Commander CLI written in .Net
The .Net Commander CLI is a command-line application built on the Keeper .NET SDK. It provides interactive and scriptable access to your Keeper vault, enabling basic record management, folder operations, sharing, enterprise administration, and more.
Clone the Repository
Build the Commander CLI
Build Output Locations
.NET 8.0: Commander/bin/Debug/net8.0/
.NET Framework 4.7.2 (Windows): Commander/bin/Debug/net472/
Run from Project
Launch Commander - You'll see the interactive prompt:
Login to Keeper:
Enter your credentials when prompted:
Email address
These are all the commands supported by commander cli. .
This command creates a new passkey with currently logged in user's email. this passkey will be used for authenticating user when they want to login once we register biometric login on a device.
To use this command, you have to be logged in on CLI.
Note:
After executing this command, user has to register the device with Keeper to use biometric as default login method.
Persistent login takes precedence over biometric login, so if the device has persistent login enabled, biometric credentials are not required during login.
This command will be used to authenticate your session with credential stored. This same functionality will be used when we are trying to login using biometrics.
This command shows all the credentials which have been registered to the given account, along with the authenticator type, credential ID, date created and last used date
To use this command, you have to be logged in on CLI
This command will be used to deactivate biometric credential from Keeper, meaning the Keeper platform will stop accepting the given cryptographic credential for logging in the user.
Two-factor authentication code (if enabled)
Approve device if required
Sync Your Vault:
List Your Records:
Get Record Details:
Move record or folder to different location
Display record version history
rti
Get record type information
Manage record sharing permissions
er
Manage enterprise roles
ed
Manage user devices
Transfer user account ownership
Run audit trail reports
Export record types to JSON file
help
?
Display help information
q
Exit Commander
Login to your Keeper account
d
Download & decrypt vault data
Logout and clear session
Display current user information
Register a new windows hello key
Verify login using biometrics
List all biometrics linked to keeper account
Remove credential linked to account on current platform
Search vault (supports regex patterns)
List current folder contents
Change current folder
Display folder structure as tree
Get detailed information about records, folders, teams, etc.
add
Create a new record
edit
Update existing record
Remove record(s)
Download file attachment(s) from record
Upload file attachment to record
Delete attachment from record
Create new folder
Remove folder
update-dir
Update folder properties
List all shared folders
Manage shared folder user permissions
Manage shared folder record permissions
Manage deleted records in trash
Manage other devices
Manage current device settings
eget
Retrieve enterprise data
en
Manage enterprise organizational nodes
eu
Manage enterprise users
et
Manage enterprise teams
Add a new custom record type
Update existing record type
Delete custom record type
Bulk load record types from JSON file
password-report
Generate comprehensive password security report
BreachWatch security monitoring commands
Keeper Secrets Manager commands
Manage one-time secure shares
Import records from JSON file
c
Clear the screen
My Vault> sync-down
# or use the alias
My Vault> dMy Vault> list
# or
My Vault> ls -lMy Vault> get <record-uid-or-title>git clone https://github.com/Keeper-Security/keeper-sdk-dotnet.git
cd keeper-sdk-dotnet# Build Commander project only
dotnet build Commander/Commander.csproj
# Or build entire solution
dotnet build KeeperSdk.sln# when using linux or macos
dotnet run Commander --framework=net8.0
# when using windows
dotnet run Commander --framework=net472Not Logged In>My Vault> loginConnected to "keepersecurity.com".
Username: user_email
Biometric authentication successful.
Authentication completed successfully.
Syncing...
Decrypted 62 record(s)My Vault> biometric register
Registering Windows Hello biometric credential...
Windows Hello credential registered successfully
Provider: Windows Hello
You can now use Windows Hello to log in to Keeper.My Vault> biometric verify
Verifying Windows Hello authentication for '<user_email>' (purpose: vault)...
Windows Hello verification successful.
My Vault> biometric verify --purpose=login
Verifying Windows Hello authentication for '<user_email>' (purpose: login)...
Windows Hello verification successful.My Vault> biometric list
Listing Windows Hello biometric credentials...
# Friendly Name Provider Created Last Used Status
--- ------------- ---------------------- ---------------- ---------------- ------
1 Windows Hello Windows Hello 2025-10-10 19:41 2025-10-10 19:42 Active
2 Windows Hello Windows Hello 2025-10-29 12:59 2025-10-29 14:14 Active
My Vault> biometric remove
Are you sure you want to remove Windows Hello biometric credential for '<user_email>'? (y/N): y
Biometric credential removed for user: '<user_email>'Instructions for installation of .Net-based Commander CLI from source code
The Keeper .NET SDK provides comprehensive programmatic access to Keeper Password Manager's vault and administrative features. Built for modern .NET applications, it enables seamless integration of enterprise password management, privileged access management, and secrets management capabilities.
