エンドポイント特権マネージャーコマンド
Keeperエンドポイント特権マネージャー (PEDM) 機能を制御するコマンド
概要
エンドポイント特権マネージャーは、高度な特権昇格および委任管理 (PEDM) ソリューションであり、IT環境全体で安全かつ必要なときにのみ特権アクセスを付与します。
pedmコマンド
コマンド
pedm
詳細
Keeperエンドポイント特権マネージャーのデプロイ、エージェント、ポリシー、コレクション、承認を管理します。
My Vault> pedm -h
pedm command [--options]
Command Description
---------- ------------------------------------
sync-down Sync down PEDM data from the backend
deployment Manage PEDM deployments
agent Manage PEDM agents
policy Manage PEDM policies
collection Manage PEDM collections
approval Manage PEDM requests and approvalsサブコマンド
sync-down
deployment
agent
policy
collection
approval
サブコマンド: sync-down
詳細
バックエンドからPEDMデータを同期します。
My Vault> pedm sync-down -h
usage: sync-down [-h] [--reload]
Sync down PEDM data from the backend
options:
-h, --help show this help message and exit
--reload Perform full syncサブコマンド: deployment
詳細
PEDMデプロイを管理します。
My Vault> pedm deployment -h
pedm command [--options]
Command Description
--------- --------------------------------
list List PEDM deployments
add Add PEDM deployments
edit Update PEDM deployment
delete Delete PEDM deployment
download Download PEDM deployment packagelist
My Vault> pedm deployment list -h
usage: list [-h] [--format {table,csv,json,pdf}] [--output OUTPUT] [-v]
List PEDM deployments
options:
-h, --help show this help message and exit
--format {table,csv,json,pdf}
format of output
--output OUTPUT path to resulting output file (ignored for "table" format)
-v, --verbose print verbose informationadd
My Vault> pedm deployment add -h
usage: add [-h] [-f] [--spiffe-cert SPIFFE] name
Add PEDM deployments
positional arguments:
name Deployment name
options:
-h, --help show this help message and exit
-f, --force do not prompt for confirmation
--spiffe-cert SPIFFE File containing SPIFFE server certificateedit
My Vault> pedm deployment edit -h
usage: update [-h] [--disable {on,off}] [--spiffe-cert SPIFFE] [--name NAME] DEPLOYMENT
Update PEDM deployment
positional arguments:
DEPLOYMENT Deployment name or UID
options:
-h, --help show this help message and exit
--disable {on,off} do not prompt for confirmation
--spiffe-cert SPIFFE File containing SPIFFE server certificate
--name NAME Deployment namedelete
My Vault> pedm deployment delete -h
usage: delete [-h] [-f] DEPLOYMENT [DEPLOYMENT ...]
Delete PEDM deployment
positional arguments:
DEPLOYMENT Deployment name or UID
options:
-h, --help show this help message and exit
-f, --force do not prompt for confirmationdownload
My Vault> pedm deployment download -h
usage: download [-h] [--file FILE] DEPLOYMENT
Download PEDM deployment package
positional arguments:
DEPLOYMENT Deployment name or UID
options:
-h, --help show this help message and exit
--file FILE File nameサブコマンド: agent
詳細
PEDMエージェントを管理します。
My Vault> pedm agent -h
pedm command [--options]
Command Description
---------- -------------------------
list List PEDM agents
edit Update PEDM agents
delete Delete PEDM agents
collection List PEDM agent resourceslist
My Vault> pedm agent list -h
usage: list [-h] [--format {table,csv,json,pdf}] [--output OUTPUT] [-v]
List PEDM agents
options:
-h, --help show this help message and exit
--format {table,csv,json,pdf}
format of output
--output OUTPUT path to resulting output file (ignored for "table" format)
-v, --verbose print verbose informationedit
My Vault> pedm agent edit -h
usage: update [-h] [--enable {on,off}] [--deployment DEPLOYMENT] agent [agent ...]
Update PEDM agents
positional arguments:
agent Agent UID(s)
options:
-h, --help show this help message and exit
--enable {on,off} Enables or disables agents
--deployment DEPLOYMENT
Moves agent to deploymentdelete
My Vault> pedm agent delete -h
usage: update [-h] [--force] agent [agent ...]
