All pages
Powered by GitBook
1 of 1

Exec Command

Execute arbitrary system calls and replaces templated environment variables with Keeper vault secrets

exec command

To perform magic environment variable substitution, use the ksm exec command.

Parameters:

System call or script to run with replaced environment variables

format: ksm exec -- <SYSTEM CALL OR SCRIPT>

Example Linux bash script

my_script.sh
#!/bin/bash

# Bash script that pulls Keeper secrets 

connect_db() {
  echo "Database Password:" $DB_PASSWORD
}

call_stripe() {
  echo "API Key:" $API_KEY
}

connect_db
call_stripe

Set a couple environment variables then execute the script:

$ export DB_PASSWORD="keeper://XXX/field/password"
$ export API_KEY="keeper://XXX/custom_field/API Key"

$ ksm exec -- ./my_script.sh

Database Password: ksv33110sbnb7W@b3VGCHb
API Key: sk_test_MY2A30Ofg6Ukkq2NjMQVo87c

Example Windows batch file

C:\> ksm exec -- my_script.bat

Example PowerShell script

PS C:\> ksm exec -- powershell my_script.ps1

Environment Variable Replacement

Environment variables must be templated so that the CLI can find and replace them correctly. For example:

export DB_PASSWORD="keeper://XXX/field/password"
export API_KEY="keeper://XXX/custom_field/API Key"

See the Keeper Notation documentation for more information on notation query format and capabilities

Example Shell Script

Below is a Linux bash script example. Before an application is started or a command is run, any environment variables that start with keeper:// will be replaced with secret values from the vault. Make sure to replace XXXX with the Record UID of the secret.

export MY_PASSWORD=keeper://XXXX/field/password
export MY_OTHER_PASSWORD=keeper://XXXX/field/password[0]
export MY_LAST_NAME=keeper://XXXX/custom_field/Name 2[last]
export MY_SECOND_PHONE=keeper://XXXX/custom_field/phone[1][number]

Here's a simple bash script that prints the secrets to the console:

#!/usr/bin/env bash
echo
echo "My Password = \${MY_PASSWORD}"
echo "Other Password = \${MY_OTHER_PASSWORD}"
echo "My Last Name = \${MY_LAST_NAME}"
echo "My Second Phone = \${MY_SECOND_PHONE}"

And here's the output from executing the bash script with ksm exec

$ ksm exec -- ./my_script.sh

My Password = $71387feh24fE%4416ffFHA
Other Password = YYFash328f^F^@#Fsdfjhsgblqef'f;
My Last Name = Smith
My Second Phone = 123-456-7890