Commands for creating and managing Record Types and Custom Templates
The commands associated with Record Types are listed below. For more information on record types, including example usage, see the documentation
Whether using the interactive shell, CLI or JSON config file, Keeper supports the following commands, each command supports additional parameters and options.
To get help on a particular command, run:
help <command>
Command: record-type-info or rti
Detail: List available record types. or details of a specific record type
Switches:
-lr, --list-record <RECORD TYPE OR ID (optional)>
If record type name or ID is not given, lists all record type names and IDs
if a record type name or ID is given, displays the record type's details and fields
-lf, --list-field <FIELD NAME> show information about a specified field type. Can use "*" to show all fields.
-e, --example generate example json for a record type or field. *Must use with -lr or -lf
--syntax-help display extended help on record type parameters
--format <{csv, json, table}> choose the format to output in
--output <OUTPUT FILE> output results to a given file *ignored if table format is used
Examples:
show list of record types
show details of the login record type
show details of the name field type
show details of all field types
display an example of the passport record type
display extended syntax help text
write the record type information as a CSV to a file
Command: record-type or rt
Detail: Add, modify, or delete custom record types
Parameters:
Record type ID (if updating or deleting)
Switches:
-a, --action <{add, update, remove}> action to perform
add - create a new custom record type
update - modify an existing custom record type
remove - delete an existing custom record type
--data <DATA> JSON formatted definition of the record type
Format:
Record types utilize the following formatting:
Example:
See a list of all field types here
Use the following command to see a list of available field types: rti -lf *
Examples:
Add a new record type named "My Record Type"
Update the "My Record Type" record Type (which has an ID of 102 in this example). Here, the 'Address' field was removed
Remove the record type with Id 102
Required Version: v16.5.9+
Command: convert
Detail: Convert legacy (General typed or untyped) records to typed records.
The convert command will only convert legacy, untyped records to typed records.
To convert the type of a typed record, use the edit command.
Parameters:
Pattern to match records in the current folder. Matches against UIDs and titles. Can use "?" to match any single character and "*" to match any number of characters
Switches:
-t, --record-type <RECORD TYPE OR ID > The type to convert records to
see record types documentation for a list of all standard record types
-q, --quiet Do not show info about matched and converted records
-u, --url <URL Pattern> Only converts records with URLs that match the given pattern. Can use "?" to match any single character and "*" to match any number of characters
-n, --dry-run Display the outcome of the conversion without converting any records
-r, --recursive apply conversion to all matching records in the current and child folders
--ignore-ownership convert records even if they are not owned by the current account
Examples:
Convert the untyped record with the given UID to a login type record
Perform a dry-run of conversion of all records in the vault and display what records would be converted. (will match all records if performed at the root directory)
Convert all untyped records in the vault to login type (if performed at the root directory)
Convert any untyped record that contains 'sql' in its name to a database credential
Convert any record that ends in ssh-<anything> to a sshKey type record
e.g convert a record titled "Github ssh-1" and a record titled "Github ssh-2"
Command
Explanation
record-type-info or rti
List record types or see information about a specific record type
record-type or rt
Add, edit, or delete custom record types
convert
Convert legacy records to record-typed records
Description and examples for using and managing Record Types
Within the Vault and via the commander CLI, it's possible to create records of a specific type. And if this capability is enabled by your Keeper Administrator, you can even create custom record type templates. Record Types define the fields available to a record. They act as a record blueprint, which makes it easy to create and manage records for a variety of different uses.
There is a set of standard record types defined by Keeper, these include common types like Login, Passport, and SSH Keys.
It is also possible to define new record types to be used by your organization.
For a list of associate record type commands, see commands documentation
add type=login title='my login' f.login=John.Doe f.password=75vf@5JB@o f.url=https://www.example.com f.oneTimeCode=otpauth://totp/Label?secret=Secret
record-type-info
record-type-info -lr login
record-type-info -lr login -e
Below you can see the fields in each record type, an example json representation, and and example of how to create a record of each type.