Delete PEDM agents
positional arguments:
agent Agent UID(s)
options:
-h, --help show this help message and exit
--force do not prompt for confirmationcollection
My Vault> pedm agent collection -h
usage: list [-h] [--format {table,csv,json,pdf}] [--output OUTPUT] [-v] [--type TYPE] agent
List PEDM agent resources
positional arguments:
agent Agent UID
options:
-h, --help show this help message and exit
--format {table,csv,json,pdf}
format of output
--output OUTPUT path to resulting output file (ignored for "table" format)
-v, --verbose print verbose information
--type TYPE collection type filterサブコマンド: policy
詳細
PEDMポリシーを管理します。
My Vault> pedm policy -h
pedm command [--options]
Command Description
--------- ----------------------------
list List PEDM policies
add Add PEDM policy
edit Edit PEDM policy
view View PEDM policy
agents Show agents for policies
assign Assign collections to policy
delete Delete PEDM policylist
My Vault> pedm policy list -h
usage: list [-h] [--format {table,csv,json,pdf}] [--output OUTPUT]
List PEDM policies
options:
-h, --help show this help message and exit
--format {table,csv,json,pdf}
format of output
--output OUTPUT path to resulting output file (ignored for "table" format)add
My Vault> pedm policy add -h
usage: add [-h] [--user-filter USER_FILTER] [--machine-filter MACHINE_FILTER] [--app-filter APP_FILTER] [--date-filter DATE_FILTER]
[--time-filter TIME_FILTER] [--day-filter DAY_FILTER] [--risk-level RISK_LEVEL]
[--policy-type {elevation,file_access,command,least_privilege}] [--policy-name POLICY_NAME]
[--control {allow,deny,audit,notify,mfa,justify,approval}] [--status {enforce,monitor,monitor_and_notify}] [--enable {on,off}]
Add PEDM policy
options:
-h, --help show this help message and exit
--user-filter USER_FILTER
Policy user filter. User collection UID or *
--machine-filter MACHINE_FILTER
Policy machine filter. Machine collection UID
--app-filter APP_FILTER
Policy application filter. Application collection UID
--date-filter DATE_FILTER
Policy date filter. Date range in ISO format. YYYY-MM-DD:YYYY-MM-DD
--time-filter TIME_FILTER
Policy time filter. Time. 24 hours format: HH:MM-HH:MM
--day-filter DAY_FILTER
Policy day filter. Day of Week
--risk-level RISK_LEVEL
Policy risk level
--policy-type {elevation,file_access,command,least_privilege}
Policy type
--policy-name POLICY_NAME
Policy name
--control {allow,deny,audit,notify,mfa,justify,approval}
Policy controls
--status {enforce,monitor,monitor_and_notify}
Policy Status
--enable {on,off} Enables or disables policyedit
My Vault> pedm policy edit -h
usage: edit [-h] [--user-filter USER_FILTER] [--machine-filter MACHINE_FILTER] [--app-filter APP_FILTER] [--date-filter DATE_FILTER]
[--time-filter TIME_FILTER] [--day-filter DAY_FILTER] [--risk-level RISK_LEVEL] [--policy-name POLICY_NAME]
[--control {allow,deny,audit,notify,mfa,justify,approval}] [--status {enforce,monitor,monitor_and_notify}] [--enable {on,off}]
policy
Edit PEDM policy
positional arguments:
policy Policy UID
options:
-h, --help show this help message and exit
--user-filter USER_FILTER
Policy user filter. User collection UID or *
--machine-filter MACHINE_FILTER
Policy machine filter. Machine collection UID
--app-filter APP_FILTER
Policy application filter. Application collection UID
--date-filter DATE_FILTER
Policy date filter. Date range in ISO format. YYYY-MM-DD:YYYY-MM-DD
--time-filter TIME_FILTER
Policy time filter. Time. 24 hours format: HH:MM-HH:MM
--day-filter DAY_FILTER
Policy day filter. Day of Week
--risk-level RISK_LEVEL
Policy risk level
--policy-name POLICY_NAME
Policy name
--control {allow,deny,audit,notify,mfa,justify,approval}
Policy controls
--status {enforce,monitor,monitor_and_notify}
Policy Status
--enable {on,off} Enables or disables policyview
My Vault> pedm policy view -h
usage: view [-h] [--format {table,json}] [--output OUTPUT] policy
View PEDM policy
positional arguments:
policy Policy UID or name
options:
-h, --help show this help message and exit
--format {table,json}
format of output
--output OUTPUT path to resulting output file (ignored for "table" format)agents
My Vault> pedm policy agents -h
usage: agent [-h] policy [policy ...]
