In the event that our unquestionably perfect code fails to run here are some things to try...
Record UIDs are randomly generated and sometimes begin with the '-' (hyphen) character. When this happens, it prevents Commander CLI from recognizing the UID as a UID value.
To use UIDs in a positional parameter that begin with '-' add '--' before the UID.
get -- -UREsVJNP7vU-KTyZ3YF9A
Commander CLI will then recognize the UID without confusing it for a command switch. In this case, it will search for a record with the UID
If you need to use the UID as an argument for a command flag, there is instead a different format.
To do this, add "=" after the flag, and wrap the UID in quotation marks.
secrets-manager share add --app TestApp --secret="-fwZjKGbKnZCo1Fh8gsf5w"
When using Commander you may encounter references to typed vs untyped or V2 vs V3 records. There are a few fundamental differences between these records which cause them to interact differently in some aspects of the platform.
Records which have a record type are considered 'typed' or sometimes referred to as 'V3'. These records have a malleable structure which can be defined and customized as well as an updated encryption model with heightened security.
Older records which were created before the release of record types are called 'untyped', 'legacy' or 'V2' records. These records have a set structure with a login, password, url, totp, and file attachment field (as well as notes). Any other fields must be added as custom fields to the record.
In Commander, when you view the details of a record with the
getcommand, Typed records will always show a type field, while Legacy records will have no type field at all.
My Vault> get uxRrj[...]ZAM0bSQ
Title: LastPass Database
Notes: LP DB Notes
type (text): SQL
(host): hostName | 3030
Database (text): MyDB
My Vault> get 4XjSH[...]Gy1LAEg
Title: My Record
ls -lcommand shows records in a list with type as one column. Any record with a value in that field is typed, and any record with no value is legacy.
My Vault> ls -l
# Record UID Type Title Login URL
--- ------------- ------------------- ----------------------- ------------------------- -----------------------------------
1 V[...]w login Typed MyLogin example.com
2 q[...]A Legacy MyLegacyLogin legacy.com
You may encounter the following error message when attempting to perform an action with Commander:
You do not have the required privilege to perform this operation
The message indicates that the current logged in account does not have permission to perform the requested action.
Many Commander commands require some form of permission policy to be enabled. When relevant, the documentation should indicate when a permission is required to use a command.
There are three main permission types that can lead to this message.:
Keeper roles can specify permissions allowed for all users in that role. For example a role can determine if users can share records or use Keeper Secrets Manager. When a user has multiple roles, the most restrictive permissions apply.
Read more about Role Enforcement Polices in the docs:
Keeper administrators have access to account-level actions and features which can be turned off and on with these permission policies. These include things like running compliance reports.
Read more about Administrative Permissions in the docs:
Some features require an additional add-on to be used. These include features such as Keeper Secrets Manager and the Advanced Reporting and Alerts Module which is required to run custom reports. Secure add-ons can be managed in the Secure Add-Ons section of the Keeper Admin Console.
Read more about managing add-ons in the docs:
Dependency issues are the most common problem, so please make sure you have an updated version of Python 3 installed.
Validate WinPython is correctly installed by checking the installed version from launching the "WinPython Command Prompt" in the installation folder:
MacOS ships with a default python installation that is too old and unsupported. A current version of Python needs to be installed
Validate Python is correctly installed by checking the installed version from a terminal window:
$ pip3 --version
Don't run the below, it'll report the older version of python:
When running Commander or related Keeper SDK code, if you receive SSL certificate errors such as:
Certificate validation error. More info:
requests.exceptions.SSLError: HTTPSConnectionPool(host='keepersecurity.com', port=443): Max retries exceeded with url: /api/rest/authentication/get_device_token (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1108)')))
If you receive this message, please make sure that your network is not attempting to do packet inspection with a proxy. Due to our advanced encryption, Keeper traffic cannot be intercepted by a network proxy device. Consult with your IT team to allow traffic to keepersecurity.[com|eu|com.au] on the firewall outbound.