Creating Vault Records

A Keeper record can be any password, file or secret information that is stored in your encrypted vault. When every new user signs up to the Keeper platform, they are walked through a step-by-step guide to import existing passwords from their web browser, other password manager or file upload. The user is also walked through the process of creating records manually through their desktop computer.

Users can create new vault records many different ways including:

  • Manual creation on the Desktop App, Web Vault, Browser Extensions or Mobile App

  • Import from another password manager like Keepass, LastPass, Dashlane or 1Password

  • Import from a .CSV flat file

  • Automated LastPass transfer

  • Command-line and automated SDK

Automatic Browser Import

Keeper's Import Tool will seamlessly import passwords that are stored in Chrome, Firefox, Edge and IE web browsers on your computer. From the Web Vault or Desktop App, select More > Import then select Start Import.

Import from Password Managers

Keeper supports drag-and-drop import of files from other password managers or text files. From the Web Vault or Keeper Desktop app, select More > Import and then select the file format. Select on the ? next to Import Instructions for a step by step guide to generating the proper file from the original password manager.

Automated Import from LastPass

Keeper's Desktop Application supports an automated transfer of vault records from LastPass to Keeper. To perform an import, follow these steps:

  • Download Keeper Desktop from:

  • Login to Keeper Desktop using your email and master password.

  • Click on your account email in the upper right-hand corner.

  • Click Settings > Import

  • Choose LastPass

  • Input your LastPass Email and Password and click Next

Bulk Import from .CSV File

File Format: Folder, Title, Login, Password, Website Address, Notes, Shared Folder, Custom Fields

  • To specify subfolders, use backslash "\" between folder names

  • To make a shared folder specify the name or path to it in the 7th field

Example 1: Create a regular folder at the root level with 2 custom fields

  • My Business Stuff,Twitter,,123456,,These are some notes,API Key,5555,Date Created, 2018-04-02

Example 2: Create a shared subfolder inside another folder with edit and re-share permission

  • Personal,Twitter,,123456,,,Social Media#edit#reshare

In the preview screen, select the column header above each line to map the columns to the Keeper field.

Manual Record Creation

From any Keeper Vault application, select Create New > Record to add a record. When creating a record, a user may select the Dice icon to generate a strong password - with the ability to change the number of characters and if symbols, numbers, and capital letters are included. The Title is the only required field when saving a record.

Import from Commander SDK

The Keeper Commander SDK provides command-line or scripted capabilities to import records and folders into your Keeper Vault. Supported import formats are JSON, CSV, and Keepass.

  • JSON import files can contain records, folders, subfolders, shared folders, default folder permissions and user/team permissions.

  • CSV import files contain records, folders, subfolders, shared folders and default shared folder permissions.

  • Keepass files will transfer records, file attachments, folders and subfolders.

Most features available in the Keeper Admin Console are available through Commander's interactive shell and SDK interface. For more information, go to Keeper's Github Repository.

Learn more about Keeper Commander at

Browser Extension

The Keeper Browser Extension for Chrome, Firefox, Safari, Edge and Internet Explorer browsers can be used to dynamically add records to your vault and Autofill passwords.

Download and install the Keeper Browser Extension from

Features of Browser Extension:

  • Create New records From any website login screen, select Create New Record and then fill in the appropriate fields. Select the check mark to save the record and autofill the login and password.

Prompt to Login & Fill If you're logged out of Keeper, you'll be reminded to sign in to Keeper when visiting a website login screen. When visiting a website login screen, Keeper will ask you to automatically login with your saved password.

Auto Submit After autofilling your login, Keeper will automatically submit the website form and login to the website.

Prompt to Change On Change password web pages, Keeper will automatically generate a new password and fill old and new password fields.

Step 1
Step 2
Step 3
Step 4
Step 5
Step 1
Step 2
Step 3
Step 4
Step 5
  1. Navigate to the change password page. Keeper will prompt you if you would like help changing your password. Click Yes.

  2. Click on the lock icon from the old or current password field. Click Next.

  3. Click on the lock icon from every new password field. Click Next.

  4. Verify Current and New Passwords and Save your changes.

  5. Keeper will ask you to now to submit the password changes on the website.

Keeper Record Fields

A Keeper record is made up of the following fields:

  • Title

  • Login / Username

  • Password

  • Website Address The Website Address is required to Autofill forms in websites. For security reasons, the website address (e.g. must match the website that you are visiting.

  • Custom Fields Designating Custom Fields takes away the pain of having to manually copy and paste your information into websites. For example, if you have a website like this one from the Bank of Melbourne, it requires a Card/Access Number field, Security Number and Password. Corresponding the website field title and the Custom Field Name will allow Keeper to auto-fill these fields with their values. Custom Fields may also allow the user to use the same record for multiple websites. For example, if a user has the same login and password for and, the user may add the website address in the Custom Field Value and that single record will now recognize two different website logins. This allows the user to not have to create a record for each website where that username and password are used.

