Secrets Manager

Record Commands

All the commands related to Manipulating records

Commands:

Keeper Command Reference

Whether using the interactive shell, CLI or JSON config file, Keeper supports the following commands, each command supports additional parameters and options.

To get help on a particular command, run:

help <command>

Command

Explanation

list or l

List all records or search via a regular expression.

search or s

Search all records via a regular expression.

ls

List folder contents

tree

Display entire folder structure as a tree

cd

Change current folder

get or g

Retrieve and display a Keeper Record/Folder/Team in printable or JSON format.

find-password

Display the specified Keeper Record password field to the system output

clipboard-copy

Copy the specified Keeper Record password field to the clipboard or send to stdout

record-history or rh

Show the history or a record's modifications

totp

Display the Two Factor code for a given record, or show a list of records with Two Factor codes if no record is specified

download-attachment

Download all attachments of a specified record

upload-attachment

Upload and attach a file to a given record

delete-attachment

Delete an attachment from a given record

file-report

Show a report of all the files that you have access to in the vault

list-sf or lsf

Show details about all shared folders in the vault

list-team or lt

List all teams that you have access to

add or a

Deprecated: use record-add

record-add or ra

Add a record

edit

Deprecated: use record-update

record-update or ru

Edit an existing record

rm

Remove a record

append-notes or an

Append notes to a record

mkdir

Create a folder or shared folder

rmdir

Remove a folder or shared folder and its contents

mv

Move a record to or folder

ln

Create a link between records or folders

find-duplicate

Locate duplicate records in the vault (or several) based on specified attributes and fields.

shortcut

List or manage record shortcuts

transform-folder

Transform a folder from a shared folder to a personal folder and vice versa

trash

List and manage deleted records in the trash

password-report

Display password report

find-ownerless

List (and, optionally, claim) records in the vault that currently do not have an owner

list command:

Command: list or l

Detail: List all records or search via a regular expression

Switches:

-v, --verbose verbose output (if record names are too long for the column)

Examples:

l
l twitter
l ^(?!.*FTP).*Azure.*$

  1. List all records

  2. List all records with the string twitter

  3. List all 'Azure' records that do not contain the string 'FTP" (Using regex)

search command:

Command: search or s

Detail: Search the vault using a regular expression

Parameters:

Regular expression to use with search

Switches:

-v, --verbose verbose output

Examples:

s dropbox
s [0-z]*\.org

  1. Search for records containing "dropbox"

  2. Search for records with a string of numbers and letters only ending in ".org"

ls command:

Command: ls

Detail: List folder contents

Switches:

-l, --list show detailed list -f, --folders display folders -r, --records display records -v, --verbose verbose output -R, --recursive show subfolder contents

Examples:

ls -l
ls -r
ls -l -r -v
ls -R -l "Folder1"

  1. Detailed list of folder contents

  2. List of only records in a folder (No sub folders)

  3. Detailed list of records, and show long titles even if they skew the table

  4. Show detailed list of all records and folders found in "Folder1" and its subfolders

tree command:

Command: tree

Detail: Display the entire folder structure as a tree, using specified folder or the current location (if no folder specified) as the root

Parameters:

Full path, UID, or name (if current location is parent folder) of folder to use as tree root (optional)

Switches:

-r, --records display records in each folder in tree (shown in slightly dimmer text) -s, --shares display shared-folder share permissions (symbols denoting permission-types shown in legend/key by default) -hk, --hide-shares-key hide permissions legend (valid only when--shares flag is specified) -t, --title <TITLE> show optional title for the folder-structure display -v, --verbose verbose output (display record/folder UID in addition to name)

Examples:

tree
tree "Office Codes/"
tree --verbose --records --title="My Folder Structure w/ Records (UIDs shown)"
tree --shares --hide-shares-key "/Work Folders/Team1"

  1. Display entire folder structure as a tree, using the current location as the root

  2. Display entire folder structure starting at sub directory "Office Codes" folder as the root

  3. Display folder structure titled "My Folder Structure w/ Records (UIDs shown)" showing records in each folder (w/ corresponding UID for each folder/record), using current location as root

  4. Display folder structure with share-permissions (as abbreviated symbols) for each contained shared-folder without displaying the corresponding permission symbols legend/key, with the displayed folder-structure root being the subfolder named Team1 in the folder named Work Folders found in the vault's root folder (note: because the target folder's full path is provided in this example, this command can be called from any location)

cd command:

Command: cd

Detail: Change current directory

Parameters:

Location to move to.

