Keeper 101 | Enterprise: How to Use Keeper Commander CLI
Keeper Commander allows you to perform administrative and vault functions from a command line environment on Mac, Windows and Linux.
You can start Commander by typing “keeper shell” in a terminal window.
Enter your username, password, and complete any 2FA requirements when prompted. If you are logging in for the first time on a new device, you may be prompted for device approval for additional security. More information about login methods, such as SSO, can be found in our documentation.
Keeper Commander has a variety of commands which will allow you to work with the records in your vault.
Once logged into commander, typing the ‘?’ symbol will present you with a list of possible commands. You can also refer to the full list of commands in our user guide.
This video will introduce you to the most common commands to work with records within your vault. Each command supports additional parameters and options. To get help on a particular command, run the [command name] help
Commander uses well known commands to navigate your keeper vault files and directories:
“list” or “l” lists all records in your vault.
“search” or “s” searches your vault.
“ls” lists all folder contents. You can enter an optional argument to have it display just folders or records, and specify the level of detail you would like to see.
“tree” will display the entire vault structure as a tree. You can also enter the name of a folder to see the structure of that specific folder.
“cd” can be used to change the current folder and navigate to different folders in your vault.
Keeper specific commands will allow you to work with and display information about your account and records in your vault:
You can use “get” or “g” to retrieve and display a Keeper Record/Folder/Team in printable or JSON format via a UID you provide. You can choose to specify what format you would like (detail, JSON, or password) and also whether you would like to work with legacy records only.
Use “clipboard-copy” to copy the specified Keeper Record password field to the clipboard
Use “record-history” or “rh” to show the history of a record's modifications. You can enter optional arguments which will let you filter by record history type or only show the details for a specific revision.
“Totp” displays the Two Factor code for a given record, or shows a list of records with Two Factor codes if no record is specified.
The command “file-report” shows a report of all the files that you have access to in the vault. This is useful if you want to know which records are taking up the most space.
Use “list-sf” or “lsf” to show details about all shared folders in the vault, good to quickly know what in your vault is shared.
If you need a more detailed sharing report, the ‘share-report’ command with the ‘-o’ and ‘-v’ switches provides you with a detailed report of what records are in your vault, who they are shared with and what permissions everyone has.
Use “record-add” to add a record. You can specify the login, password, url, notes, custom fields, folder, title, as well as attach a file or generate a random password.
You can use “rm” to remove a record. You can also enter an optional argument to purge the record from all folders and the trash.
Use “mkdir” to create a folder or shared folder. You can choose to specify permissions for the folder with optional arguments.
“Rmdir” will remove a folder or shared folder and its contents.
Use “find-duplicate” to locate duplicate records in the vault based on specified attributes and fields. You can choose to match duplicates by title, login, password, URL, or all fields.
In addition to vault commands, if you have admin rights, you can also run some admin only commands as though you were logged into the admin console.
Use “list-team” or “lt” to list all teams that you have access to.
The ‘enterprise’ commands allow you to administer keeper via the command line, or via script if needed
In addition to admin commands there are also some MSP specific commands if you have an MSP license.
A full list of commands is available in our documentation. Almost everything you can do in the Keeper Vault UI and Admin console can be done via the Commander CLI. Additional capabilities and automation are available only via the CLI, such as advanced reporting.