CLI Provisioning with Commander SDK

Keeper Commander is an open-source Python SDK which can perform many vault and administrative functions within the Keeper system.

Keeper supports API-based provisioning through the use of our Python-based Keeper Commander SDK. The Keeper Commander SDK is open source Python code that is available for download from Keeper's Github Repository. The Commander SDK can assist in the following use cases:

  • Command line access to your Keeper vault

  • Importing passwords, folders and shared folder

  • Provisioning users and teams

  • Pushing records to users and teams

  • Sharing records and folders with users and teams

  • Performing targeted password rotation

  • Connecting to servers via SSH and RDP

Since Keeper Commander is an open source SDK and written in Python, it can be customized to meet your needs and integrated into your back-end systems.

For more information about Keeper Commander, visit: https://docs.keeper.io/secrets-manager/commander-cli/overview

Command-line Usage

Commander's command-line interface and interactive shell is a powerful and convenient way to access and control your Keeper vault and perform many administrative operations. To see all available commands, just type:

$ keeper
usage: keeper [--server SERVER] [--user USER] [--password PASSWORD]
[--version] [--config CONFIG] [--debug]
[command] [options [options ...]]
positional arguments:
command Command
options Options
optional arguments:
--server SERVER, -ks SERVER
Keeper Host address.
--user USER, -ku USER
Email address for the account.
--password PASSWORD, -kp PASSWORD
Master password for the account.
--version Display version
--config CONFIG Config file to use
--debug Turn on debug mode

Interactive Shell

To run a series of commands and stay logged in, you will enjoy using Commander's interactive shell.

$ keeper shell
_ __
| |/ /___ ___ _ __ ___ _ _
| ' </ -_) -_) '_ \/ -_) '_|
|_|\_\___\___| .__/\___|_|
|_|
password manager & digital vault
Logging in...
Syncing...
Decrypted [400] Records
My Vault>

Type h to display all commands and help information.

Keeper Command Reference

Commander has hundreds of features. Specifically with regards to User and Team provisioning, the following commands are relevant:

  • create-user

  • enterprise-info

  • enterprise-node

  • enterprise-user

  • enterprise-role

  • enterprise-team

  • enterprise-push

  • team-approve

Example with create-user:

My Vault> create-user -h
usage: create-user [-h] [--name NAME] [--node NODE] email
Send an invitation to the user to join Keeper
positional arguments:
email email
optional arguments:
-h, --help show this help message and exit
--name NAME user name (enterprise only)
--node NODE node name or node ID (enterprise only)
My Vault> create-user --name "Mary Jane" [email protected]
User '[email protected]' create and added to the enterprise

Each command supports additional parameters and options. To get help on a particular command, use the -hflag.

Note: Some commands accept record or shared folder UID parameter. UID values may start with dash character (-) that is interpreted by command parser as an option. To pass a parameter starting with dash separate this parameter with two dashes (--). rmdir -- -Gd9l4daPw-fMd

For more Commander documentation, see the link below: https://docs.keeper.io/secrets-manager/commander-cli/overview