> For the complete documentation index, see [llms.txt](https://docs.keeper.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.keeper.io/keeperpam/privileged-access-manager/universal-secrets-sync/discovery-using-commander.md).
# Universal Secrets Sync using Commander
### **Overview**
In this guide, you will learn how to sync resources within your target cloud secret infrastructure using USS with Keeper Commander.
### **Prerequisites**
Prior to using USS on Commander, make sure to review the [Universal Secrets Sync Basics](/keeperpam/privileged-access-manager/universal-secrets-sync/discovery-basics.md) documentation.
{% hint style="info" %}
Note that using Commander to initiate a sync should only be necessary if Dry run is selected in the USS settings of the corresponding PAM cloud configuration. Otherwise, USS will run automatically.
{% endhint %}
### **Starting Commander**
Log in to Keeper Commander CLI using the `keeper shell` command.
```
$ keeper shell
```
### **List Configurations**
Run the command `pam config list` or `pam c l` command to list all configurations
```
My Vault> pam config list
UID Config Name Config Type Shared Folder Gateway UID Resource Record UIDs
---------------------- ---------------------------- ----------------------- --------------------------------------------------------- ---------------------- ----------------------
qZkz5qoShpQL2J_TKurbRw AWS USS Configuration pamAwsConfiguration AWS USS Folder - Users (yEW84228pFIEsbHPokxGjg) Wu6-vzjOSJKOs3xGvmO74w
BtRLYDwx0AtvN2kaMbS-gQ AWS USS Configuration IE pamAwsConfiguration AWS USS Folder - Users (yEW84228pFIEsbHPokxGjg) Wu6-vzjOSJKOs3xGvmO74w
Fp_Nt9sI-fjd4n4jhOdMrw Azure USS Configuration pamAzureConfiguration AWS USS Folder - Users (yEW84228pFIEsbHPokxGjg) Wu6-vzjOSJKOs3xGvmO74w
e-oiP-gCEeatNVpLrVZ6Tg GCP PAM Config pamGcpConfiguration Local Gateway Folder - Resources (KBfF0jOvPg6FxOZyz2xNzA) 1MX6ZTJPQWmHF1S_CRQ3Gw
VjFRx3_0kMyedeAKuQSpcQ GCP USS Configuration pamGcpConfiguration AWS USS Folder - Users (yEW84228pFIEsbHPokxGjg) Wu6-vzjOSJKOs3xGvmO74w
mzkHNi21uEB8bpxa228bjw Local Gateway Configuration pamNetworkConfiguration Local Gateway Folder - Users (jkj1rVit39QcJJM70lMCDQ) 1MX6ZTJPQWmHF1S_CRQ3Gw
My Vault>
```
The Configuration UID is required to start the sync process.
### **Start Sync Job**
Run the `pam universal-sync-run` command to start a sync job. The configuration UID must be provided with the `-n` option.
```
pam universal-sync-run -n qZkz5qoShpQL2J_TKurbRw
```
The sync job is scheduled and a confirmation is returned with the action ID:
```
Scheduled action id: x9hDVky/06kfEmbpJl7K0A==
The action has been scheduled, use command 'pam action job-info x9hDVky/06kfEmbpJl7K0A== --gateway=Wu6-vzjOSJKOs3xGvmO74w' to get status of the scheduled action
After action is finished, use: 'pam usc list -n qZkz5qoShpQL2J_TKurbRw' to view sync results
```
### **Check job status**
Use the `pam action job-info` command with the action ID and gateway UID returned above to check whether the job has completed:
```
pam action job-info x9hDVky/06kfEmbpJl7K0A== --gateway=Wu6-vzjOSJKOs3xGvmO74w
```
### **View sync results**
Once the job has finished, run `pam usc list` with the configuration UID to view the sync results:
```
pam usc list -n qZkz5qoShpQL2J_TKurbRw
```
The following is a sample output showing the configuration details and the sync status for each folder. Verify that all folders show a Status of `Success` and that the Last Synced timestamp reflects the time the job completed. A `Failed` status on any folder indicates an error — check the Gateway logs and verify that the Sync Identity has the correct permissions on the target cloud secrets manager.
```
UID qZkz5qoShpQL2J_TKurbRw
Name AWS USS Configuration
Config Type pamAwsConfiguration
Enabled Yes
Dry Run Yes
Vault Name N/A
Sync Identity N/A
Folders (3)
Cloud Secrets AWS
Last Synced 2026-06-08 14:24:56
Status Success
Cloud Secrets AWS #2
Last Synced 2026-06-08 14:24:56
Status Success
Cloud Secrets AWS #3
Last Synced 2026-06-08 14:24:56
Status Success
```
### **Commander Reference**
Keeper Commander provides many advanced capabilities for managing gateways, configurations, rotations and discovery. See the [KeeperPAM Commands](/keeperpam/commander-cli/command-reference/keeperpam-commands.md) for a list of all available options.
#### **Related Pages**
* [USS Overview](/keeperpam/privileged-access-manager/universal-secrets-sync.md#pdf-page-dqtjnnk6pra4mfdizdco-what-is-keeper-discovery) - Feature summary, architecture, and key capabilities
* [USS Basics](/keeperpam/privileged-access-manager/universal-secrets-sync/discovery-basics.md) - Prerequisites and PAM Configuration setup
* [Migration Guide](/keeperpam/privileged-access-manager/universal-secrets-sync/universal-secrets-sync-migration-guide.md) - Import existing cloud secrets and configure USS in one workflow
* [Using the Vault](/keeperpam/privileged-access-manager/universal-secrets-sync/discovery-using-the-vault.md) - Step-by-step Vault UI walkthrough
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.keeper.io/keeperpam/privileged-access-manager/universal-secrets-sync/discovery-using-commander.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.