Quotation marks can be used to move to folders with spaces or slashes in their name.

backslash (\) can be used to escape quotation marks in a folder's name

Examples:

cd social/
cd financial/banks/
cd /
cd "folder/with/slashes"
cd folder\"with\"quotes

  1. Move to a folder named "social" in the current directory

  2. Move to a folder named 'banks' inside a folder named 'financial'

  3. Move to the vault root

  4. Move to a folder named "folder/with/slashes"

  5. Move to a folder named 'folder"with"quotes'

find-password command:

Command: find-password

Detail: Display a specified Keeper record's password to the system output, given that record's UID or path

Parameters:

Path or UID of a record

Switches:

--username <USERNAME> match the login name using regex (optional). The given title or UID must also match to find the record

--output <{clipboard, stdout}> choose the destination of the output

  • stdout - display password to system output (default)

  • clipboard - copy password to clipboard

-l, --login output login name instead of password

Examples:

find-password rvwIBG_ban2VTH64OsnzLn
find-password office/Zoom 
find-password rvwIBG_ban2VTH64OsnzLn --output clipboard 
find-password social/Twitter -l
find-password reddit --username .*second.*

  1. Show the password of a specific record with the given UID

  2. Show the password of a record with the title "Zoom" in the "office" folder

  3. Copy the password of a specific record to the clipboard

  4. Show the login of a record with the title "Twitter" in the "social" folder

  5. Show the password for a record with a title that starts with "reddit", and "second" as part of the username

clipboard-copy command:

Command: clipboard-copy

Detail: Copy a specified Keeper record's password to the clipboard, or send the password to stdout, given that record's UID or path.

Parameters:

Path or UID of record

Switches:

--username <USERNAME> match the login name using regex (optional). The given title or UID must also match to find the record

--output <{clipboard, stdout, stdouthidden}> choose the destination of the output

  • clipboard - copy password to clipboard (default)

  • stdout - display password to system output

  • stdouthidden - display password to system output but hidden

-l, --login output login name instead of password

--field <FIELD NAME> output custom field

-r, --revision record revision

-t or --totp output TOTP code

Examples:

clipboard-copy rvwIBG_ban2VTH64OsnzLn
clipboard-copy office/Zoom 
clipboard-copy rvwIBG_ban2VTH64OsnzLn --output stdout
clipboard-copy social/Twitter -l
clipboard-copy reddit --username .*second.*

  1. Copy the password of a specific record with the given UID to the clipboard

  2. Copy the password of a record with the title "Zoom" in the "office" folder to the clipboard

  3. Show the password of a specific record with the given UID

  4. Copy the login of a record with the title "Twitter" in the "social" folder to the clipboard

  5. Copy the password for a record with a title that starts with "reddit", and "second" as part of the username to the clipboard

get command:

Command: get or g

Detail: Retrieve and display a Keeper Record/Folder/Team in printable or JSON format, given a corresponding UID.

Parameters:

UID of a record, folder, or team

Switches:

--unmask display hidden field content as plaintext

--format<{detail, json, password}> choose the format of the output

  • detail - a detailed view of the Record/Folder/Team (default)

  • json - json formatted details

  • password - only the password

--legacy JSON output only. Display typed records in legacy json format

Examples:

get rvwIBG_ban2VTH64OsnzLn
g rvwIBG_ban2VTH64OsnzLn --format json --legacy

  1. Show the details of a specific record

  2. Show the details of a specific record in JSON format

To only retrieve the password as output, see the clipboard-copy command

record-history command:

Command: record-history or rh

Detail: Show the history of a record's modifications, given that record's UID

Parameters:

UID of record

Switches:

-a, --action <{list, diff, show, restore}> perform an action on the record

  • list - show revisions

  • diff - show changes made at each revision

  • show - show details about the current revision

  • restore - restore back to a previous revision (requires -r or --revision argument)

