PowerShell Module

Installing the Keeper Commander PowerShell Module

Overview

A version of Keeper Commander is developed in .Net with a PowerShell module. This is published to the PowerShell Gallery as the PowerCommander module. This document provides instructions for installing and using this PowerShell Module.

PowerShell CLI

Keeper's PowerShell command-line tool (PowerCommander) provides basic vault access and administrative functions.

PowerShell module for Keeper Commander is available on the PowerShell Gallery:

LogoPowerCommander 1.0.7nuget

PowerShell Gallery Install

To install PowerCommander from PowerShell Gallery:

GitHub Repository

To run the PowerCommander module from the source, refer to the following GitHub Link:

https://github.com/Keeper-Security/keeper-sdk-dotnet/tree/master/PowerCommander

Installation Troubleshooting

Set Execution Policy Permissions

If you are unable to run PowerCommander commands, you may need to set the Execution Policy. To check this, run the following command:

Your output would be similar to this:

If the Scope for your installation is Undefined or Restricted, set it to Unrestricted with the following command:

Note: The above command sets the CurrentUser scope

Logging in with Biometric Authentication

If biometric authentication is configured on your device, you can use Windows Hello to log in to Keeper Commander. This allows you to bypass both the Master Password and two-factor authentication (2FA) for a faster, secure login experience.

For Windows users, ensure Windows Hello is configured:

  • Navigate to Settings > Accounts > Sign-in options > Windows Hello

  • Set up Face recognition, Fingerprint, or PIN

Register Biometric Authentication

First, login to Keeper Commander with your Master Password (or SSO), then register biometric authentication:

Biometric authentication prompt (fingerprint or Face ID) will be displayed.

Register by authenticating with your fingerprint or faceID when prompted by the system.

With successful fingerprint or faceID authentication the registration will be completed:

Device Registration

To use biometric authentication as your default login method, you must register your device

PowerCommander Commands

Login Commands

Cmdlet name
Alias
Description

Connect-Keeper

kc

Login to Keeper

Disconnect-Keeper

kq

Logout and clear the data

Biometric Login Commands

Cmdlet name
Alias
Description

Register-KeeperBiometricCredential

Registers a new biometric credential (Windows Hello/WebAuthn)

Assert-KeeperBiometricCredential

Checks if a biometric credential exists for the current user

Show-KeeperBiometricCredentials

Lists all biometric credentials registered for the current user

Unregister-KeeperBiometricCredential

Removes the biometric credential from the current user

Record Commands

Cmdlet name
Alias
Description

Connect-Keeper

kc

Login to Keeper server

Sync-Keeper

ks

Sync with Keeper server

Disconnect-Keeper

Logout and clear the data

Get-KeeperLocation

kpwd

Print current Keeper folder

Set-KeeperLocation

kcd

Change Keeper folder

Get-KeeperChildItem

kdir

Display subfolder and record names in the current Keeper folder

Get-KeeperObject

ko

Get Keeper object by UID

Get-KeeperRecord

kr

Enumerate all records

Add-KeeperRecord

kadd

Add/Modify Keeper record

Remove-KeeperRecord

kdel

Delete Keeper record

Get-KeeperSharedFolder

ksf

Enumerate all shared folders

Move-RecordToFolder

kmv

Move records to Keeper folder

Add-KeeperFolder

kmkdir

Create Keeper folder

Edit-KeeperFolder

Remove-KeeperFolder

krmdir

Remove Keeper folder

Get-KeeperRecordType

krti

Get Record Type Information

Copy-KeeperToClipboard

kcc

Copy record password to clipboard

Show-TwoFactorCode

2fa

Display Two Factor Code

Copy-KeeperFileAttachment

kda

Download file attachments

Copy-KeeperFileAttachmentToStream

Download file attachement to stream

Copy-FileToKeeperRecord

Upload file attachment to a record

Get-KeeperInformation

kwhoami

Print account license information

Get-KeeperDeviceSettings

Print the current device settings

Set-KeeperDeviceSettings

this-device

Modifies the current device settings

Get-KeeperPasswordVisible

Show/hide secret fields setting

Set-KeeperPasswordVisible

Sets whether password fields should be visible or not

New-KeeperRecordType

Add a new custom Keeper Record Type.

Edit-KeeperRecordType

Update an existing custom Keeper Record Type.

Remove-KeeperRecordType

Delete a custom Keeper Record Type by its ID.

Import-KeeperRecordTypes

Imports custom record types into Keeper from a JSON file.

Export-KeeperRecordTypes

Downloads custom record types from Keeper Vault to a JSON file.

Get-KeeperRecordPassword

Gets the password from a Keeper record by name, title, UID, or record object.

Get-KeeperPasswordReport

Generate comprehensive password security report for Keeper records.