All record types have the following fields:
title - what the record is named (required)
notes - text
custom - custom fields and values can be added to records. See add documentation for more information on adding custom fields
Name: login
Id: 1
Record Fields:
Add Record Example:
Dot Notation add type=login title='my login' f.login=John.Doe f.password=75vf@5JB@o f.url=https://www.example.com f.oneTimeCode="otpauth://totp/Label?secret=Secret"
JSON Data add --data '{"type": "login", "title": "my login", "fields": [{"type": "login", "value": ["John.Doe"]}, {"type": "password", "value": ["75vf@5JB@o"]}, {"type": "url", "value": ["https://www.example.com"]}, {"type": "oneTimeCode", "value": ["otpauth://totp/Label?secret=Secret"]}], "custom": []}'
Name: bankAccount
Id: 11
Record Fields:
Add Record Example:
Dot Notation add type=bankAccount title='my bankAccount' f.bankAccount.accountType=Checking f.bankAccount.otherType=SomeText f.bankAccount.routingNumber=SomeText f.bankAccount.accountNumber=SomeText f.name.first=John f.name.middle=Danger f.name.last=Doe f.login=John.Doe f.password=75vf@5JB@o f.url=https://www.example.com f.oneTimeCode="otpauth://totp/Label?secret=Secret"
JSON Data add --data '{"type": "bankAccount", "title": "my bankAccount", "fields": [{"type": "bankAccount", "value": [{"accountType": "Checking", "otherType": "SomeText", "routingNumber": "SomeText", "accountNumber": "SomeText"}], "required": true}, {"type": "name", "value": [{"first": "John", "middle": "Danger", "last": "Doe"}]}, {"type": "login", "value": ["John.Doe"]}, {"type": "password", "value": ["75vf@5JB@o"]}, {"type": "url", "value": ["https://www.example.com"]}, {"type": "cardRef", "value": []}, {"type": "oneTimeCode", "value": ["otpauth://totp/Label?secret=Secret"]}], "custom": []}'
Name: address
Id: 14
Record Fields:
Add Record Example:
Dot Notation add type=address title='my address' f.address.street1=SomeText f.address.street2=SomeText f.address.city=SomeText f.address.state=SomeText f.address.zip=SomeText f.address.country=SomeText
JSON Data add --data '{"type": "address", "title": "my address", "fields": [{"type": "address", "value": [{"street1": "SomeText", "street2": "SomeText", "city": "SomeText", "state": "SomeText", "zip": "SomeText", "country": "SomeText"}]}], "custom": []}'
Name: bankCard
Id: 18
Record Fields:
Add Record Example:
Dot Notation add type=bankCard title='my bankCard' f.paymentCard.cardNumber=SomeText f.paymentCard.cardExpirationDate=SomeText f.paymentCard.cardSecurityCode=SomeText f.text=SomeText f.pinCode=SomeText
JSON Data add --data '{"type": "bankCard", "title": "my bankCard", "fields": [{"type": "paymentCard", "value": [{"cardNumber": "SomeText", "cardExpirationDate": "SomeText", "cardSecurityCode": "SomeText"}]}, {"type": "text", "value": ["SomeText"], "label": "cardholderName"}, {"type": "pinCode", "value": ["SomeText"]}, {"type": "addressRef", "value": []}], "custom": []}'
Name: birthCertificate
Id: 19
Record Fields:
Add Record Example:
Dot Notation add type=birthCertificate title='my birthCertificate' f.name.first=John f.name.middle=Danger f.name.last=Doe f.birthDate=1624485827145
JSON Data add --data '{"type": "birthCertificate", "title": "my birthCertificate", "fields": [{"type": "name", "value": [{"first": "John", "middle": "Danger", "last": "Doe"}]}, {"type": "birthDate", "value": [1624485827145]}], "custom": []}'
Name: contact
Id: 20
Record Fields:
Add Record Example:
Dot Notation add type=contact title='my contact' f.name.first=John f.name.middle=Danger f.name.last=Doe f.text=SomeText f.email=SomeText f.phone.region=US f.phone.number=(555)555-5555 f.phone.ext=3 f.phone.type=Mobile
JSON Data add --data '{"type": "contact", "title": "my contact", "fields": [{"type": "name", "value": [{"first": "John", "middle": "Danger", "last": "Doe"}], "required": true}, {"type": "text", "value": ["SomeText"], "label": "company"}, {"type": "email", "value": ["SomeText"]}, {"type": "phone", "value": [{"region": "US", "number": "(555)555-5555", "ext": "3", "type": "Mobile"}]}, {"type": "addressRef", "value": []}], "custom": []}'
Name: driverLicense
Id: 21
Record Fields:
Add Record Example:
Dot Notation add type=driverLicense title='my driverLicense' f.accountNumber=SomeText f.name.first=John f.name.middle=Danger f.name.last=Doe f.birthDate=1624485827145 f.expirationDate=1624485827145
JSON Data add --data '{"type": "driverLicense", "title": "my driverLicense", "fields": [{"type": "accountNumber", "value": ["SomeText"], "label": "dlNumber"}, {"type": "name", "value": [{"first": "John", "middle": "Danger", "last": "Doe"}]}, {"type": "birthDate", "value": [1624485827145]}, {"type": "addressRef", "value": []}, {"type": "expirationDate", "value": [1624485827145]}], "custom": []}'
Name: encryptedNotes
Id: 22
Record Fields:
Add Record Example:
Dot Notation add type=encryptedNotes title='my encryptedNotes' f.note=SomeText f.date=1624485827145
JSON Data add --data '{"type": "encryptedNotes", "title": "my encryptedNotes", "fields": [{"type": "note", "value": ["SomeText"]}, {"type": "date", "value": [1624485827145]}], "custom": []}'
Name: file
Id: 23
Record Fields:
Add Record Example:
Dot Notation add type=file title='my file'
JSON Data add --data '{"type": "file", "title": "my file", "fields": [], "custom": []}'
Name: healthInsurance
Id: 24
Record Fields:
Add Record Example:
