying on Keeper’s zero-knowledge infrastructure. See Available resources and data sources for the full list.

hashtag
Features

  • Resources: Create and manage your Keeper resources from Terraform.

  • Import: Most resources support import state so you can bring existing keeper resources under Terraform management with terraform import .

  • Data sources: Read the existing resource data via data sources.

  • MSP support: Use the optional managed_company attribute on enterprise resources and data sources to scope operations to a specific managed company.

hashtag
Available resources and data sources

Full resources and data sources documentation on the Terraform Registryarrow-up-right. NOTE: This integration is not currently live. ETA March 2026

hashtag
Resources

Name
Description

commander_enterprise_node

Create and manage enterprise nodes (MSP or enterprise account).

commander_enterprise_role

Create and manage enterprise roles and policies.

commander_enterprise_team

Create and manage enterprise teams.

commander_enterprise_user

Create and manage enterprise users.

commander_manage_company

Create and manage managed companies (MSP only).

hashtag
Data sources

Name
Description

commander_enterprise_node

Look up an enterprise node by name or ID.

commander_enterprise_role

Look up an enterprise role by name or ID.

commander_enterprise_team

Look up an enterprise team by name or ID.

commander_enterprise_user

Look up an enterprise user by email or ID.

commander_manage_company

Look up a managed company by name or ID (MSP only).

hashtag
Prerequisites

  • Keeper Commander Service Mode: A service account running Commander Service Mode REST API.

  • Terraformarrow-up-right >= 1.0

hashtag
Setup and Installation

In order to communicate between the Terraform and Keeper, the customer is responsible for hosting a Keeper Commander Service Mode instance. This can be accomplished many ways depending on your IT requirements. Commander Service Mode can run as a foreground service on any machine, or it can be run in a Docker container locally or remotely on a server.

hashtag
Step 1. Commander Setup

Follow the setup steps documented in the Commander Service Mode REST APIarrow-up-right section to install Keeper Commander and start the service. Commander Service Mode can run directly in the CLI, in the background on a local machine, on a remote server as a service, or under a Docker container. Using Docker is the recommended method.

Note the following Important Items:

1) The Request Queue System (API v2) must be enabled, e.g. -q=y

2) Make sure the following commands are in the list:

circle-info

If you encounter a 429 Too Many Requests error due to rate limiting, you can configure rate-limit for your service mode using the -rl or --ratelimit flag.

This allows you to configure the allowed number of requests per endpoint per IP address, for example:

  • 1000/minute

  • 100000/hour

  • 2000000/day

Adjust these limits based on your expected traffic and system capacity.

After service creation, the API key will be displayed in the console output. Make sure to copy and store it securely. If you are using Docker, you can pull the API key from the logs with this command:

When the Commander service is up and running, you should be able to submit a curl request to the endpoint. For example:

If the tunnel is running and the API key is correct, you should get a response like this:

Now that the service is up and running, you can use Service Mode URL and API Key in provider configuration.

circle-info

Keep the Commander Service Mode running in order to stay connected

hashtag
Step 2. Provider Installation

hashtag
Registry install

circle-info

The Keeper Security commander provider page is currently not live. We will update this page when the URL is available.

To install this provider, add the following code to your Terraform configuration and run terraform init

hashtag
Manual Installation

Download the latest version of the Terraform Provider for your platform from our GitHub releasearrow-up-right page and copy the archive to the corresponding Terraform plugin folder (creating any missing folders in the path). Initialise source with full provider URL: source = "github.com/keeper-security/commander"

For help on manually installing Terraform Providers, please refer to the official Terraform documentationarrow-up-right.

hashtag
Usage

hashtag
Configure the Provider

The provider needs to be configured with commander service mode url and api key before it can be used.

circle-info

Note: Using managed companies (MSP accounts) Many resources and data sources support an optional managed_company attribute. When your account is an MSP, set managed_company to a managed company name or ID to manage that resource inside that company. Omit it to work in the logged-in account context (MSP or enterprise account).

circle-info

Note: MSP - Using both a managed company and your main account in the same config If you use some resources or data sources with managed_company (operations run inside that company) and others without it (operations run in the logged-in account context), Terraform may run them in parallel. Commander processes requests one at a time in a queue, so an action can run in the wrong context and fail (e.g. "resource not found"). Fix: Add dependencies between those resources or data sources (e.g. depends_on or referencing one from the other) so they are not executed in parallel. Example: Force ordering so the main-account resource runs after the managed-company one:

hashtag
Examples

hashtag
Manage Enterprise Team

Below example explain how you can manage your enterprise team with help of "commander_enterprise_team" resource.

Use this resource to create and manage teams in the MSP or Enterprise account

hashtag
Read Enterprise Team

Below example explain how you can read your existing enterprise team with help of "commander_enterprise_team" data source.

Use this data source to look up an enterprise team by name or ID. Returns the team's ID, name, users, and roles so you can reference them in other resources.

For more examples on different resources and data sources, check out the detailed provider documentation.

hashtag
Release Schedule and Roadmap

This all new Terraform Provider for Commander has a roadmap of features planned. Below is the current high level plan of features we are implementing:

  • Managed Company

  • Enterprise Management (Nodes, Users, Roles, Teams, Push, Team Approve)

  • Sharing Folders

  • Share Records

  • SCIM

  • SCIM Push

  • Record Types

  • SSO Cloud Integrations

  • Keeper Gateways

Please email [email protected] with any specific requirements that you have.

PreviousTerraform Provider for KSMNextWindows Credential Manager

Last updated

Was this helpful?