Miscellaneous Commands

Helpful commands for miscellaneous functionality.

Commands
Keeper Command Reference
Whether using the interactive shell, CLI or JSON config file, Keeper supports the following commands, each command supports additional parameters and options.
To get help on a particular command, run:
help <command>
this-device
Set device logout and persistent login preferences
login
login to Keeper
whoami
information on logged in user
logout
logout from Leeper
help
documentation on a given Commander command
sync-down or d
download, sync, and decrypt vault
version or v
display Commander version and path information
clear or c
clear the screen
run-batch or run
Execute commands sequentially from the provided file.
generate
Generate a secure password
verify-records
Verify the integrity of imported records
verify-shared-folders
Verify the integrity of records in shared folders
reset-password
Reset the master password
sync-security-data
Calculate and update security data for all user-owned password records (enterprise only)   
sleep
Add delay (in seconds) between batch commands
this-device command
Command: this-device
Detail: Set device logout and persistent login preferences
Parameters:
None
Switches:
rename <Name of Device>: Change the name of the device
register: Encrypts the user's data key with the device public key in order to utilize persistent login sessions
persistent-login <ON|OFF>: Turn on or off the "Stay Logged In" setting for your account
ip-auto-approve <ON|OFF>: Control the IP Address device auto-approval security setting for your account
timeout: Set the number of minutes to logout after inactivity
Examples:
1
this-device
2
this-device rename "My MacOS CLI"
3
this-device persistent-login ON
4
this-device register
5
this-device ip-auto-approve ON
6
this-device timeout 600
1.Display the available options
2.Rename the device that shows up in access logs
3.Enable "Stay Logged In" on the account
4.Register the user's "encrypted data key" with the server, for use in persistent login sessions
5.Enables IP Address auto-approval (applies to master password logins only)
6.Set the inactivity timeout to 10 minutes
login command
Command: login
Detail: Login to Keeper
Parameters:
Email address of account to login to
Switches:
-p, --password password of Keeper account
    You will be prompted to enter the password if it is not provided with the switch
Examples:
login [email protected]
login [email protected] -p BhR!jeL4*2_zQ
1.Login to John Doe's Keeper account.  Will be prompted for password
2.Login to Jane Doe's Keeper account with the given password
whoami command
Command: whoami
Detail: Display information about the currently logged in user
Switches:
-v, --verbose include current datacenter and Commander environment
Examples:
whoami
whoami -v
1.See detailed user information
2.See detailed user information with the current datacenter and environment
Example Output:
My Vault> whoami
        Logged in as: [email protected]
​
             Account                 Type: Enterprise
                             Renewal Date: Jul 29, 2021
             Storage             Capacity: 1000GB
                                    Usage: 0%
                             Renewal Date: Jul 29, 2021
logout command
Command: logout
Detail: Logout of Keeper
Examples:
logout
1.Logout of Keeper
help command
Command: help
Detail: Display information about a given Commander command
Parameters:
A Commander command to see information for
Examples:
help add
help sync-down
1.See detailed information on add command
2.See detailed information on sync-down command
create-account command
Command: create-account 
Details: Create a Keeper Account.  You will be prompted to enter a password for the account, and then a verification email code.
Parameters: 
Email address to use for the account.
Examples:
create-account [email protected]
sync-down command
Command: sync-down or d
Detail: Download, sync, and decrypt vault
Examples:
sync-down
1.Sync vault
2.Sync vault
version command
Command: version or v
Detail: Display Commander version and path information
Switches:
-v display information about the underlying SDK, OS, working directory, and configuration file
Examples:
version
v -v
1.Show current Commander version
2.Show current Commander version, as well as the SDK version, OS, working directory, and configuration file 
clear command
Command: clear or c
Detail: Clear all lines from the screen
Examples:
clear
1.clear all lines from the screen
run-batch command
Command: run-batch or run
Detail: Execute commands sequentially from the provided file.
Switches:
-d [seconds] Specify a delay of this number of seconds in between commands. This will help in preventing throttling on the backend.
-q Quiet mode
-n or --dry-run Preview the commands that will be run without execution.
Examples:
run-batch -d 10 "C:\path\to\commands.txt"
​
run-batch -d 2 "/path/on/linux/to/commands.txt"
​
run-batch --dry-run -d 1 commands.txt
generate command
Requires Commander v16.5.10+
Command: generate
Detail: Generate a secure password
Switches:
-cc or --clipboard-copy copy the created password to the clipboard
-nb or --no-breachwatch skip Breachwatch check
-f <{table, json}> or --format <{table, json}> select an output method for the generated password
requires Commander v16.5.11+
-i <NUMBER> or --json-indent <NUMBER> with json format: 
0 for plain json output
a number greater than 0 to select the indentation for easy to read output
requires Commander v16.5.11+
-n [NUMBER] or --number [NUMBER] create the given number of passwords
-c [LENGTH] or --count [LENGTH] length of the password
-s [SYMBOLS] or --symbols [SYMBOLS] minimum number of special symbols to include in the password
-d [DIGITS] or --digits [DIGITS] minimum number of digits to include in the password