-r, --revision <REVISION NUMBER> only show details for a specific revision

Examples:

record-history rvwIBG_ban2VTH64OsnzLn
record-history rvwIBG_ban2VTH64OsnzLn -a diff
record-history rvwIBG_ban2VTH64OsnzLn -r 4 
record-history rvwIBG_ban2VTH64OsnzLn -a restore -r 2

  1. List of specific record's modification history

  2. List of the changes made in each version of the specific record

  3. Details of the 4th revision of the specific record (V.4)

  4. Revert the specified record to its 2nd version

totp command:

Command: totp

Detail: Display the Two Factor code for a record, given its path or UID. Show a list of records with Two Factor codes if no path or UID is given

Parameters:

Path or UID of record (optional)

Switches:

--details display 2FA details

--range <RANGE> display last and next [x] codes

Examples:

totp
totp Dropbox
totp U-QSpjIL9e9_huXrbTwz4Q
totp Dropbox --range 1
totp U-QSpjIL9e9_huXrbTwz4Q --details

  1. List of records with TOTP Two Factor codes

  2. Show a Two Factor code with timer for the "Dropbox" record

  3. Show a Two Factor code with timer for the record with the given UID

  4. Display the last, current, and next Two Factor codes for the "Dropbox" record

  5. Display the TOTP token details for the record with the given UID

download-attachment command:

Command: download-attachment

Detail: Download all files attached to the specified record(s), given that record's path or UID

Parameters:

Path or UID of record or folder

Switches:

-r or --recursive Download recursively through subfolders

--out-dir <LOCAL DIRECTORY> Local folder for downloaded files

--preserve-dir Preserve vault folder structure

--record-title Append record names to title of downloaded attachments

Naming Convention for downloaded attachments:

Naming ConventionDescription

$AttachmentFileName

By default, all downloaded attachments will retain their original name. If a record contains the attachment "file.txt", the name of the downloaded attachment will be: file.txt

$AttachmentFileName($RecordUUID).$AttachmentFileNameExtension

This is the naming convention for duplicates. If a record contains two attachments with the same name (i.e "file.txt") or the output directory already contains a file with the same name, the naming convention of the downloaded attachments will be: file.txt and file(Lw7K5ah3LjP5uVkhkrSzrw).txt

$AttachmentFileName($AttachmentUUID).$AttachmentFileNameExtension

For duplicates, if the naming convention in the above row is used, then the AttachmentUUID will be used instead of RecordUUID. In the given examples for the row above, downloading file.txt will use the attachmentUUID instead of the recordUUID: file(Bu2WLg-7eqWPhO-NW18lgw).txt

$RecordName-$AttachmentFileName

If the switch --record-title is passed, the record name will be appended to downloaded attachment file. This also applies to duplicates. For a record named "Record1" with the attachment "file.txt", the naming convention will be: Record1-file.txt

Examples:

download-attachment "documents/Financial Records"
download-attachment _j0SPqnUeUCZN5UoEfD6cg
download-attachment / --recursive --preserve-dir --out-dir=C:\\Attachments
download-attachment "documents/Financial Records" --record-title

  1. Download all attachments of the record titled "Financial Records" in the "documents" folder

  2. Download all attachments of the record with the given UID

  3. Download all attachments in the vault recursively to the specified output location: "C:\Attachments"

  4. Append the record name "Financial Records" to the name of all downloadable attachments for the record titled "Financial Records" in the "documents" folder

upload-attachment command:

Command: upload-attachment

Detail: Upload a file and attach it to a specific record, given that record's path or UID

Parameters:

Path or UID of record

Switches:

--file <FILENAME> file name to upload (required)

Examples:

upload-attachment "documents/Financial Records" --file C:/June_2021.pdf
upload-attachment _j0SPqnUeUCZN5UoEfD6cg --file C:/Users/pictures/5_15_21.jpeg

  1. Attach a pdf file to the "Financial Records" record in the "documents" folder

  2. Attach an image to the record with the given UID

delete-attachment command:

