Keeper Commander for Python 3
Project description
The Password Management SDK for IT Admins & Developers
Keeper Commander is a command-line and SDK interface to Keeper® Password Manager. Keeper Commander can be used to interactively access your Keeper Vault via a standard terminal or SSH console, or it can be used as an SDK for integrating your back-end into Keeper’s zero-knowledge Cloud Security Vault™.
Commander can securely rotate passwords in your Keeper vault and then automatically synchronize the changes to all users with privileged access. Using our connector plugins, Commander can perform the password rotation directly on the target system (e.g. database, active directory, unix/pc login, etc…).
Here’s a Video demonstrating Commander.
Use Cases
Access passwords through a terminal or SSH session
Eliminate hard-coded or plaintext passwords in back-end systems
Rotate passwords on shared accounts
Perform password rotations on target systems
Authenticate with Yubikey and other 2FA methods
Schedule and automate rotations
Keeper Commander provides deep integration of privileged password management into back-end systems to securely access credentials, elevate permissions and rotate passwords. With Keeper Commander you can automate key security features on any platform.
Changes made through Keeper Commander instantly propagate to the users who have access to that specific record.
When you grant and revoke access or rotate a password, it instantly updates to users on their mobile and desktop devices. Control access to highly secure systems by rotating passwords and pushing those credentials to users - all within the Keeper ecosystem.
Installation
If you do not have python3 installed already (check by trying to run pip3 in the Terminal), you can install it by going to python.org and following the instructions).
Note: restart your terminal session after you installed python3
Install Keeper Commander with pip3:
pip3 install keepercommanderUpgrade
To upgrade Keeper Commander to the newest version, call pip install with –upgrade parameter:
pip3 install --upgrade keepercommanderThree ways to use Keeper Commander
From the command line or script
As an interactive shell (keeper shell command)
In your own python program by importing keepercommander package
Command line usage
Usage: keeper [OPTIONS] COMMAND [ARGS]... Options: -s, --server TEXT Host address -u, --user TEXT Email address for the account -p, --password TEXT Master password for the account --config TEXT Config file to use --debug Turn on debug mode --version Show the version and exit. --help Show this message and exit. Commands: list List Keeper records shell Use Keeper interactive shell ...
Environment variables
for –user and –password options, you can set environment variables KEEPER_SERVER, KEEPER_USER and KEEPER_PASWORD. Server, user and password specified as options have priority over server, user and password settings specified in the configuration file.
Interactive shell
If you would like to use keeper interactively within a shell session, invoke shell by typing
keeper shellTo see a list of supported commands, simply type ‘?’:
Keeper > ? Commands: d ... download & decrypt data l ... list folders and titles s <regex> ... search with regular expression g <uid> ... get record details for uid r <uid> ... rotate password for uid b <regex> ... rotate password for matches of regular expression a ... add a new record interactively c ... clear the screen h ... show command history q ... quit
d (download): Downloads all records from the account, decrypts the data key, private key, decrypts records and shared folders.
l (list): Displays the Record UID, Folder and Title for all records.
s (search): search across all record data and display the Record UID, Folder and Title for matching records.
g (get): displays the full record details for a specified Record UID. The Record UID can be determined by looking at the response from the “l” or “s” commands.
r (rotate): rotates the password field of a specified Keeper record. The new password generated is by default set to a very strong 64-byte ASCII-based string. The previous password is also backed up and stored as a custom field in the record, saved with the timestamp of the change.
b (batch rotate): search across all record data and rotate the password for matching records.
Deep linking to records
The Record UID that is displayed on password record output can be used for deep linking directly into the Web Vault. The link format is like this: https://keepersecurity.com/vault#detail/XXXXXX where you simply replace XXXXXX with the Record UID.
Auto-configuration file
To automate the use of Commander, create a file called config.json and place the file in your install folder. If you don’t provide a config file, Commander will just prompt you for the information.
Here’s an example config.json file:
{
"server":"https://keeperapp.com/v2/",
"user":"your_email_here",
"password":"your_password_here",
"debug":false,
"commands":[]
}
All fields are optional. You can also tell Commander which config file to use. By default, we look at the config.json file. Example:
keeper --config=foo.json shellIn this case, Commander will start up using foo.json as the configuration.
Auto-command execution
You can provide Commander a set of commands to run without having to type them manually. This is the easiest way to automate password resets.
Example:
{
"debug":false,
"server":"https://keeperapp.com/v2/",
"user":"admin@company.com",
"password":"somereallystrongpassword",
"commands":["d", "r 3PMqasi9hohmyLWJkgxCWg", "r tlCK0x1chKH8keW8-NOraA"]
}
In this example, we are telling Commander to first download and decrypt records, then reset 2 passwords. As you can see, each unique password record in the Keeper system is represented by a unique record UID. Use the “l” or “s” command in Commander’s interactive mode to display the record UIDs in your account.
Scheduled command execution
You can provide Commander a time delay in seconds to wait and then reissue all commands. This is the easiest way to schedule automated password resets.