-u [UPPERCASE] or --uppercase [UPPSERCASE] minimum number of uppercase letters to include in the password
-l [LOWERCASE] or --lowercase [LOWERCASE] minimum number of lowercase letters to include in the password 
-dr [DICE_ROLLS] or --dice-rolls [DICE_ROLLS] number of dice rolls
Examples:
generate
generate -cc -c 12 -u 2 -s 2
generate --format json -i 0
generate --dice-rolls=6 --number=10 --no-breachwatch
1.Generate a secure password
2.Generate a secure password that is 12 characters longs with at least 2 uppercase letters and 2 symbols and copy the password to the system clipboard
3.Generate a password and show password strength, and Breachwatch result in plain json format
4.Generate 10 diceware passwords of 6 words
generate dice-roll passwords
Requires Commander v16.7.6+
Command: generate --dice-rolls
Detail: Generate a dice roll secure password consisting of random words
Switches:
-dr or --dice-rolls <NUMBER OF WORDS TO GENERATE> generate a dice roll password, and identify how many words to generate
--word-list <WORD LIST FILENAME>optionally use a file of words to use as a wordlist
Examples:
generate --dice-rolls 6
generate --dice-roll 5 --word-list "words.txt"
1.generate a password of 6 random words
2.generate a password of 5 random words from the given file of words
verify-records command
Command: verify-records
Detail: Check for record format integrity and perform necessary repairs to record structure. Edge cases are added to this command when issues in the field are reported to Keeper support.
Examples:
verify-records
​
There are 23 record(s) to be corrected
Do you want to proceed? [y/n]: y
verify-shared-folders command
Command: verify-shared-folders
Parameters
Name or UID of shared folder  to check. Leave blank to check all
Detail: Check for records in  shared folders that do not have the correct shared data key, then add the correct key where needed
Examples:
verify-shared-folders
​
There are 2 record key(s) to be corrected
 x4qAxrfilDryCbNCoTqZ8A  MyRecord
 D9QWFSNliXJU86-VI3zyMw  Twitter Login
Do you want to proceed? [y/n]:
reset-password command
Command: reset-password
Detail: reset the account's master password
Switches:
--delete-sso deletes SSO master password
--current the current master password
--new the new password to set as master password
Examples:
reset-password --current MyOldPassword --new [email protected]+R[16HX
Hint: you can use the generate command to generate a secure password within Commander
sync-security-data command
Command: sync-security-data or ssd
This command is available only to enterprise users
Detail: Calculate and update security data for all user-owned password records in the user's vault. Used to correct mis-matching summary security audit scores as seen by the user (in their vault) and by an enterprise administrator (either in the admin console app or via a call to security-audit-report in Commander)   
Parameters: 
Name(s), path(s), or UID(s) of records to sync. Omit this optional parameter to sync security data for all eligible records. Ignored if --hard option specified (hard-sync requires that all eligible vault records be synced)
Switches:
--hard, -hs Perform a "hard-sync" of security data (forces a reset and recalculation of summary security scores admin-side)
--quiet, -q Run command with minimal screen output
Examples:
sync-security-data
sync-security-data --hard
sync-security-data oY5F-KAdtqOloUanBb7dxQ Team1/Shares/Login-Record
sync-security-data --hard -q
1.Do a "soft-sync"  of user's security data (update security data but don't reset summary scores admin-side)
2.Do a "hard-sync" of user's security data (see documentation for --hard switch/flag above for more details) 
3.Do a "soft-sync" for records w/ UID = oY5F-KAdtqOloUanBb7dxQ and folder path of Team1/Shares/Login-Record.
4.Do a "hard-sync" of all eligible records while minimizing screen output
Hint: If the total password record count shown in the user's vault (in "Security Audit" view) differs from the corresponding value shown in the admin console (also in "Security Audit" view) or the output of Commander's security-audit-report --show-updated command, use the --hard flag to force a summary security audit score reset/re-calculation to re-align those values.
To ensure proper re-alignment of summary security audit-scores between the user's vault and the enterprise's admin console, any open instances of the admin console app must be closed prior to running this command. Once the user has executed this command (with the appropriate flag/switch as detailed above), an enterprise administrator must then run security-audit-report --save in Commander to update the corresponding admin-side summary security audit scores. 
sleep
This command is deprecated. If your goal is to add delay between commands, please refer to the run-batch command.
Command: sleep
Detail: Add delay (in seconds) between batch commands
Switches:
The number of seconds, the delay, to be added between batch commands 
Example:
sleep 5
1.Sleep for 5 seconds 

MSP Management Commands

Next - Commander CLI

Troubleshooting

Last modified 4d ago

`this-device`	Set device logout and persistent login preferences
`login`	login to Keeper
`whoami`	information on logged in user
`logout`	logout from Leeper
`help`	documentation on a given Commander command
`sync-down` or `d`	download, sync, and decrypt vault
`version` or `v`	display Commander version and path information
`clear` or `c`	clear the screen
`run-batch` or `run`	Execute commands sequentially from the provided file.
`generate`	Generate a secure password
`verify-records`	Verify the integrity of imported records
`verify-shared-folders`	Verify the integrity of records in shared folders
`reset-password`	Reset the master password
`sync-security-data`	Calculate and update security data for all user-owned password records (enterprise only)
`sleep`	Add delay (in seconds) between batch commands