Command: delete-attachment

Detail: Delete a file attached to a specified record, given that record's path or UID

Parameters:

Path or UID of record

Switches:

--name <FILE> name or ID of the file to delete (required)

Examples:

delete-attachment "documents/Financial Records" --name June_2021.pdf
delete-attachment _j0SPqnUeUCZN5UoEfD6cg --name 5_15_21.jpeg
delete-attachment -o

  1. Delete a pdf file named "June_2021.pdf" from the "Financial Records" record in the "documents" folder

  2. Delete an image named "5_15_21.jpg" from the record with the given UID

  3. Delete all orphaned file attachments in the vault

file-report command:

Command: file-report

Detail: Show a report of details of all files that you can access in the vault. Report consists of: Title, Record UID, and File ID

Switches:

-d, --try-download attempt to download all the attachments in the vault

Examples:

file-report
file-report -d

  1. Show a report of all the files attached to records in the vault

  2. Attempt to download all the files attached to records in the vault

list-sf command:

Command: list-sf or lsf

Detail: Display the UID, Name, Default Permissions, Record Permissions, User Permissions, and Team Permissions for all shared folders in the vault

Examples:

lsf

  1. Show details for all shared folders in the vault

list-team command:

Command: list-team or lt

Detail: Display the UID and Name for each Team that you have access to

Examples:

list-team

  1. Show details for all teams you have access to

record-add and record-update commands

Command: record-add or record-update

Detail: Adds a record to the vault or update an existing record. This is the recommended command for adding and updating records. This supports all record types, custom types, standard fields and custom fields. See --syntax-help for detailed examples.

Parameters:

A space separated list of field values. A field has the following syntax:

<FIELD_NAME>=<FIELD_VALUE> see ...

Switches:

-t, --title Record title

-n, --notes Record notes

-rt, --record-type Record type. See the list of standard record types.

-f, --folder <FOLDER PATH or UID> Folder for the record. Applies to record-add only.

--self-destruct <NUMBER>[(mi)nutes|(h)ours|(d)ays|(mo)nths|(y)ears]Time period record share URL is valid. The record will be deleted from your vault 5 minutes after opening. Applies to record-add only.

-r, --record <RECORD PATH or UID> Path or UID of the record to edit. Applies to record-update only.

-f, --force Ignore warnings.

--syntax-help Displays detailed information on usage for these commands.

Examples:

record-add --title="Sample Login" --record-type=login --folder="Personal Folder" login=username password=$GEN url=https://www.google.com "License ID"="9ACB123" url.AlternateURL=https://amazon.com
record-add --title="Empty Legacy Record" --record-type=legacy
record-add --syntax-help
record-update --syntax-help
record-add -t "Temporary Shared Login (1 hr)" -rt login --self-destruct 1h

rm command:

Command: rm

Detail: Remove record(s) with given path(s) or UID(s)

Parameters:

Path or UID of record(s)

Switches:

-f, --force do not prompt

Examples:

rm social/Twitter
rm -wAZ13kI8d326j1HEUTqmQ -f
rm rec1 rec2

  1. Remove the "Twitter" record in the "social" folder. Will be prompt to enter "y" to approve.

  2. Remove the record with the given UID and don't prompt to approve.

  3. Remove the "Bank" record and purge it from the trash (record will not be recoverable)

  4. Remove records "rec1" and "rec2"

append-notes command:

Command: append-notes or an

Detail: Append to the notes of a record with a given path or UID

Parameters:

Path or UID of record

Switches:

--notes <NOTES> notes to append

Examples:

append-notes social/Twitter
an KEdxyHgtCOv3hBdjz_aJEw --notes "Outdated as of June 2021"

  1. Append to the notes of the "Twitter" record in the "social" folder. Will be prompted to enter notes to add

  2. Append to the notes of the record with the given UID with the message "Outdated as of June 2021"

mkdir command:

Command: mkdir

Detail: Create a folder or shared folder at the given path

Parameters:

Path/name of new folder

Switches:

-sf, --shared-folder create a shared folder

-uf, --user-folder create a user folder (not shared)

-a, --all set default folder permissions to allow any user to manage users, manage records, share records, and edit records

-u, --manage-users set default folder permissions to allow all users to manage user access

-r, --manage-records set default folder permissions to allow all users to manage records

-s, --can-share set default folder permissions to allow all users to share records

-e, --can-edit set default folder permissions to allow all users to edit records

--color <{none, red, green, blue, orange, yellow, gray}> sets folder color

When adding other users or teams to a shared folder, they will be given the default permissions of that folder, unless the permission is specifically revoked or added when sharing. See the share-folder command for more details.

