Profile Command
Setup and initialization of the Keeper Secrets Manager device profile

profile command

Description: Initialize and switch between device profiles. In order to support multiple environments on the same device, you can also switch between Secrets Manager device profiles.
Parameters:
Sub-command and options to run
format: ksm profile <sub-command>
Sub-Commands:
Sub-Command
Description
init
Initialize a new client device profile
list
List profiles that have been created, and note active profile
export
Export a configuration profile
import
Create a new configuration from an exported encrypted profile
active
Sets the active configuration profile

init

Initialize a client device profile.
ksm profile init
optional parameters:
  • -t, --token <token> one time access token
  • -h, --hostname <XX> destination region
    Defaults to US region. Customers hosted in other regions must set this value:
    • USUnited States)
    • EU(Europe)
    • AU(Australia)
    • US_GOV(GovCloud)
  • --ini-file <FILENAME> save the new profile to this file
  • -p, --profile-name <NAME> set profile name If not provided, the profile will be set as "default"
Example:
1
$ ksm profile init --token XX:XXXXXXXX
2
3
Added profile _default to INI config file keeper.ini
Copied!
As noted in the Quick Start Guide, you first get the token XXX from the Commander CLI:
1
My Vault> secrets-manager client add --app MyApplicationName
Copied!

list

List all available profiles for the current Client Device.
ksm profile list
Example:
1
$ ksm profile list
2
3
Active Profile
4
======== ===============
5
Production
6
* Test Server 1
7
Test Server 2
8
Local Dev
Copied!

export

Export the current profile into a base64-encoded string.
ksm profile export [--plain] [--file-format] [PROFILE NAME]
optional parameters:
  • --plain Export profile without base64-encoding the string.
  • --file-format Export a profile to a specific file format. Available formats are:
    • ini - To be used by another instance of the CLI.
    • json - Can be used by the CLI and other Developer SDKs.
Example
1
$ ksm profile export my_profile
Copied!

import

Import a client device profile from an encrypted base64-encoded string.
ksm profile import [--output-file "INI filename"] <BASE64 CONFIG>
optional parameters:
  • --output-file <INI filename> Where to create the INI configuration file. If not set, will be create in current directory.
1
$ ksm profile import --output-file=my_profile BASE64_ENC_CONFIG
Copied!

active

Set the currently active profile for this client device.
ksm profile active <PROFILE NAME>
Example:
1
$ ksm profile active production
2
3
production is now the active profile.
Copied!

Profiles within Containers

If you are running the CLI inside of a containerized environment, you might not have the ability to initialize a profile. If no INI config file is found and the environmental variable KSM_TOKEN is found, a default profile will be auto-generated. A INI config file will be created and stored in the current working directory. That can be overridden with the environmental variable KSM_INI_DIR.

Default INI Filename

The default name of the ini file is keeper.ini, however this can overridden by using the KSM_INI_FILE environmental variable. By using KSM_INI_DIR and KSM_INI_FILE environmental variables you can completely change the location and name of the INI configuration file.
Last modified 1mo ago