  • File Attachments File attachments can be any type of file, photo, video or other documents. An unlimited number of files can be attached to any Keeper vault record. File storage is an add-on subscription. If file storage is disabled, please contact your Keeper administrator or email

  • Two-Factor Codes Keeper can protect and generate 2FA codes for any website or service that supports the use of TOTP (Time-Based One-Time-Passwords).

  • Notes Any free-form notes can be protected in this field such as access instructions or confidential documentation.

Individual Record Sharing

Keeper records can be shared on an individual basis to other Keeper users. Keeper sharing technology uses secure RSA encryption to exchange the individual record keys. Therefore, in order to share or transfer a record to another user, the recipient must first have a Keeper account. Attempting to share to a user without a Keeper account will invite them to the platform. For more detailed information, visit Keeper's Security Architecture. To share a Keeper record with another user, select Options > Share and then type in the email address of the recipient (or select from previously shared users). Edit and re-share permission can be applied to any shared records. Role enforcement policies can be applied from the Keeper Admin Console to control the ability for records to be shared. Only the owner of a record is able to delete a record. A non-owner may see a Delete button but this will only remove the record from the non-owner's vault. When the owner of a record deletes it from their vault, it will delete it from everyone's vault and across the system.

Individual Record Sharing

Transfer Ownership

Record ownership can be transferred to another Keeper user. To perform a transfer, select Options > Share and then type in or select the email address of the recipient. Select Transfer Ownership from the sharing permission drop-down. Note that after transferring record ownership, the record will no longer be accessible from your vault.

Transfer Ownership

Bulk Record Push from Admin

Through the use of Keeper Commander, records can be pushed to users in bulk.

Example usage of the "enterprise-push" command:

enterprise-push --team "Engineering Admins" push.json
enterprise-push --email push.json

The "push.json" file is structured an an array of password objects. For example:

"title": "Google",
"login": "${user_email}",
"password": "${generate_password}",
"login_url": "",
"notes": "",
"custom_fields": {
"Name 1": "Value 1",
"Name 2": "Value 2"
"title": "Admin Tool",
"login": "${user_email}",
"password": "",
"login_url": "",
"notes": "",
"custom_fields": {

Supported template parameters:

${user_email} User email address
${generate_password} Generate random password
${user_name} User full name

For more information about Keeper Commander please see the Github Page

Version History

Every record created by a user is automatically backed up through the Keeper Cloud Security Vault architecture. Every record change is also backed up and a record version is created upon each change event. Each record is identified by a record UID and each record can have an unlimited number of version identifiers. Version History is a critical capability to ensure that a password, record change is never lost by accident. Version History also ensures that a deleted record can be recovered. When a record is deleted by the record owner, the record is moved in the Deleted Records trash bin. Records will remain in this location until the record owner explicitly empties the trash bin. Users can view the Version History of any Keeper record by accessing the Keeper Web Vault or Keeper Desktop. Select the record, then select Options and Record History.

Data Export

Keeper Web Vault and Keeper Desktop applications also include an Export capability which can be enabled by the Keeper Administrator. Exporting records from your vault can serve as a backup mechanism, however this does not retain any information about sharing relationships, folder structure or file attachments. If Export is allowed by the Keeper Administrator, we recommend that the customer stores the exported files in a secure location on an encrypted file system. The security and encryption model of Keeper purposely does not permit a Keeper Administrator to export user vaults. A user must be authorized on a Keeper record via the Team or User sharing capability in order to access and export vault information.

Offline Mode

Offline Mode allows users to have access to their vault from a web browser when they are not able to connect online to Keeper or to their SSO (if they have one). Note that “thick clients” such as desktop and mobile phones already have this capability, but now it is extended to users operating from browsers.

The capability works by making a copy of your online vault to your local device. The vault data is stored in an encrypted format which is only accessible if the user provides their Master Password.

Multiple users can share a single device (e.g. a laptop PC) and all will have their vault stored safely on that PC when offline.

User Device Setup

User’s devices (e.g. laptops that might not have offline access) will need to be “primed” with a cache of their vault by logging into with an online connection at least once. A mirror copy of their vault will be replicated to that device once done.

User Login & Vault status

User’s will know if their vault is available when offline via a “lightning bolt” icon indicating it has been loaded on that device when they will have access to their vault if offline. If the icon is not present then that device will need to be setup as described above.

The "x" next to the user's email address allows a user to delete their local copy of their vault from the device.

Once logged in the user will know if they are offline by an “Offline Mode” text notice at that bottom of their vault.

Not all vault features are available online, it is "read only. For instance users can't create any new vault content such as record or folders when offline. When such a limitation occurs then a notice message will be displayed.

If being used with an SSO Account

If the SSO is not available (e.g. if offline), then click on “Login with Master Password” to get access to the offline vault.

Note: that the user can access to their vault via the Master Password even if they are online

The Master Password has to be setup by the user for this to be available via this Settings screen:

See Role Enforcement Policies - Account Settings to restrict Offline Access.