Example:
{
"debug":false,
"server":"https://keeperapp.com/v2/",
"user":"admin@company.com",
"password":"somereallystrongpassword",
"timedelay":600,
"commands":["d", "r 3PMqasi9hohmyLWJkgxCWg", "r tlCK0x1chKH8keW8-NOraA"]
}
Commander would now download and decrypt records, rotate 2 passwords, and then wait for 10 minutes (60 seconds * 10) before issuing the commands again. FYI, there are 86400 seconds in 24 hours in case you want to have daily rotations!
Two-Factor Authentication and Device Token
If you have Two-Factor Authentication enabled on your Keeper account (highly recommended), Keeper Commander will prompt you for the one-time passcode the first time you login. After successfully logging in, you will be provided a device token. This device token needs to be saved for subsequent calls. Copy-paste this device token into your config.json file. For example:
{
"debug":false,
"server":"https://keeperapp.com/v2/",
"user":"email@company.com",
"password":"123456",
"mfa_token":"vFcl44TdjQcgTVfCMlUw0O9DIw8mOg8fJypGOlS_Rw0WfXbCD9iw",
"mfa_type":"device_token",
"commands":["d", "r 3PMqasi9hohmyLWJkgxCWg", "r tlCK0x1chKH8keW8-NOraA"]
}
Yubikey Support
Commander supports the ability to authenticate a session with a connected Yubikey device instead of using a Master Password. To configure Yubikey authentication, follow the setup instructions.
Plugins and Password Rotation
Keeper Commander can communicate to internal and external systems for the purpose of rotating a password and synchronizing the change inside the Keeper Vault. For example, you might want to rotate your MySQL password and Active Directory password automatically. To support a plugin, simply add a custom field to the record to specify which plugin Keeper Commander should use when changing passwords. Example:
Name: cmdr:plugin Value: mysql
Name: cmdr:plugin Value: adpasswd
When a plugin is specified in a record, Commander will search in the plugins/ folder to load the module based on the name provided (e.g. mysql.py and active_directory.py).
Check out the plugins folder for all of the available plugins. Keeper’s team is expanding the number of plugins on an ongoing basis. If you need a particular plugin created, just let us know.
Support
We’re here to help. If you need help integrating Keeper into your environment, contact us at ops@keepersecurity.com.
About Our Security
Keeper is a zero-knowledge platform. This means that the server does not have access to your Keeper Master Password or the crypto keys used to encrypt and decrypt your data. The cryptography is performed on the client device (e.g. iPhone, Android, Desktop, Commander).
When you create a Keeper account from our web app or mobile/desktop app, you are asked to create a Master Password and a security question. The Keeper app creates your crypto keys, RSA keys and encryption parameters (iv, salt, iterations). Your RSA private key is encrypted with your data key, and your data key is encrypted with your Master Password. The encrypted version of your data key is stored in Keeper’s Cloud Security Vault and provided to you after successful device authentication.
When you login to Keeper on any device (or on Commander), your Master Password is used to derive a 256-bit PBKDF2 key. This key is used to decrypt your data key. The data key is used to decrypt individual record keys. Finally, your record keys are then used to decrypt your stored vault information (e.g. your MySQL password).
When storing information to your vault, Keeper stores and synchronizes the encrypted data.
For added security, you can enable Two-Factor Authentication on your Keeper account via the web app settings screen. When logging into Commander with Two-Factor Authentication turned on, you will be asked for a one time passcode. After successful authentication, you will be provided with a device token that can be used for subsequent requests without having to re-authenticate.
All of this cryptography is packaged and wrapped into a simple and easy-to-use interface. Commander gives you the power to access, store and synchronize encrypted vault records with ease.
To learn about Keeper’s security, certifications and implementation details, visit the Security Disclosure page on our website.
About Keeper
Keeper is the world’s most downloaded password keeper and secure digital vault for protecting and managing your passwords and other secret information. Millions of people and companies use Keeper to protect their most sensitive and private information.
Keeper’s Features & Benefits
Manages all your passwords and secret info
Protects you against hackers
Encrypts everything in your vault
High-strength password generator
Login to websites with one click
Store private files, photos and videos
Take private photos inside vault
Share records with other Keeper users
Access on all your devices and computers
Keeper DNA™ multi-factor authentication
Login with Fingerprint or Touch ID
Auto logout timer for theft prevention
Unlimited backups
Self-destruct protection
Customizable fields
Background themes
Integrated Apple Watch App
Instant syncing between devices
AES-256 encryption
Zero-Knowledge security architecture
TRUSTe and SOC-2 Certified
Keeper Website
Pricing
Keeper is free for local password management on your device. Premium subscription provides cloud-based features and premium device-specific features including Sync, Backup & Restore, Secure Sharing, File Storage and multi-device usage. More info about our consumer and enterprise pricing plans can be found here.
Mobile Apps
[iPhone, iPad, iPod] (https://itunes.apple.com/us/app/keeper-password-manager-digital/id287170072?mt=8)
Desktop Apps (Mac, PC, Linux)
Web-Based Apps and Browser Extensions
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for keepercommander-0.3.7-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 29bcbbb42bd5ccd51eec536ed4f6809c74fac324eafb051643c4234cce904099 |
|
| MD5 | b6a59567bde54f0bc67879c4f1d4eed1 |
|
| BLAKE2b-256 | 6bce179298b70176836959b8307eb5e6c63b8406c90e13a2925acd38defec0a0 |
