# PAM Rotation Info JSON

## PAM Rotation Info — JSON Output

The `pam rotation info` command now supports `--format json` for machine-readable output, enabling use in CI/CD pipelines, declarative tooling, and scripts that consume rotation status programmatically.

> **Applies to:** Keeper Commander 17.3+ (PR #2003, merged 2026-04-30)

***

### Syntax

```
pam rotation info -r <record-uid> [--format table|json] [--output <file>]
```

### Options

| Option                 | Description                                      |
| ---------------------- | ------------------------------------------------ |
| `-r <uid>`             | UID of the PAM record to query rotation info for |
| `--format table\|json` | Output format. Default: `table`                  |
| `--output <file>`      | Write output to a file instead of stdout         |

***

### Table output (default)

Standard human-readable output, unchanged from previous versions.

```
My Vault> pam rotation info -r a1b2c3d4
Status:           Online
Ready to rotate:  Yes
PAM Config UID:   f6e5d4c3...
Gateway:          prod-gateway-01
Schedule:         cron (0 3 * * *)
...
```

***

### JSON output

When `--format json` is passed, the command returns a structured JSON object to stdout (or the file specified by `--output`).

```
My Vault> pam rotation info -r a1b2c3d4 --format json
```

#### Online status — full JSON schema

```json
{
  "status": "Online",
  "ready_to_rotate": true,
  "pam_config_uid": "f6e5d4c3...",
  "node_id": 12345,
  "gateway_name": "prod-gateway-01",
  "gateway_uid": "9a8b7c6d...",
  "admin_resource_uid": "1a2b3c4d...",
  "password_complexity": 3,
  "password_complexity_detail": "12+ chars, upper, lower, digit, symbol",
  "schedule_type": "cron",
  "schedule_data": "0 3 * * *",
  "disabled": false,
  "script_name": null
}
```

#### Non-online status — minimal JSON schema

When the record is not reachable or not configured for rotation:

```json
{
  "status": "Offline",
  "ready_to_rotate": false
}
```

#### JSON field reference

| Field                        | Type           | Description                                             |
| ---------------------------- | -------------- | ------------------------------------------------------- |
| `status`                     | string         | Rotation gateway status (e.g. `Online`, `Offline`)      |
| `ready_to_rotate`            | boolean        | Whether the record is ready for an immediate rotation   |
| `pam_config_uid`             | string         | UID of the associated PAM configuration                 |
| `node_id`                    | integer        | Enterprise node ID                                      |
| `gateway_name`               | string         | Display name of the connected gateway                   |
| `gateway_uid`                | string         | UID of the connected gateway record                     |
| `admin_resource_uid`         | string         | UID of the admin credential used for rotation           |
| `password_complexity`        | integer        | Complexity level (1–4)                                  |
| `password_complexity_detail` | string         | Human-readable complexity description                   |
| `schedule_type`              | string         | `cron`, `interval`, or `manual`                         |
| `schedule_data`              | string         | Schedule definition (cron expression or interval value) |
| `disabled`                   | boolean        | Whether rotation is currently disabled on this record   |
| `script_name`                | string \| null | Post-rotation script name, if configured                |

***

### Examples

#### Write JSON to a file

```
My Vault> pam rotation info -r a1b2c3d4 --format json --output /tmp/rotation-status.json
```

#### Shell pipeline — check readiness

```bash
keeper pam rotation info -r a1b2c3d4 --format json \
  | python3 -c "import json,sys; d=json.load(sys.stdin); sys.exit(0 if d['ready_to_rotate'] else 1)"
echo "Exit: $?"
```

#### Audit all records in a folder (using `pam rotation info` per UID)

```bash
for uid in $(keeper pam project list --format json | jq -r '.[].uid'); do
  keeper pam rotation info -r "$uid" --format json >> /tmp/rotation-audit.jsonl
done
```

***

### Notes

* `--format json` is available on both `pam rotation info` (v2 router) and the legacy `pam rotation info` (v1 endpoint) — both return the same schema.
* When `--output` is used with `--format json`, the file is written as pretty-printed JSON.
* Table output is preserved unchanged; `--format json` is additive.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.keeper.io/keeperpam/commander-cli/command-reference/keeperpam-commands/pam-rotation-info-json.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.