Examples:

mkdir finance/personal
mkdir social -uf
mkdir office-codes -sf -s

  1. Create a folder named "personal" in the existing "finance" folder. Will be prompted to create a shared folder or user folder

  2. Create a user folder named "social"

  3. Create a shared folder named "office-codes" with the default permissions set to allow all users to share the records in the folder

rmdir command:

Command: rmdir

Detail: Delete a folder or shared folder given the folder's path or UID

Parameters:

Path of folder

Accepts patterns, which will remove all matching folders.

  • * matches everything

  • ? matches any single character

  • [seq] matches any character in seq

  • [!seq] matches any character not in seq

Accepts multiple parameters separated by a space

Switches:

-f, --force Delete folder without prompting

-q, --quiet returns no output when used in conjunction with -f

Examples:

rmdir social/temporary
rmdir zXuYXRYWgsie5TBPzQACLw -f
rmdir [A-Z]*2
rmdir DevOps/secrets MyFolder 
rmdir t5uYXRYWgsie5TBPzQACLw -f -q
rmdir *

  1. Delete the folder named "temporary" in the "social" folder. Will be prompted to confirm

  2. Delete the folder with the given UID and don't prompt to confirm

  3. Delete all folders with only letters in the name, ending in '2'

  4. Delete the folder 'secrets' in the 'DevOps' folder, and the 'MyFolder' folder

  5. Delete the folder with the given UID and don't show any output

  6. Remove all folders from the Keeper Vault

mv command:

Command: mv

Detail: Move a record or folder to another folder, given the record or folder's path or UID and the path or UID of the destination folder

Parameters:

Path or UID of record followed by path or UID of destination folder

Format:

mv SRC DST

SRC: the source path to folder or record. Accepts title paths, search patterns, and UIDs

DST: the destination folder name or UID to move to

Switches:

-f, --force move record or folder without prompting

-s. --can-reshare anyone can reshare records

-e, --can-edit anyone can edit records

Examples:

mv Twitter social
mv zXuYXRYWgsie5TBPzQACLw /

  1. Move the "Twitter" record into the "social" folder

  2. Move the record with the given UID to the root folder

ln command:

Command: ln

Detail: Link a record or folder to another folder, given the record or folder's path or UID and the path or UID of the destination folder

Parameters:

Path or UID of record followed by path or UID of destination folder

Format:

ln SRC DST

SRC: the source path to folder or record. Accepts title paths, search patterns, and UIDs

DST: the destination folder name or UID to link to

Switches:

-f, --force move record or folder without prompting

-s. --can-reshare anyone can re-share records

-e, --can-edit anyone can edit records

Examples:

ln Twitter social
ln zXuYXRYWgsie5TBPzQACLw /

  1. Link the "Twitter" record with the "social" folder

  2. Link the record with the given UID to the root folder

find-duplicate command:

Command: find-duplicate

Detail: Useful tool to help locate duplicate records in the vault based on one or more record fields.

Parameters:

Provide a list of fields to use for comparison.

Switches:

--title Match the title field to locate a duplicate

--login Match the login field to locate a duplicate

--password Match the password field to locate a duplicate

--url Match the URL field to locate a duplicate

--shares Match on share-permissions

--full Match all fields to locate a duplicate

--merge, -m Consolidate duplicate records (Note: when this flag is included, duplicate records are automatically matched on all fields, including shares)

--ignore-shares-on-merge Ignore share-permissions when matching duplicate records for merging

--force, -f Delete duplicates w/o being prompted for confirmation (valid only w/ --merge option)

--quiet, -q Suppress screen output (valid only w/ --force/--merge options)

--dry-run, -n Simulate removing duplicates (no records are ever removed or modified). Valid only w/ --merge flag

--scope, -s <enterprise, vault> Define the scope of the search (default is vault). Enterprise scope available only to enterprise account administrators with compliance data-access prvileges.

