Secrets Manager CLI
The Secrets Manager CLI provides shell access to vault secrets

The Keeper Secrets Manager CLI ("KSM CLI") provides core Secrets Manager Vault interaction from a terminal, shell script or any software that can be launched from a shell.
- Get Secrets from the Keeper Vault
- Update Secrets from the Keeper Vault
- Replace environmental variables with Keeper secrets in scripts and containers
The KSM CLI is different than the Commander CLI. The KSM CLI is specifically for secrets management and the Commander CLI is for initial setup and administrative functions.

In order to use the Secrets Manager CLI, or environmental variable substitutions for accessing secrets stored in the Keeper Vault, you must first have an Application and Client Device configured. Check out the Quick Start Guide to set this up.
The KSM CLI is available as a binary application for Windows/Mac/Linux or a pip3 install for any Python environment.
The latest binary release can be found on the GitHub repository. Download the installer based on your operating system and click to install, or unarchive, to use.
When launching the CLI in Windows or macOS, the CLI will run in a shell mode. The
ksm
command is still available via the command line.The Linux binary is just an executable and should be moved to a directory in the PATH.
Please ensure that Python 3.x is installed. If not, use your OS-specific package manager to install it.
sudo yum install python3
Make sure your pip3 is up to date:
sudo pip3 install --upgrade pip
Now you can install the Secrets Manager CLI:
sudo pip3 install keeper-secrets-manager-cli
To upgrade to the latest version:
sudo pip3 install -U keeper-secrets-manager-cli keeper-secrets-manager-core
This method will install the CLI into the system Python. If you do not have root or admin permissions, you can install the CLI by setting up a virtualenv. If you do not use virtualenv, the module and binary will be install into your $HOME/.local directory for Linux or macOS. You may need to include a PATH to the bin directory.
For developers, using virtualenv is a clean way to install KSM in an isolated environment.
sudo pip3 install virtualenv
virtualenv -p python3 my_env
source my_env/bin/activate
Then, install ksm to the virtual environment
pip3 install keeper-secrets-manager-cli
The
ksm
CLI tool can be used for the following purposes:- Initialize a configuration file for use in integrations such as Github Actions ("init")
- Create a local profile to execute commands as a client device ("profile")
- Query the Keeper vault and retrieve secrets ("secret")
- Wrap command-line applications for environmental variable substitution ("exec")
ksm
Usage: ksm [OPTIONS] COMMAND [ARGS]...