Dot Notation add type=healthInsurance title='my healthInsurance' f.accountNumber=SomeText f.name.first=John f.name.middle=Danger f.name.last=Doe f.login=John.Doe f.password=75vf@5JB@o f.url=https://www.example.com
JSON Data add --data '{"type": "healthInsurance", "title": "my healthInsurance", "fields": [{"type": "accountNumber", "value": ["SomeText"]}, {"type": "name", "value": [{"first": "John", "middle": "Danger", "last": "Doe"}], "label": "insuredsName"}, {"type": "login", "value": ["John.Doe"]}, {"type": "password", "value": ["75vf@5JB@o"]}, {"type": "url", "value": ["https://www.example.com"]}], "custom": []}'
Name: membership
Id: 26
Record Fields:
Add Record Example:
Dot Notation add type=membership title='my membership' f.accountNumber=SomeText f.name.first=John f.name.middle=Danger f.name.last=Doe f.password=75vf@5JB@o
JSON Data add --data '{"type": "membership", "title": "my membership", "fields": [{"type": "accountNumber", "value": ["SomeText"]}, {"type": "name", "value": [{"first": "John", "middle": "Danger", "last": "Doe"}]}, {"type": "password", "value": ["75vf@5JB@o"]}], "custom": []}'
Name: passport
Id: 27
Record Fields:
Add Record Example:
Dot Notation add type=passport title='my passport' f.accountNumber=SomeText f.name.first=John f.name.middle=Danger f.name.last=Doe f.birthDate=1624485827145 f.expirationDate=1624485827145 f.date=1624485827145 f.password=75vf@5JB@o
JSON Data add --data '{"type": "passport", "title": "my passport", "fields": [{"type": "accountNumber", "value": ["SomeText"], "label": "passportNumber"}, {"type": "name", "value": [{"first": "John", "middle": "Danger", "last": "Doe"}]}, {"type": "birthDate", "value": [1624485827145]}, {"type": "addressRef", "value": []}, {"type": "expirationDate", "value": [1624485827145]}, {"type": "date", "value": [1624485827145], "label": "dateIssued"}, {"type": "password", "value": ["75vf@5JB@o"]}], "custom": []}'
Name: photo
Id: 28
Record Fields:
Add Record Example:
Dot Notation add type=photo title='my photo'
JSON Data add --data '{"type": "photo", "title": "my photo", "fields": [], "custom": []}'
Name: serverCredentials
Id: 29
Record Fields:
Add Record Example:
Dot Notation add type=serverCredentials title='my serverCredentials' f.host.hostName=https://www.example.com f.host.port=5000 f.login=John.Doe f.password=75vf@5JB@o
JSON Data add --data '{"type": "serverCredentials", "title": "my serverCredentials", "fields": [{"type": "host", "value": [{"hostName": "https://www.example.com", "port": "5000"}]}, {"type": "login", "value": ["John.Doe"]}, {"type": "password", "value": ["75vf@5JB@o"]}], "custom": []}'
Name: softwareLicense
Id: 30
Record Fields:
Add Record Example:
Dot Notation add type=softwareLicense title='my softwareLicense' f.licenseNumber=SomeText f.expirationDate=1624485827145 f.date=1624485827145
JSON Data add --data '{"type": "softwareLicense", "title": "my softwareLicense", "fields": [{"type": "licenseNumber", "value": ["SomeText"]}, {"type": "expirationDate", "value": [1624485827145]}, {"type": "date", "value": [1624485827145], "label": "dateActive"}], "custom": []}'
Name: ssnCard
Id: 31
Record Fields:
Add Record Example:
Dot Notation add type=ssnCard title='my ssnCard' f.accountNumber=SomeText f.name.first=John f.name.middle=Danger f.name.last=Doe
JSON Data add --data '{"type": "ssnCard", "title": "my ssnCard", "fields": [{"type": "accountNumber", "value": ["SomeText"], "label": "identityNumber"}, {"type": "name", "value": [{"first": "John", "middle": "Danger", "last": "Doe"}]}], "custom": []}'
Name: general
Id: 32
Record Fields:
Add Record Example:
Dot Notation add type=general title='my general' f.login=John.Doe f.password=75vf@5JB@o f.url=https://www.example.com f.oneTimeCode=SomeText
JSON Data add --data '{"type": "general", "title": "my general", "fields": [{"type": "login", "value": ["John.Doe"]}, {"type": "password", "value": ["75vf@5JB@o"]}, {"type": "url", "value": ["https://www.example.com"]}, {"type": "oneTimeCode", "value": ["SomeText"]}], "custom": []}'
Name: sshKeys
Id: 34
Record Fields:
Add Record Example:
Dot Notation add type=sshKeys title='my sshKeys' f.login=John.Doe f.keyPair=SomeText f.host.hostName=https://www.example.com f.host.port=Unknown - Text f.secret=SomeText
JSON Data add --data '{"type": "sshKeys", "title": "my sshKeys", "fields": [{"type": "login", "value": ["John.Doe"]}, {"type": "keyPair", "value": ["SomeText"]}, {"type": "host", "value": [{"hostName": "https://www.example.com", "port": "Unknown - Text"}]}, {"type": "secret", "value": ["SomeText"]}], "custom": []}'
Name: databaseCredentials
Id: 40
Record Fields:
Add Record Example:
Dot Notation add type=databaseCredentials title='my databaseCredentials' f.text=SomeText f.host.hostName=https://www.example.com f.host.port=5000 f.login=John.Doe f.password=75vf@5JB@o
JSON Data add --data '{"type": "databaseCredentials", "title": "my databaseCredentials", "fields": [{"type": "text", "value": ["SomeText"], "label": "type"}, {"type": "host", "value": [{"hostName": "https://www.example.com", "port": "5000"}]}, {"type": "login", "value": ["John.Doe"]}, {"type": "password", "value": ["75vf@5JB@o"]}], "custom": []}'
All the commands related to Manipulating records
Whether using the interactive shell, CLI or JSON config file, Keeper supports the following commands, each command supports additional parameters and options.