--refresh-data, -r Populate local cache with latest audit data. Valid only when used with the --scope=enterprise option.

--format <{csv, json, table}> Chose the format of the output

--output <FILENAME> Export search results to a file

Examples:

find-duplicate --title
find-duplicate --login --password
find-duplicate --login --password --url
find-duplicate --full
find-duplicate --merge --force
find-duplicate --merge -n
find-duplicate -s enterprise --format csv --output enterprise_duplicates.csv

  1. Find duplicate records based on matching titles

  2. Find duplicate records based on matching logins and passwords

  3. Find duplicate records based on matching logins, passwords, and website addresses

  4. Find duplicate records by matching on all relevant fields (including custom fields and share-permissions that apply for each record)

  5. Find duplicate records -- matching on all relevant fields (and shares) -- and consolidate them into one (i.e., delete all but one record for each set of records deemed to be duplicates of each other) per set of duplicates without prompting for confirmation prior to record deletion

  6. Find duplicate records (matching on all fields) and simulate consolidating the results

  7. Find duplicate records across vaults within the entire enterprise and export the search results to a CSV-formatted filed named enterprise_duplicates.csv

shortcut command:

Command: shortcut

Detail: List or manage record shortcuts. Shortcuts are links to records in a folder other than the folder that record belongs to.

Parameters:

Command:

  • list <RECORD UID, FOLDER UID, PATH (optional)>: Show a list of all shortcuts. Filtered to record or folder if given

  • keep <RECORD OR FILE PATH> : Remove all but one shortcut

Switches:

list switches:

--format <{csv, json, table}> choose the format of the output

--output <FILENAME> file to write output results to

Examples:

shortcut list
shortcut list --format csv --output "shortcuts.csv"
shortcut list 461XtX26R1SggIyQDf4HZg
shortcut keep "memberships/My Membership"

  1. Display a list of record shortcuts

  2. Output a list of record shortcuts to a file

  3. Output a list of record shortcuts that exist in the folder with the give UID

  4. Remove all record shortcuts other than record at the given location

Use Case: Deleting all but one shortcut with command keep

Suppose there are multiple shortcuts for the following record, and you only want to keep the record 

My Vault> shortcut list 461XtX26R1SggIyQDf4HZg
Record UID              Record Title    Folder
----------------------  --------------  ----------------------
461XtX26R1SggIyQDf4HZg  ksm-key1        [ User ] /key-folder1/
                                        [ User ] /key-folder2/
                                        [ User ] /key-folder3/

To keep this record only in the "key-folder2" and remove all other shortcuts, you can execute the following command: 

My Vault> shortcut keep 461XtX26R1SggIyQDf4HZg key-folder2

Running the above command will prompt you to confirm the deletion of the extra shortcuts

To verify that the additional shortcuts have been deleted, you can do one of the following:

  1. Access your web vault and observe that the shortcuts have been deleted. Example: In the above scenario & example, I will find only one instance of the record ksm-key1 in key-folder2

  2. Running the shortcut list <Record UID> command will output that the record has no shortcuts In the above scenario & example, after deleting the unwanted shortcuts, running the list command will give me the following:

My Vault> shortcut list 461XtX26R1SggIyQDf4HZg 
shortcut-get: Record UID 461XtX26R1SggIyQDf4HZg does not have shortcuts

transform-folder command:

Command: transform-folder

Detail: Transform a folder from a shared folder to a personal folder and vice versa

Parameters:

Folder UID or path/name (accepts multiple values)

Switches:

-c, --children Apply transformation to target folder's children only (target folder will remain unchanged).

