Password Rotation Commands

Commands for performing password rotations on target systems.
Keeper has launched a new Password Rotation feature with Keeper Secrets Manager. This new capability is recommended for all password rotation use cases. The Documentation is linked below:

Rotation Commands

Keeper Command Reference

Whether using the interactive shell, CLI or JSON config file, Keeper supports the following commands, each command supports additional parameters and options.
To get help on a particular command, run:
help <command>
rotate or r
Rotate the password in a record
Set environment variables that can be used for substitution within other commands or arguments
Display environmental variables

rotate command:

Command: rotate or r
Detail: Rotate a record's password
To be eligible for rotation, a record must have the custom field 'cmdr:plugin'='noop'
Record name or UID to rotate
--print display updated record content after rotation
--match <REGULAR EXPRESSION> select all records that match this expression to rotate
--password <NEW PASSWORD> sets a new password. Commander generates random password if switch omitted. Ignored when passwords are rotated with --match parameter.
rotate servers/dev
rotate BhRRhjeL4armInSMqv2_zQ --print
rotate --match [0-z]*\machine
rotate BhRRhjeL4armInSMqv2_zQ --password "XXX"
  1. 1.
    Rotate the password of the record titled "dev" in the "servers" folder
  2. 2.
    Rotate the password of the record with the given UID
  3. 3.
    Rotate the password of all records that end with "machine" (Using regex)
  4. 4.
    Rotate the password of the give record UID with the specific password provided
For more information and examples see Connection to hosts documentation

set command:

Command: set
Detail: Set an environment variable
environment name, value to set
set <name> <value>
set MySecret XXX
Set the MySecret variable to XXX

echo command:

Command: echo
Detail: Display environmental variables
argument to display (optional)
echo ${<variable>}
If no argument is given, all environment variables are shown
echo ${MySecret}
  1. 1.
    Display all currently set environment variables
  2. 2.
    Display the value for the MySecret variable