To get help on a particular command, run:
help <command>
Command: list or l
Detail: List all records or search via a regular expression
Switches:
-v, --verbose verbose output (if record names are too long for the column)
Examples:
List all records
List all records with the string twitter
List all 'Azure' records that do not contain the string 'FTP" (Using regex)
Command: search or s
Detail: Search the vault using a regular expression
Parameters:
Regular expression to use with search
Switches:
-v, --verbose verbose output
Examples:
Search for records containing "dropbox"
Search for records with a string of numbers and letters only ending in ".org"
Command: ls
Detail: List folder contents
Switches:
-l, --list show detailed list
-f, --folders display folders
-r, --records display records
-v, --verbose verbose output
-R, --recursive show subfolder contents
Examples:
Detailed list of folder contents
List of only records in a folder (No sub folders)
Detailed list of records, and show long titles even if they skew the table
Show detailed list of all records and folders found in "Folder1" and its subfolders
Command: tree
Detail: Display the entire folder structure as a tree, using specified folder or the current location (if no folder specified) as the root
Parameters:
Full path, UID, or name (if current location is parent folder) of folder to use as tree root (optional)
Switches:
-r, --records display records in each folder in tree (shown in slightly dimmer text)
-s, --shares display shared-folder share permissions (symbols denoting permission-types shown in legend/key by default)
-hk, --hide-shares-key hide permissions legend (valid only when--shares flag is specified)
-t, --title <TITLE> show optional title for the folder-structure display
-v, --verbose verbose output (display record/folder UID in addition to name)
Examples:
Display entire folder structure as a tree, using the current location as the root
Display entire folder structure starting at sub directory "Office Codes" folder as the root
Display folder structure titled "My Folder Structure w/ Records (UIDs shown)" showing records in each folder (w/ corresponding UID for each folder/record), using current location as root
Display folder structure with share-permissions (as abbreviated symbols) for each contained shared-folder without displaying the corresponding permission symbols legend/key, with the displayed folder-structure root being the subfolder named Team1 in the folder named Work Folders found in the vault's root folder (note: because the target folder's full path is provided in this example, this command can be called from any location)
Command: cd
Detail: Change current directory
Parameters:
Location to move to.
Quotation marks can be used to move to folders with spaces or slashes in their name.
backslash (\) can be used to escape quotation marks in a folder's name
Examples:
Move to a folder named "social" in the current directory
Move to a folder named 'banks' inside a folder named 'financial'
Move to the vault root
Move to a folder named "folder/with/slashes"
Move to a folder named 'folder"with"quotes'
Command: find-password
Detail: Display a specified Keeper record's password to the system output, given that record's UID or path
Parameters:
Path or UID of a record
Switches:
--username <USERNAME> match the login name using regex (optional). The given title or UID must also match to find the record
--output <{clipboard, stdout}> choose the destination of the output
stdout - display password to system output (default)
clipboard - copy password to clipboard
-l, --login output login name instead of password
Examples:
Show the password of a specific record with the given UID
Show the password of a record with the title "Zoom" in the "office" folder
Copy the password of a specific record to the clipboard
Show the login of a record with the title "Twitter" in the "social" folder
Show the password for a record with a title that starts with "reddit", and "second" as part of the username
Command: clipboard-copy
Detail: Copy a specified Keeper record's password to the clipboard, or send the password to stdout, given that record's UID or path.
Parameters:
Path or UID of record
Switches:
--username <USERNAME> match the login name using regex (optional). The given title or UID must also match to find the record
--output <{clipboard, stdout, stdouthidden}> choose the destination of the output
clipboard - copy password to clipboard (default)
stdout - display password to system output
stdouthidden - display password to system output but hidden
-l, --login output login name instead of password
--field <FIELD NAME> output custom field
-r, --revision record revision
-t or --totp output TOTP code
Examples:
Copy the password of a specific record with the given UID to the clipboard
Copy the password of a record with the title "Zoom" in the "office" folder to the clipboard
Show the password of a specific record with the given UID
Copy the login of a record with the title "Twitter" in the "social" folder to the clipboard
Copy the password for a record with a title that starts with "reddit", and "second" as part of the username to the clipboard
Command: get or g
Detail: Retrieve and display a Keeper Record/Folder/Team in printable or JSON format, given a corresponding UID.