-n, --dry-run Preview the folder transformation without updating

-f, --force Skip confirmation prompt and minimize output

Examples:

For these next examples, let's assume we have a vault with the following contents and folder-structure (as shown in Keeper Shell by executing the command tree -s -r -v):

1. Transform a user folder into a shared-folder

Executing the following command (from within the vault's root folder)

gives us the following transformed folder-structure (displayed tree limited to transformed folder and its contents):

2. Transform a shared-folder into a user folder

Executing the following command (from within the vault's root folder)

transform-folder "Shared Folder (Team3, Admin)"

gives us the following transformed folder-structure (displayed tree limited to transformed folder and its contents):

3. Transform a folder's children

Executing the following command (from within the vault's root folder)

transform-folder --children "Shared Items"

gives us the following transformed folder-structure (displayed tree limited to transformed folder and its contents):

For security reasons and because of current limitations on the type of folders that any given shared-folder can contain, not every folder in a given vault is necessarily eligible for transformation using the command described above. Consequently, there are certain types of folders for which this command will fail to execute. These include

  1. user folders that contain -- either in the folder itself, or in any of its subfolders, or in any of its subfolders' subfolders, etc. -- any 1 of the following items:

    • a shared-folder for which the user does not have either of the following:

      1. share-admin privileges

      2. full share permissions ("Can Manage Users", "Can Manage Records")

    • a direct-share record for which the user does not have either of the following:

      1. share-admin privileges

      2. re-share permissions ("Can Share")

  2. user folders contained within a shared-folder (i.e., any user folder whose parent folder, or parent folder's parent folder, etc., is a shared-folder)

trash command:

Command: trash <sub command>

Detail: List or manage deleted records in the trash. Deleted records remain in the trash until purged.

Parameters:

Sub-command:

  • list <SEARCH PATTERN> : Show a list of all deleted records in the trash can. Filtered to record or folder if given

  • get <RECORD UID> : show information about deleted record with the given UID

  • restore <RECORD UID(S)> : restore a previously deleted record or records. Can be given several UIDs separated by a space

  • unshare <RECORD UID(S)>: remove shares from deleted records

  • purge : permanently delete all records in the trash

Switches:

list switches:

--format <{csv, json, table}> choose the format of the output

--output <FILENAME> file to write output results to

--reload refresh the list of deleted records

list examples:

trash list
trash list --format csv --output "deleted.csv"
trash list Twitter*

  1. Display a list of deleted records

  2. Output a list of deleted records to a file named 'deleted.csv'

  3. Display a list of deleted records that have a title starting with "Twitter"

get examples:

trash get Do5[...]mJw

  1. Display details of deleted record with the given UID

restore switches:

--force don't prompt when restoring

list examples:

trash restore DoO[...]Gw
trash restore DoO[...]Gw Gng[...]1-g
trash restore --force DoO[...]Gw Gng[...]1-g

  1. Restore the deleted record with the given UID

  2. Restore the deleted records with all the given UIDs

  3. Restore the deleted records with all the given UIDs and don't prompt

unshare example:

// removes shares from all delete records
trash unshare * 
// removes share from a single record
trash unshare <RECORD UID>

purge examples:

trash purge

  1. purge all deleted records from the trash

password-report command

Command: password-report

Detail: Display password report

Switches:

--policy <comma separated integers> Password complexity policy. Length,Lower,Upper,Digits,Special. Example: 12,2,2,2,0

--length <Number> Minimum password length

--lower <Number> Minimum lowercase characters

--upper <Number> Minimum uppercase characters

--digits <Number> Minimum digits

--special <Number> Minimum special characters

Parameters:

folder Optional. Scan for weak passwords in a folder

Examples:

My Vault> password-report --policy=12,2,2,2,0
My Vault> password-report --length=10 --digits=2

find-ownerless

Command: find-ownerless

Detail: List (and, optionally, claim) records in the user's vault that currently do not have an owner

Switches:

--format <{csv, json, table}> choose the format of the output

--output <FILENAME> file to write output results to (ignored for table format)

--claim claim records found

-v, --verbose output details for each record found

Parameters:

folder path or UID of folder to search (optional, with multiple values allowed)

Examples:

My Vault> find-ownerless -v 
My Vault> find-ownerless --claim

  1. Find all the records that do not have an owner and print additional details for each record found

  2. Claim all found records without an owner

PreviousSCIM Push ConfigurationNextRecord Type Commands

Last updated