Keeper Secrets Manager
Search
K

Password Rotation Commands

Commands for performing password rotations on target systems.
Keeper has launched a new Password Rotation feature with Keeper Secrets Manager. This new capability is recommended for all password rotation use cases. The Documentation is linked below:

Rotation Commands

Keeper Command Reference

Whether using the interactive shell, CLI or JSON config file, Keeper supports the following commands, each command supports additional parameters and options.
To get help on a particular command, run:
help <command>
Command
Explanation
rotate or r
Rotate the password in a record
set
Set environment variables that can be used for substitution within other commands or arguments
echo
Display environmental variables

rotate command:

Command: rotate or r
Detail: Rotate a record's password
To be eligible for rotation, a record must have the custom field 'cmdr:plugin'='noop'
Parameters:
Record name or UID to rotate
Switches:
--print display updated record content after rotation
--match <REGULAR EXPRESSION> select all records that match this expression to rotate
--password <NEW PASSWORD> sets a new password. Commander generates random password if switch omitted. Ignored when passwords are rotated with --match parameter.
Examples:
rotate servers/dev
rotate BhRRhjeL4armInSMqv2_zQ --print
rotate --match [0-z]*\machine
rotate BhRRhjeL4armInSMqv2_zQ --password "XXX"
  1. 1.
    Rotate the password of the record titled "dev" in the "servers" folder
  2. 2.
    Rotate the password of the record with the given UID
  3. 3.
    Rotate the password of all records that end with "machine" (Using regex)
  4. 4.
    Rotate the password of the give record UID with the specific password provided
For more information and examples see Connection to hosts documentation

set command:

Command: set
Detail: Set an environment variable
Parameters:
environment name, value to set
format:
set <name> <value>
Examples:
set MySecret XXX
Set the MySecret variable to XXX

echo command:

Command: echo
Detail: Display environmental variables
Parameters:
argument to display (optional)
format:
echo ${<variable>}
If no argument is given, all environment variables are shown
Examples:
echo
echo ${MySecret}
  1. 1.
    Display all currently set environment variables
  2. 2.
    Display the value for the MySecret variable
Previous
Password Rotation
Next
AWS Plugin
Last modified 4mo ago