Parameters:
UID of a record, folder, or team
Switches:
--unmask display hidden field content as plaintext
--format<{detail, json, password}> choose the format of the output
detail - a detailed view of the Record/Folder/Team (default)
json - json formatted details
password - only the password
--legacy JSON output only. Display typed records in legacy json format
Examples:
Show the details of a specific record
Show the details of a specific record in JSON format
To only retrieve the password as output, see the clipboard-copy command
Command: record-history or rh
Detail: Show the history of a record's modifications, given that record's UID
Parameters:
UID of record
Switches:
-a, --action <{list, diff, show, restore}> perform an action on the record
list - show revisions
diff - show changes made at each revision
show - show details about the current revision
restore - restore back to a previous revision (requires -r or --revision argument)
-r, --revision <REVISION NUMBER> only show details for a specific revision
Examples:
List of specific record's modification history
List of the changes made in each version of the specific record
Details of the 4th revision of the specific record (V.4)
Revert the specified record to its 2nd version
Command: totp
Detail: Display the Two Factor code for a record, given its path or UID. Show a list of records with Two Factor codes if no path or UID is given
Parameters:
Path or UID of record (optional)
Switches:
--details display 2FA details
--range <RANGE> display last and next [x] codes
Examples:
List of records with TOTP Two Factor codes
Show a Two Factor code with timer for the "Dropbox" record
Show a Two Factor code with timer for the record with the given UID
Display the last, current, and next Two Factor codes for the "Dropbox" record
Display the TOTP token details for the record with the given UID
Command: download-attachment
Detail: Download all files attached to the specified record(s), given that record's path or UID
Parameters:
Path or UID of record or folder
-r or --recursive Download recursively through subfolders
--out-dir <LOCAL DIRECTORY> Local folder for downloaded files
--preserve-dir Preserve vault folder structure
--record-title Append record names to title of downloaded attachments
Naming Convention for downloaded attachments:
Examples:
Download all attachments of the record titled "Financial Records" in the "documents" folder
Download all attachments of the record with the given UID
Download all attachments in the vault recursively to the specified output location: "C:\Attachments"
Append the record name "Financial Records" to the name of all downloadable attachments for the record titled "Financial Records" in the "documents" folder
Command: upload-attachment
Detail: Upload a file and attach it to a specific record, given that record's path or UID
Parameters:
Path or UID of record
Switches:
--file <FILENAME> file name to upload (required)
Examples:
Attach a pdf file to the "Financial Records" record in the "documents" folder
Attach an image to the record with the given UID
Command: delete-attachment
Detail: Delete a file attached to a specified record, given that record's path or UID
Parameters:
Path or UID of record
Switches:
--name <FILE> name or ID of the file to delete (required)
Examples:
Delete a pdf file named "June_2021.pdf" from the "Financial Records" record in the "documents" folder
Delete an image named "5_15_21.jpg" from the record with the given UID
Delete all orphaned file attachments in the vault
Command: file-report
Detail: Show a report of details of all files that you can access in the vault. Report consists of: Title, Record UID, and File ID
Switches:
-d, --try-download attempt to download all the attachments in the vault
Examples:
Show a report of all the files attached to records in the vault
Attempt to download all the files attached to records in the vault
Command: list-sf or lsf
Detail: Display the UID, Name, Default Permissions, Record Permissions, User Permissions, and Team Permissions for all shared folders in the vault
Examples:
Show details for all shared folders in the vault
Command: list-team or lt
Detail: Display the UID and Name for each Team that you have access to
Examples:
Show details for all teams you have access to
Command: record-add or record-update
Detail: Adds a record to the vault or update an existing record. This is the recommended command for adding and updating records. This supports all record types, custom types, standard fields and custom fields. See --syntax-help for detailed examples.
Parameters:
A space separated list of field values. A field has the following syntax:
<FIELD_NAME>=<FIELD_VALUE> see ...
Switches:
-t, --title Record title
-n, --notes Record notes
-rt, --record-type Record type. See the list of standard record types.
-f, --folder <FOLDER PATH or UID> Folder for the record. Applies to record-add only.
--self-destruct <NUMBER>[(mi)nutes|(h)ours|(d)ays|(mo)nths|(y)ears]Time period record share URL is valid. The record will be deleted from your vault 5 minutes after opening. Applies to record-add only.
-r, --record <RECORD PATH or UID> Path or UID of the record to edit. Applies to record-update only.
-f, --force Ignore warnings.
--syntax-help Displays detailed information on usage for these commands.
Examples:
Command: rm
Detail: Remove record(s) with given path(s) or UID(s)
Parameters:
Path or UID of record(s)
Switches:
-f, --force do not prompt
Examples:
Remove the "Twitter" record in the "social" folder. Will be prompt to enter "y" to approve.
Remove the record with the given UID and don't prompt to approve.
Remove the "Bank" record and purge it from the trash (record will not be recoverable)
Remove records "rec1" and "rec2"
Command: append-notes or an
Detail: Append to the notes of a record with a given path or UID
Parameters:
Path or UID of record
Switches:
--notes <NOTES> notes to append
Examples:
Append to the notes of the "Twitter" record in the "social" folder. Will be prompted to enter notes to add
Append to the notes of the record with the given UID with the message "Outdated as of June 2021"
Command: mkdir
Detail: Create a folder or shared folder at the given path
Parameters:
Path/name of new folder
Switches:
-sf, --shared-folder create a shared folder
-uf, --user-folder create a user folder (not shared)
-a, --all set default folder permissions to allow any user to manage users, manage records, share records, and edit records
-u, --manage-users set default folder permissions to allow all users to manage user access
-r, --manage-records set default folder permissions to allow all users to manage records
-s, --can-share set default folder permissions to allow all users to share records
-e, --can-edit set default folder permissions to allow all users to edit records
--color <{none, red, green, blue, orange, yellow, gray}> sets folder color
When adding other users or teams to a shared folder, they will be given the default permissions of that folder, unless the permission is specifically revoked or added when sharing. See the share-folder command for more details.
Examples:
Create a folder named "personal" in the existing "finance" folder. Will be prompted to create a shared folder or user folder
Create a user folder named "social"
Create a shared folder named "office-codes" with the default permissions set to allow all users to share the records in the folder
Command: rmdir
Detail: Delete a folder or shared folder given the folder's path or UID
Parameters:
Path of folder
Accepts patterns, which will remove all matching folders.