Sharing Cmdlets

Cmdlet name
Alias
Description

Show-KeeperRecordShare

kshrsh

Show a record sharing information

Grant-KeeperRecordAccess

kshr

Share a record with user

Revoke-KeeperRecordAccess

kushr

Remove record share from user

Move-KeeperRecordOwnership

ktr

Transfer record ownership to user

Grant-KeeperSharedFolderAccess

kshf

Add a user or team to a shared folder

Revoke-KeeperSharedFolderAccess

kushf

Remove a user or team from a shared folder

Get-KeeperAvailableTeam

kat

Get available teams

Get-KeeperOneTimeShare

kotsg

Get One-Time Shares for a record

New-KeeperOneTimeShare

kotsn

Create One-Time Share

Remove-KeeperOneTimeShare

kotsr

Remove One-Time Share

Enterprise Cmdlets

Cmdlet name
Alias
Description

Sync-KeeperEnterprise

ked

Sync Keeper enterprise information

Get-KeeperEnterpriseNode

ken

Enumerate all enterprise nodes

Get-KeeperEnterpriseUser

keu

Enumerate all enterprise users

Get-KeeperEnterpriseTeam

ket

Enumerate all enterprise teams

Get-KeeperEnterpriseTeamUser

ketu

Get a list of enterprise users for team

New-KeeperEnterpriseNode

kena

Create Node (new)

Add-KeeperEnterpriseUser

invite-user

Invite User to Enterprise (new)

Lock-KeeperEnterpriseUser

lock-user

Lock Enterprise User

Unlock-KeeperEnterpriseUser

unlock-user

Unlock Enterprise User

Move-KeeperEnterpriseUser

transfer-user

Transfer user account to another user

Remove-KeeperEnterpriseUser

delete-user

Delete Enterprise User

Get-KeeperEnterpriseRole

ker

Enumerate all enterprise roles (new)

Get-KeeperMspLicenses

msp-license

Return MSP licenses

Switch-KeeperMC

switch-to-mc

Switch to Managed Company (new)

Switch-KeeperMSP

switch-to-msp

Switch back to MSP (new)

Get-KeeperManagedCompany

kmc

Enumerate all enterprise managed companies

New-KeeperManagedCompany

kamc

Create Managed Company

Remove-KeeperManagedCompany

krmc

Remove Managed Company

Edit-KeeperManagedCompany

kemc

Edit Managed Company

Get-MspBillingReport

Run MSP Billing Report

Get-KeeperNodeName

Return Name of current Enterprise Node

Get-KeeperRoleName

Get Display Name of Enterprise Role

New-KeeperEnterpriseTeam

Create an enterprise team

Get-KeeperEnterpriseRoleUsers

Get a list of enterprise users for a role

Get-KeeperEnterpriseRoleTeams

Get a list of enterprise teams for a role

Get-KeeperEnterpriseAdminRole

Get a list of Administrator Permissions

Remove-KeeperEnterpriseTeamMember

Removes existing enterprise users from a Keeper team.

Add-KeeperEnterpriseTeamMember

Adds existing enterprise users to a Keeper team.

Secret Manager Cmdlets

Cmdlet name
Alias
Description

Get-KeeperSecretManagerApp

ksm

Enumerate all Keeper Secret Manager Applications

Add-KeeperSecretManagerApp

ksm-create

Add a Keeper Secret Manager Application

Remove-KeeperSecretManagerApp

Delete a Keeper Secret Manager Application

Grant-KeeperSecretManagerFolderAccess

ksm-share

Add a shared folder to KSM Application

Revoke-KeeperSecretManagerFolderAccess

ksm-unshare

Remove a Shared Folder from KSM Application

Add-KeeperSecretManagerClient

ksm-addclient

Add a client/device to KSM Application

Remove-KeeperSecretManagerClient

ksm-rmclient

Remove a client/device from KSM Application

Grant-KeeperAppAccess

Grant Keeper Secret Manager Application Access to a user

Revoke-KeeperAppAccess

Revoke Keeper Secret Manager Application Access from a user

BreachWatch Commands

Cmdlet name
Alias
Description

Get-KeeperBreachWatchList

List passwords which are breached based on breachwatch

Test-PasswordAgainstBreachWatch

check a given password against breachwatch passwords

Set-KeeperBreachWatchRecordIgnore

Ignore a given record from breachwatch alerts

Get-KeeperIgnoredBreachWatchRecords

list ignored breachwatch records

Biometric Login Support Commands

Cmdlet name
Alias
Description

Register-KeeperBiometricCredential

Registers a new biometric credential (Windows Hello/WebAuthn)

Assert-KeeperBiometricCredential

Checks if a biometric credential exists for the current user

Show-KeeperBiometricCredentials

Lists all biometric credentials registered for the current user

Unregister-KeeperBiometricCredential

Removes the biometric credential from the current user

Additional Commands

Not all capabilities of Keeper Commander (Python) have been added to the PowerShell module. We add them on request by customers. If you have requests for our engineering team, please email [email protected].

Examples

Connect To Keeper Account

List the content of Keeper folder

  • f - folder

  • r - record

  • S - shared

  • A - file attachments

  • O - owner

Show Two Factor Code for all records in the current Keeper folder

Show Two Factor Code for all records in the Vault.

where

  • kr is alias for Get-KeeperRecord

  • 2fa is alias for Show-TwoFactorCode

Copy record password to clipboard

where

  • contro is a substring of the record title. See last entry of kdir output in example #2

  • kcc is alias for Copy-KeeperToClipboard

or

'ktY3jEBqwFDi9UYZSxmIpw' is the Record UID of the same record

Add/Modify Keeper record

creates a legacy record in Keeper

creates a record of login type in Keeper

generates a new password for existing record

Pre-defined fields supported by both legacy and typed records

  • login Login

  • password Password

  • url Website Address

Copy owned record to folder

copies all records in the current Keeper folder to the folder with name 'Shared Folder'

List all enterprise users

Create a new Managed Company

Switch to a new Managed Company

Previous.Net Commander CLINextBiometric Login

Last updated

Was this helpful?