Password Rotation Commands

Commands for performing password rotations on target systems.

Keeper has also launched a zero-trust Password Rotation feature with KeeperPAM. This new capability is recommended for most password rotation use cases. The Documentation is linked below:

Rotation Commands

Keeper Command Reference

Whether using the interactive shell, CLI or JSON config file, Keeper supports the following commands, each command supports additional parameters and options.

To get help on a particular command, run:

help <command>

Command

Explanation

rotate or r

Rotate the password in a record

set

Set environment variables that can be used for substitution within other commands or arguments

echo

Display environmental variables

rotate command:

Command: rotate or r

Detail: Rotate a record's password

To be eligible for rotation, a record must have the custom field 'cmdr:plugin'='noop'

Parameters:

Record name or UID to rotate

Switches:

--print display updated record content after rotation

--match <REGULAR EXPRESSION> select all records that match this expression to rotate

--password <NEW PASSWORD> sets a new password. Commander generates random password if switch omitted. Ignored when passwords are rotated with --match parameter.

Examples:

rotate servers/dev
rotate BhRRhjeL4armInSMqv2_zQ --print
rotate --match [0-z]*\machine
rotate BhRRhjeL4armInSMqv2_zQ --password "XXX"
  1. Rotate the password of the record titled "dev" in the "servers" folder

  2. Rotate the password of the record with the given UID

  3. Rotate the password of all records that end with "machine" (Using regex)

  4. Rotate the password of the give record UID with the specific password provided

For more information and examples see Connection to hosts documentation

set command:

Command: set

Detail: Set an environment variable

Parameters:

environment name, value to set

format:

set <name> <value>

Examples:

set MySecret XXX

Set the MySecret variable to XXX

echo command:

Command: echo

Detail: Display environmental variables

Parameters:

argument to display (optional)

format:

echo ${<variable>}

If no argument is given, all environment variables are shown

Examples:

echo
echo ${MySecret}
  1. Display all currently set environment variables

  2. Display the value for the MySecret variable

Last updated