* matches everything
? matches any single character
[seq] matches any character in seq
[!seq] matches any character not in seq
Accepts multiple parameters separated by a space
Switches:
-f, --force Delete folder without prompting
-q, --quiet returns no output when used in conjunction with -f
Examples:
Delete the folder named "temporary" in the "social" folder. Will be prompted to confirm
Delete the folder with the given UID and don't prompt to confirm
Delete all folders with only letters in the name, ending in '2'
Delete the folder 'secrets' in the 'DevOps' folder, and the 'MyFolder' folder
Delete the folder with the given UID and don't show any output
Remove all folders from the Keeper Vault
Command: mv
Detail: Move a record or folder to another folder, given the record or folder's path or UID and the path or UID of the destination folder
Parameters:
Path or UID of record followed by path or UID of destination folder
mv SRC DST
SRC: the source path to folder or record. Accepts title paths, search patterns, and UIDs
DST: the destination folder name or UID to move to
Switches:
-f, --force move record or folder without prompting
-s. --can-reshare anyone can reshare records
-e, --can-edit anyone can edit records
Examples:
Move the "Twitter" record into the "social" folder
Move the record with the given UID to the root folder
Command: ln
Detail: Link a record or folder to another folder, given the record or folder's path or UID and the path or UID of the destination folder
Parameters:
Path or UID of record followed by path or UID of destination folder
ln SRC DST
SRC: the source path to folder or record. Accepts title paths, search patterns, and UIDs
DST: the destination folder name or UID to link to
Switches:
-f, --force move record or folder without prompting
-s. --can-reshare anyone can re-share records
-e, --can-edit anyone can edit records
Examples:
Link the "Twitter" record with the "social" folder
Link the record with the given UID to the root folder
Command: find-duplicate
Detail: Useful tool to help locate duplicate records in the vault based on one or more record fields.
Parameters:
Provide a list of fields to use for comparison.
Switches:
--title Match the title field to locate a duplicate
--login Match the login field to locate a duplicate
--password Match the password field to locate a duplicate
--url Match the URL field to locate a duplicate
--shares Match on share-permissions
--full Match all fields to locate a duplicate
--merge, -m Consolidate duplicate records (Note: when this flag is included, duplicate records are automatically matched on all fields, including shares)
--ignore-shares-on-merge Ignore share-permissions when matching duplicate records for merging
--force, -f Delete duplicates w/o being prompted for confirmation (valid only w/ --merge option)
--quiet, -q Suppress screen output (valid only w/ --force/--merge options)
--dry-run, -n Simulate removing duplicates (no records are ever removed or modified). Valid only w/ --merge flag
--scope, -s <enterprise, vault> Define the scope of the search (default is vault). Enterprise scope available only to enterprise account administrators with compliance data-access prvileges.
--refresh-data, -r Populate local cache with latest audit data. Valid only when used with the --scope=enterprise option.
--format <{csv, json, table}> Chose the format of the output
--output <FILENAME> Export search results to a file
Examples:
Find duplicate records based on matching titles
Find duplicate records based on matching logins and passwords
Find duplicate records based on matching logins, passwords, and website addresses
Find duplicate records by matching on all relevant fields (including custom fields and share-permissions that apply for each record)
Find duplicate records -- matching on all relevant fields (and shares) -- and consolidate them into one (i.e., delete all but one record for each set of records deemed to be duplicates of each other) per set of duplicates without prompting for confirmation prior to record deletion
Find duplicate records (matching on all fields) and simulate consolidating the results
Find duplicate records across vaults within the entire enterprise and export the search results to a CSV-formatted filed named enterprise_duplicates.csv
Command: shortcut
Detail: List or manage record shortcuts. Shortcuts are links to records in a folder other than the folder that record belongs to.
Parameters:
Command:
list <RECORD UID, FOLDER UID, PATH (optional)>: Show a list of all shortcuts. Filtered to record or folder if given
keep <RECORD OR FILE PATH> : Remove all but one shortcut
Switches:
list switches:
--format <{csv, json, table}> choose the format of the output
--output <FILENAME> file to write output results to
Examples:
Display a list of record shortcuts
Output a list of record shortcuts to a file
Output a list of record shortcuts that exist in the folder with the give UID
Remove all record shortcuts other than record at the given location
Use Case: Deleting all but one shortcut with command keep
Suppose there are multiple shortcuts for the following record, and you only want to keep the record
To keep this record only in the "key-folder2" and remove all other shortcuts, you can execute the following command:
Running the above command will prompt you to confirm the deletion of the extra shortcuts
To verify that the additional shortcuts have been deleted, you can do one of the following:
Access your web vault and observe that the shortcuts have been deleted.
Example:
In the above scenario & example, I will find only one instance of the record ksm-key1 in key-folder2
Running the shortcut list <Record UID> command will output that the record has no shortcuts
In the above scenario & example, after deleting the unwanted shortcuts, running the list command will give me the following:
Command: transform-folder
Detail: Transform a folder from a shared folder to a personal folder and vice versa
Parameters:
Folder UID or path/name (accepts multiple values)
-c, --children Apply transformation to target folder's children only (target folder will remain unchanged).