Show agents for policies
positional arguments:
policy Policy UID or name
options:
-h, --help show this help message and exitassign
My Vault> pedm policy assign -h
usage: assign [-h] [-c COLLECTION] policy [policy ...]
Assign collections to policy
positional arguments:
policy Policy UID or name
options:
-h, --help show this help message and exit
-c, --collection COLLECTION
Collection UIDdelete
My Vault> pedm policy delete -h
usage: delete [-h] policy [policy ...]
Delete PEDM policy
positional arguments:
policy Policy UID or name
options:
-h, --help show this help message and exitサブコマンド: collection
詳細:
PEDMコレクションを管理します。
My Vault> pedm collection -h
pedm command [--options]
Command Description
---------- -----------------------------------
list List PEDM collections
view Show PEDM collection details
add Creates PEDM collections
update Update PEDM collection
delete Delete PEDM collections
connect Link values to PEDM collection
disconnect Unlink values from PEDM collections
wipe-out Wipe out PEDM collectionslist
My Vault> pedm collection list -h
usage: list [-h] [--format {table,csv,json,pdf}] [--output OUTPUT] [-v] [--type TYPE] [--pattern PATTERN]
List PEDM collections
options:
-h, --help show this help message and exit
--format {table,csv,json,pdf}
format of output
--output OUTPUT path to resulting output file (ignored for "table" format)
-v, --verbose print verbose information
--type TYPE collection type filter
--pattern PATTERN collection search patternview
My Vault> pedm collection view -h
usage: view [-h] [--format {table,csv,json,pdf}] [--output OUTPUT] [-v] [--link LINK] collection [collection ...]
Show PEDM collection details
positional arguments:
collection Collection UID
options:
-h, --help show this help message and exit
--format {table,csv,json,pdf}
format of output
--output OUTPUT path to resulting output file (ignored for "table" format)
-v, --verbose print verbose information
--link LINK Show link detailsadd
My Vault> pedm collection add -h
usage: add [-h] [--type TYPE] collection [collection ...]
Creates PEDM collections
positional arguments:
collection Collection name
options:
-h, --help show this help message and exit
--type TYPE collection typeupdate
My Vault> pedm collection update -h
usage: update [-h] [--type TYPE] --name NAME collection
Update PEDM collection
positional arguments:
collection Collection
options:
-h, --help show this help message and exit
--type TYPE collection type (optional)
--name NAME Collection namedelete
My Vault> pedm collection delete -h
usage: delete [-h] [-f] collection [collection ...]
Delete PEDM collections
positional arguments:
collection Collection or @orphan_resource
options:
-h, --help show this help message and exit
-f, --force do not prompt for confirmationdisconnect
My Vault> pedm collection disconnect -h
usage: unlink [-h] [--collection COLLECTION] [-f] links [links ...]
Unlink values from PEDM collections
positional arguments:
links UIDs to unlink
options:
-h, --help show this help message and exit
--collection, -c COLLECTION
Parent collection UID or name
-f, --force do not prompt for confirmationwipe-out
My Vault> pedm collection wipe-out -h
usage: wipe-out [-h] [--type TYPE]
Wipe out PEDM collections
options:
-h, --help show this help message and exit
--type TYPE collection typeサブコマンド: approval
詳細
PEDMリクエストと承認を管理します。
My Vault> pedm approval -h
pedm command [--options]
Command Description
--------- -----------------------------
list List PEDM approval requests
action Modify PEDM approval requestslist
現在保留中の承認の一覧を取得します。
My Vault> pedm approval list -h
usage: list [-h] [--format {table,csv,json,pdf}] [--output OUTPUT] [--type {approved,denied,pending}]
List PEDM approval requests
options:
-h, --help show this help message and exit
--format {table,csv,json,pdf}
format of output
--output OUTPUT path to resulting output file (ignored for "table" format)
--type {approved,denied,pending}
approval type filterアクション
リクエストに対して承認、削除、拒否などの操作を実行します。
My Vault> pedm approval action -h
usage: action [-h] [--approve APPROVE] [--deny DENY] [--remove REMOVE]
Modify PEDM approval requests
options:
-h, --help show this help message and exit
--approve APPROVE Request UIDs for approval
--deny DENY Request UIDs for denial
--remove REMOVE Request UIDs for removal. UID, @approved, @denied, @pending最終更新