Commander CLI
Commander Approvals
Commander Method for Automated Approvals
Keeper Commander, our CLI and SDK platform is capable of performing Admin Device Approvals for automated approval without having to login to the Admin Console. Admin approvals can be configured on any computer that is able to run Keeper Commander (Mac, PC or Linux).
Install Keeper Commander
Please see the Installation Instructions here:
https://docs.keeper.io/secrets-manager/commander-cli/commander-installation-setup
You can install the binary versions for Mac/PC/Linux or use
pip3.Use CLI for Device Approvals
Enter the Commander CLI using the "keeper shell" command. Or if you installed the Commander binary, just run it from your computer.
1
$ keeper shell
2
_ __
3
| |/ /___ ___ _ __ ___ _ _
4
| ' </ -_) -_) '_ \/ -_) '_|
5
|_|\_\___\___| .__/\___|_|
6
|_|
7
​
8
password manager & digital vault
Copied!
Use the "login" command to login as the Keeper Admin with the permission to approve devices. Commander supports Master Password and 2FA.
Copied!
Type "device-approve" to list all devices:
1
My Vault> device-approve
2
Email Device ID Device Name Client Version
3
------------------ ------------------ ---------------- ----------------
4
[email protected] f68de375aacdff3846 Web Vault Chrome w15.0.4
5
[email protected] 41sffcb44187222bcc Web Vault Chrome w15.0.4
Copied!
To manually approve a specific device, use this command:
1
My Vault> device-approve --approve <device ID>
Copied!
To approve all devices that come from IPs that are recognized as successfully logged in for the user previously, use this command:
1
My Vault> device-approve --approve --trusted-ip
Copied!
To approve all devices regardless of IP address, use this command:
1
My Vault> device-approve --approve
Copied!
To deny a specific device request, use the "deny" command:
1
My Vault> device-approve --deny <device ID>
Copied!
To deny all approvals, remove the Device ID parameter:
1
My Vault> device-approve --deny
Copied!
To reload the latest device approvals without having to exit the shell, use the "reload" command:
1
My Vault> device-approve --reload
Copied!
Automatically Approving Devices every X seconds
Commander supports an automation mode that will run approvals every X number of seconds. To set this up, modify the config.json file that is auto-created in the folder running Commander and add a few lines to the file ("commands" and "timedelay") like below :
1
{
2
"device_id": "<filled in automatically>",
3
"user": "[email protected]",
4
"commands":["device-approve --reload","device-approve --approve"],
5
"timedelay":30
6
}
Copied!
Now when you run "keeper shell", Commander will run the commands every time period specified. Example:
1
$ keeper shell
2
Executing [device-approve --reload]...
3
Password:
4
Logging in...
5
Syncing...
6
​
7
Executing [device-approve --reload]...
8
​
9
Email Device ID Device Name Client Version
10
------------------ ------------------ ---------------- ----------------
11
[email protected] f68de375aacdff3846 Web Vault Chrome w15.0.4
12
​
13
Executing [device-approve --trusted-ip --approve]...
14
2020/09/20 21:59:47 Waiting for 30 seconds
15
Executing [device-approve --reload]...
16
There are no pending devices to approve
17
.
18
.
19
.
Copied!
Automatically Approving Teams and Users
Similar to the example above, Commander can automatically approve Team and User assignments that are created from SCIM providers such as Azure, Okta and JumpCloud.
To set this up, simply add one more command
team-approve to the JSON config file:1
{
2
"user": "[email protected]",
3
"commands": [
4
"debug",
5
"device-approve --reload",
6
"device-approve --approve",
7
"team-approve"
8
],
9
"timedelay": 60
10
}
Copied!
Keeper Commander supports "persistent login" sessions which can run without having to login with a Master Password. Please see the Commander documentation for persistent login at this link.
There are many ways to customize, automate and process automated commands with Keeper Commander. To explore the full capabilities see the Commander documentation.
Last modified 6mo ago