-n, --dry-run Preview the folder transformation without updating
-f, --force Skip confirmation prompt and minimize output
Examples:
For these next examples, let's assume we have a vault with the following contents and folder-structure (as shown in Keeper Shell by executing the command tree -s -r -v):
Executing the following command (from within the vault's root folder)
gives us the following transformed folder-structure (displayed tree limited to transformed folder and its contents):
2. Transform a shared-folder into a user folder
Executing the following command (from within the vault's root folder)
transform-folder "Shared Folder (Team3, Admin)"
gives us the following transformed folder-structure (displayed tree limited to transformed folder and its contents):
3. Transform a folder's children
Executing the following command (from within the vault's root folder)
transform-folder --children "Shared Items"
gives us the following transformed folder-structure (displayed tree limited to transformed folder and its contents):
For security reasons and because of current limitations on the type of folders that any given shared-folder can contain, not every folder in a given vault is necessarily eligible for transformation using the command described above. Consequently, there are certain types of folders for which this command will fail to execute. These include
user folders that contain -- either in the folder itself, or in any of its subfolders, or in any of its subfolders' subfolders, etc. -- any 1 of the following items:
a shared-folder for which the user does not have either of the following:
share-admin privileges
full share permissions ("Can Manage Users", "Can Manage Records")
a direct-share record for which the user does not have either of the following:
share-admin privileges
re-share permissions ("Can Share")
user folders contained within a shared-folder (i.e., any user folder whose parent folder, or parent folder's parent folder, etc., is a shared-folder)
Command: trash <sub command>
Detail: List or manage deleted records in the trash. Deleted records remain in the trash until purged.
Parameters:
Sub-command:
list <SEARCH PATTERN> : Show a list of all deleted records in the trash can. Filtered to record or folder if given
get <RECORD UID> : show information about deleted record with the given UID
restore <RECORD UID(S)> : restore a previously deleted record or records. Can be given several UIDs separated by a space
unshare <RECORD UID(S)>: remove shares from deleted records
purge : permanently delete all records in the trash
Switches:
list switches:
--format <{csv, json, table}> choose the format of the output
--output <FILENAME> file to write output results to
--reload refresh the list of deleted records
list examples:
Display a list of deleted records
Output a list of deleted records to a file named 'deleted.csv'
Display a list of deleted records that have a title starting with "Twitter"
get examples:
Display details of deleted record with the given UID
restore switches:
--force don't prompt when restoring
list examples:
Restore the deleted record with the given UID
Restore the deleted records with all the given UIDs
Restore the deleted records with all the given UIDs and don't prompt
unshare example:
purge examples:
purge all deleted records from the trash
Command: password-report
Detail: Display password report
Switches:
--policy <comma separated integers> Password complexity policy. Length,Lower,Upper,Digits,Special. Example: 12,2,2,2,0
--length <Number> Minimum password length
--lower <Number> Minimum lowercase characters
--upper <Number> Minimum uppercase characters
--digits <Number> Minimum digits
--special <Number> Minimum special characters
Parameters:
folder Optional. Scan for weak passwords in a folder
Examples:
Command: find-ownerless
Detail: List (and, optionally, claim) records in the user's vault that currently do not have an owner
Switches:
--format <{csv, json, table}> choose the format of the output
--output <FILENAME> file to write output results to (ignored for table format)
--claim claim records found
-v, --verbose output details for each record found
Parameters:
folder path or UID of folder to search (optional, with multiple values allowed)
Examples:
Find all the records that do not have an owner and print additional details for each record found
Claim all found records without an owner
| Naming Convention | Description |
|---|---|
Field
Description
text
text field
number
number field
login
Login field recognized by the KeeperFill
password
Password field which is masked and allows for password generation
name
First, Middle and Last text fields which make up a name
company
Plain text company name
phone
Phone number and type fields
email
Validated email address
address
Multiple fields which capture an address
addressRef
Reference to another record which is a address
date
Calendar date with validations. stored as unix milliseconds
expirationDate
Calendar date with validations. stored as unix milliseconds
birthDate
Calendar date with validations. stored as unix milliseconds
paymentCard
Validated card number, expiration, and security code fields
accountNumber
Plain text
groupNumber
Plain Text
bankAccount
Bank account information fields
cardRef
Reference to a bankCard field in another record
note
Multiline text
url
URL text field. Can be followed as a link in the Vault
fileRef
Reference to a file field in another record
host
Multiple fields which capture host information
securityQuestion
Security Question and answer text fields
pinCode
Pin which is masked
oneTimeCode
Given the TOTP seed, provides the TOTP code
keyPair
Private and public keys in ASN.1 format
licenseNumber
Multiline text input
secret
A text input that is masked
Record Type
ID
login
1
bankAccount
