Commander CLI

Commander Approvals

Commander Method for Automated Approvals

Keeper Commander, our CLI and SDK platform is capable of performing Admin Device Approvals for automated approval without having to login to the Admin Console. Approvals can run automatically on any computer running Commander, and this can be configured to run on an interval so that the Admin does not need to manually perform any action.

Automated approvals can be configured on any computer that is able to run Keeper Commander (Mac, PC or Linux). The steps are outlined below:

Install Keeper Commander

Python Installation - Linux and Mac

  1. Get Python 3 from python.org.

  2. Install Keeper Commander with pip3:

$ pip3 install keepercommander

Important: Restart your terminal session after installation

Python Installation - Windows

  1. Download and install WinPython

  2. From the install folder of WinPython, run the "WinPython Command Prompt"

  3. Install Keeper Commander with pip3:

$ pip3 install keepercommander

Upgrading to Latest Python Code

$ pip3 install --upgrade keepercommander

Use CLI for Device Approvals

Enter the CLI using the "keeper shell" command.

$ keeper shell
_ __
| |/ /___ ___ _ __ ___ _ _
| ' </ -_) -_) '_ \/ -_) '_|
|_|\_\___\___| .__/\___|_|
|_|
password manager & digital vault

Use the "login" command to login as the Keeper Admin with the permission to approve devices. Commander supports Master Password and 2FA.

My Vault> login [email protected]
Password: *******

Type "device-approve" to list all devices:

My Vault> device-approve
Email Device ID Device Name Client Version
------------------ ------------------ ---------------- ----------------
[email protected] f68de375aacdff3846 Web Vault Chrome w15.0.4
[email protected] 41sffcb44187222bcc Web Vault Chrome w15.0.4

To manually approve a specific device, use this command:

My Vault> device-approve --approve <device ID>

To approve all devices that come from IPs that are recognized as successfully logged in for the user previously, use this command:

My Vault> device-approve --approve --trusted-ip

To approve all devices regardless of IP address, use this command:

My Vault> device-approve --approve

To deny a specific device request, use the "deny" command:

My Vault> device-approve --deny <device ID>

To deny all approvals, remove the Device ID parameter:

My Vault> device-approve --deny

To reload the latest device approvals without having to exit the shell, use the "reload" command:

My Vault> device-approve --reload

Automatically Approving Devices every X seconds

Commander supports an automation mode that will run approvals every X number of seconds. To set this up, modify the config.json file that is auto-created in the folder running Commander and add a few lines to the file ("commands" and "timedelay") like below :

{
"device_id": "<filled in automatically>",
"user": "[email protected]",
"commands":["device-approve --reload","device-approve --trusted-ip --approve"],
"timedelay":30
}

Now when you run "keeper shell", Commander will run the commands every time period specified. Example:

$ keeper shell
Executing [device-approve --reload]...
Password:
Logging in...
Syncing...
Executing [device-approve --reload]...
Email Device ID Device Name Client Version
------------------ ------------------ ---------------- ----------------
[email protected] f68de375aacdff3846 Web Vault Chrome w15.0.4
Executing [device-approve --trusted-ip --approve]...
2020/09/20 21:59:47 Waiting for 30 seconds
Executing [device-approve --reload]...
There are no pending devices to approve
.
.
.

There are many ways to customize, automate and process automated commands with Keeper Commander. To explore the full capabilities see the link below:

https://github.com/keeper-Security/commander