In the event that our unquestionably perfect code fails to run here are some things to try...

UID Starts With '-'

Record UIDs are randomly generated and sometimes begin with the '-' (hyphen) character. When this happens, it prevents Commander CLI from recognizing the UID as a UID value.
To use UIDs in a positional parameter that begin with '-' add '--' before the UID.
get -- -UREsVJNP7vU-KTyZ3YF9A
Commander CLI will then recognize the UID without confusing it for a command switch. In this case, it will search for a record with the UID -UREsVJNP7vU-KTyZ3YF9A
If you need to use the UID as an argument for a command flag, there is instead a different format.
To do this, add "=" after the flag, and wrap the UID in quotation marks.
secrets-manager share add --app TestApp --secret="-fwZjKGbKnZCo1Fh8gsf5w"

Installation Issues with Python

Dependency issues are the most common problem, so please make sure you have an updated version of Python 3 installed.

On Windows

C:\>pip3 --version
Validate WinPython is correctly installed by checking the installed version from launching the "WinPython Command Prompt" in the installation folder:

On Mac

MacOS ships with a default python installation that is too old and unsupported. A current version of Python needs to be installed
Depending on your operating system security settings you may need to "Allow" the application to run or install. To do this open "System Preferences" > "Security and Privacy" > "General" tab
Validate Python is correctly installed by checking the installed version from a terminal window:
$ pip3 --version
Don't run the below, it'll report the older version of python:
$ --version

Disabling Login V3

If you need to disable the Login V3 authentication flow for any reason (ex. issue with automation) there are two ways of doing that:
  1. 1.
    Set the login_v3 flag to false in the configuration file
    Example configuration file:
    "login_v3": false
  2. 2.
    Or passing the command line argument --login-v3 false or -lv3 false
    Example command:
    keeper -lv3 false
This flag will be deprecated before the end of 2022.

SSL Certificate Errors

When running Commander or related Keeper SDK code, if you receive SSL certificate errors such as: requests.exceptions.SSLError: HTTPSConnectionPool(host='', port=443): Max retries exceeded with url: /api/rest/authentication/get_device_token (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1108)')))
If you receive this message, please make sure that your network is not attempting to do packet inspection with a proxy. Due to our advanced encryption, Keeper traffic cannot be intercepted by a network proxy device. Consult with your IT team to allow traffic to keepersecurity.[com|eu|] on the firewall outbound.

Found a Bug?

Please let us know. Send an email to [email protected] or open a ticket on our Github Repo.

Vulnerability Disclosure Program

Keeper has partnered with Bugcrowd to manage our vulnerability disclosure program. Please submit reports through or send an email to [email protected].
Last modified 3mo ago