11
birthCertificate
19
contact
20
driverLicense
21
encryptedNotes
22
file
23
healthInsurance
24
membership
26
passport
27
photo
28
serverCredentials
29
softwareLicense
30
ssnCard
31
general
32
sshKeys
34
databaseCredentials
40
Field Name
Sub Field
Type
Field Label
login
Text
password
Text
url
Text
fileRef
oneTimeCode
Text
Field Name
Sub Field
Type
Field Label
bankAccount
accountType
'Checking | Savings | Other'
bankAccount
otherType
Text
bankAccount
routingNumber
Text
bankAccount
accountNumber
Text
name
first
Text
name
middle
Text
name
last
Text
login
Text
password
Text
url
Text
cardRef
fileRef
oneTimeCode
Text
Field Name
Sub Field
Type
Field Label
address
street1
Text
address
street2
Text
address
city
Text
address
state
Text
address
zip
Text
address
country
Text
fileRef
Field Name
Sub Field
Type
Field Label
paymentCard
cardNumber
Text
paymentCard
cardExpirationDate
Text
paymentCard
cardSecurityCode
Text
text
Text
cardholderName
pinCode
Text
addressRef
fileRef
Field Name
Sub Field
Type
Field Label
name
first
Text
name
middle
Text
name
last
Text
birthDate
Number
fileRef
Field Name
Sub Field
Type
Field Label
name
first
Text
name
middle
Text
name
last
Text
text
Text
company
email
Text
phone
region
Region
phone
number
Text
phone
ext
Text
phone
type
Home | Mobile | Work
addressRef
fileRef
Field Name
Sub Field
Type
Field Label
accountNumber
Text
dlNumber
name
first
Text
name
middle
Text
name
last
Text
birthDate
Number
addressRef
expirationDate
Number
fileRef
Field Name
Sub Field
Type
Field Label
note
Text
date
Number
fileRef
Field Name
Sub Field
Type
Field Label
fileRef
Field Name
Sub Field
Type
Field Label
accountNumber
Text
name
first
Text
insuredsName
name
middle
Text
insuredsName
name
last
Text
insuredsName
login
Text
password
Text
url
Text
fileRef
Field Name
Sub Field
Type
Field Label
accountNumber
Text
name
first
Text
name
middle
Text
name
last
Text
password
Text
fileRef
Field Name
Sub Field
Type
Field Label
accountNumber
Text
passportNumber
name
first
Text
name
middle
Text
name
last
Text
birthDate
Number
addressRef
expirationDate
Number
date
Number
dateIssued
password
Text
fileRef
Field Name
Sub Field
Type
Field Label
fileRef
Field Name
Sub Field
Type
Field Label
host
hostName
Text
host
port
Text
login
Text
password
Text
fileRef
Field Name
Sub Field
Type
Field Label
licenseNumber
Text
expirationDate
Number
date
Number
dateActive
fileRef
Field Name
Sub Field
Type
Field Label
accountNumber
Text
identityNumber
name
first
Text
name
middle
Text
name
last
Text
fileRef
Field Name
Sub Field
Type
Field Label
login
Text
password
Text
url
Text
oneTimeCode
Text
fileRef
Field Name
Sub Field
Type
Field Label
login
Text
keyPair
Text
host
hostName
Text
host
port
Unknown - Text
fileRef
secret
Text
Field Name
Sub Field
Type
Field Label
text
Text
type
host
hostName
Text
host
port
Text
login
Text
password
Text
fileRef
Command
Explanation
list or l
List all records or search via a regular expression.
search or s
Search all records via a regular expression.
ls
List folder contents
tree
Display entire folder structure as a tree
cd
Change current folder
get or g
Retrieve and display a Keeper Record/Folder/Team in printable or JSON format.
Display the specified Keeper Record password field to the system output
Copy the specified Keeper Record password field to the clipboard or send to stdout
record-history or rh
Show the history or a record's modifications
Display the Two Factor code for a given record, or show a list of records with Two Factor codes if no record is specified
Download all attachments of a specified record
Upload and attach a file to a given record
Delete an attachment from a given record
file-report
Show a report of all the files that you have access to in the vault
list-sf or lsf
Show details about all shared folders in the vault
list-team or lt
List all teams that you have access to
add or a
Deprecated: use record-add
record-add or ra
Add a record
edit
Deprecated: use record-update
record-update or ru
Edit an existing record
Remove a record
append-notes or an
Append notes to a record
Create a folder or shared folder
rmdir
Remove a folder or shared folder and its contents
mv
Move a record to or folder
ln
Create a link between records or folders
Locate duplicate records in the vault (or several) based on specified attributes and fields.
shortcut
List or manage record shortcuts
transform-folder
Transform a folder from a shared folder to a personal folder and vice versa
trash
List and manage deleted records in the trash
Display password report
List (and, optionally, claim) records in the vault that currently do not have an owner
$AttachmentFileName
By default, all downloaded attachments will retain their original name.
If a record contains the attachment "file.txt", the name of the downloaded attachment will be: file.txt
$AttachmentFileName($RecordUUID).$AttachmentFileNameExtension
This is the naming convention for duplicates.
If a record contains two attachments with the same name (i.e "file.txt") or the output directory already contains a file with the same name, the naming convention of the downloaded attachments will be:
file.txt and file(Lw7K5ah3LjP5uVkhkrSzrw).txt
$AttachmentFileName($AttachmentUUID).$AttachmentFileNameExtension
For duplicates, if the naming convention in the above row is used, then the AttachmentUUID will be used instead of RecordUUID.
In the given examples for the row above, downloading file.txt will use the attachmentUUID instead of the recordUUID:
file(Bu2WLg-7eqWPhO-NW18lgw).txt
$RecordName-$AttachmentFileName
If the switch --record-title is passed, the record name will be appended to downloaded attachment file. This also applies to duplicates.
For a record named "Record1" with the attachment "file.txt", the naming convention will be:
Record1-file.txt