Secure vault access and synchronization
Complete record lifecycle management
Enterprise user and team administration
Automated password rotation
The main SDK library for programmatic access:
Source Code:
Getting Started :
Documentation:
NuGet Package:
Full-featured command-line application for vault management:
Source Code:
Getting Started:
Documentation:
Features: Interactive shell, batch operations, enterprise administration
PowerShell module for automation and scripting:
Installation: Install-Module -Name PowerCommander
Source Code:
Getting Started:
Documentation
.NET 8.0 - Latest .NET version with improved performance
.NET Standard 2.0 - Broad compatibility with .NET Framework and .NET Core
✅ Windows (10+, Server 2019+)
✅ macOS (11.0+)
✅ Linux (Ubuntu 20.04+, RHEL 8+)
or later
Visual Studio 2022, VS Code, or JetBrains Rider (recommended)
A Keeper Security account ()
For source integration into your .Net code, please utilize the KeeperSDK Library source code:
Comprehensive API reference documentation:
Full API Reference:
AuthSync - Synchronous authentication flow
Master Password - Standard Keeper authentication
Two-Factor (2FA) - TOTP, SMS, push notifications
Device Approval - Email and admin approval flows
Records - Create, read, update, delete records
Typed Records - Support for all Keeper record types and custom record types
Attachments - Upload and download file attachments
Folders - Organise records in folder hierarchy
User Management - Create, modify, delete enterprise users
Team Management - Organise users into teams
Role-Based Access - Manage roles and permissions
Audit Logs - Retrieve and analyse audit trail
End-to-End Encryption - Zero-knowledge architecture
Device Token Management - Secure persistent sessions
BreachWatch - Monitor compromised credentials
Password Reports - Generate security compliance reports
Getting Started Resources
📖
📖
📖
📖
Email: [email protected]
GitHub Issues:
Website:
For enterprise support, custom integrations, or technical assistance, contact our team at [email protected].
For help with implementation of SDK features, please see the Sample Application:
The .Net Commander CLI Sample App contains several basic operations such as logging in, authentication with two-factor, loading and decrypting the vault and updating passwords.
We use InputManager class to deal with console inputs in below examples. The implementation can be found at
File attachment operations
BreachWatch integration
Cross-platform support (Windows, macOS, Linux)
SSO Integration - Enterprise single sign-on
Biometric - WebAuthn/FIDO2 support
Shared Folders - Team collaboration and permissions
Search - Find records by title, URL, or custom fields
Device Management - Approve and manage devices
Managed Companies - MSP multi-tenant operations
📖 Sample Applications
Authentication, 2FA, device approval, SSO
Vault operations, records, folders, attachments
Enterprise administration, users, teams, roles
Configuration storage and management
dotnet add package Keeper.Sdk<PackageReference Include="Keeper.Sdk" Version="1.1.2" />using System;
using System.Linq;
using System.Threading.Tasks;
using Cli;
using KeeperSecurity.Authentication;
using KeeperSecurity.Authentication.Sync;
using KeeperSecurity.Configuration;
using KeeperSecurity.Vault;
// Initialize configuration storage
var configStorage = new JsonConfigurationStorage("config.json");
var inputManager = new SimpleInputManager();
// Login to Keeper using AuthSync
var auth = new AuthSync(configStorage);
await Utils.LoginToKeeper(auth, inputManager, "[email protected]");
// Create vault instance and sync
var vault = new VaultOnline(auth);
await vault.SyncDown();
// Access records
Console.WriteLine($"Your vault has {vault.RecordCount} records.");// Create a typed login record
var loginRecord = new TypedRecordFacade<LoginRecordType>();
loginRecord.Fields.Login = "[email protected]";
loginRecord.Fields.Password = "SecurePassword123!";
loginRecord.Fields.Url = "https://myapp.com";
var typedRecord = loginRecord.TypedRecord;
typedRecord.Title = "My Application";
typedRecord.Notes = "Production credentials";
var createdRecord = await vault.CreateRecord(typedRecord);
Console.WriteLine($"Record created with UID: {createdRecord.Uid}");// Find and update a password
var record = vault.KeeperRecords
.FirstOrDefault(x => x.Title == "Database");
if (record is PasswordRecord passwordRecord)
{
passwordRecord.Password = "NewSecurePassword123!";
await vault.UpdateRecord(passwordRecord);
Console.WriteLine("Password rotated successfully");
}using System.IO;
using KeeperSecurity.Commands;
// Upload attachment
using (var stream = File.OpenRead("config.json"))
{
var uploadTask = new FileAttachmentUploadTask("config.json")
{
Title = "Configuration File",
MimeType = "application/json"
};
await vault.UploadAttachment(record, uploadTask);
}
// Download attachment
var attachment = vault.RecordAttachments(record).FirstOrDefault();
if (attachment != null)
{
using (var stream = File.Create(attachment.Title))
{
await vault.DownloadAttachment(record, attachment.Id, stream);
}
}// Get shared folder
var sharedFolder = vault.SharedFolders
.FirstOrDefault(x => x.Name == "Team Credentials");
// Add user to shared folder
await vault.PutUserToSharedFolder(
sharedFolder.Uid,
"[email protected]",
UserType.User,
new SharedFolderUserOptions
{
ManageRecords = true,
ManageUsers = false
}
);using KeeperSecurity.Enterprise;
if (auth.AuthContext.IsEnterpriseAdmin)
{
// Load enterprise data
var enterprise = new EnterpriseData();
var loader = new EnterpriseLoader(auth, new[] { enterprise });
await loader.Load();
// Create team
var team = await enterprise.CreateTeam(new EnterpriseTeam
{
Name = "Engineering",
RestrictEdit = false,
RestrictSharing = true
});
// Add users to team
await enterprise.AddUsersToTeams(
new[] { "[email protected]" },
new[] { team.Uid },
Console.WriteLine
);
}