Universal Secrets Sync using Commander

Performing USS through Keeper Commander CLI

Overview

In this guide, you will learn how to sync resources within your target cloud secret infrastructure using USS with Keeper Commander.

Prerequisites

Prior to using USS on Commander, make sure to review the Universal Secrets Sync Basics documentation.

Note that using Commander to initiate a sync should only be necessary if Dry run is selected in the USS settings of the corresponding PAM cloud configuration. Otherwise, USS will run automatically.

Starting Commander

Login to Keeper Commander CLI using the keeper shell command.

$ keeper shell

List the Configurations

Run the command pam config list or pam c l command to list all configurations

My Vault> pam config list
UID                     Config Name                   Config Type              Shared Folder                                              Gateway UID             Resource Record UIDs
----------------------  ----------------------------  -----------------------  ---------------------------------------------------------  ----------------------  ----------------------
qZkz5qoShpQL2J_TKurbRw  AWS USS Configuration         pamAwsConfiguration      AWS USS Folder - Users (yEW84228pFIEsbHPokxGjg)            Wu6-vzjOSJKOs3xGvmO74w
BtRLYDwx0AtvN2kaMbS-gQ  AWS USS Configuration IE      pamAwsConfiguration      AWS USS Folder - Users (yEW84228pFIEsbHPokxGjg)            Wu6-vzjOSJKOs3xGvmO74w
Fp_Nt9sI-fjd4n4jhOdMrw  Azure USS Configuration       pamAzureConfiguration    AWS USS Folder - Users (yEW84228pFIEsbHPokxGjg)            Wu6-vzjOSJKOs3xGvmO74w
e-oiP-gCEeatNVpLrVZ6Tg  GCP PAM Config                pamGcpConfiguration      Local Gateway Folder - Resources (KBfF0jOvPg6FxOZyz2xNzA)  1MX6ZTJPQWmHF1S_CRQ3Gw
VjFRx3_0kMyedeAKuQSpcQ  GCP USS Configuration         pamGcpConfiguration      AWS USS Folder - Users (yEW84228pFIEsbHPokxGjg)            Wu6-vzjOSJKOs3xGvmO74w
mzkHNi21uEB8bpxa228bjw  Local Gateway Configuration   pamNetworkConfiguration  Local Gateway Folder - Users (jkj1rVit39QcJJM70lMCDQ)      1MX6ZTJPQWmHF1S_CRQ3Gw
My Vault>

The Configuration UID is required to start the sync process.

Start Sync Job

Run the pam universal-sync-run command to start a sync job. The configuration UID must be provided with the -n option.

Commander Reference

Keeper Commander provides many advanced capabilities for managing gateways, configurations, rotations and discovery. See the KeeperPAM Commands for a list of all available options.

Last updated