Password Manager Cheatsheet

Keeper

Install CLI client

Get the latest version and install the appropriate package:

AUTHOR='Keeper-Security'
REPO_NAME='Commander'
curl -s "https://api.github.com/repos/${AUTHOR}/${REPO_NAME}/releases/latest" \
  | jq -r '.assets[].browser_download_url'
# wget whatever makes sense to download

Upgrade CLI client

python3 -m pip install --upgrade keepercommander

Login to Keeper

Run this command:

keeper login

When prompted, enter your email, then your TOTP, and finally your master password.

Resource: https://docs.keeper.io/secrets-manager/commander-cli/using-commander/logging-in

Get a password from the commander shell

This particular example will return the password for the entry called gmail.com in the vault:

My Vault> find-password gmail.com

Retrieve password using commander on the cli

This will allow you to get a credential without accessing the commander shell:

keeper find-password gmail.com

Resources:

• https://docs.keeper.io/secrets-manager/commander-cli/using-commander/command-reference/record-commands
• https://docs.keeper.io/enterprise-guide/user-and-team-provisioning/cli-provisioning-with-commander-sdk

Retrieve encryptedNote

keeper get "${RECORD_UID}" --unmask --format json | jq -r '.fields | .[0].value[0]'

• .fields selects the “fields” array in the input JSON data
• | is used to pipe the output of the previous selection to the next operation
• . [0] selects the first element in the “fields” array
• .value[0] selects the first value element within that element
• -r is used to output the raw string value without any quotes or formatting.

Resource: https://docs.keeper.io/secrets-manager/commander-cli/command-reference/record-commands#find-password-command

Useful dotfile alias

KEEPER_EMAIL='your_email@email_provider.com'
pushd "${HOME}/.keeper"
# If we're logged in, get the Password/My Password credential
if [[ ! "$(echo 'n' | keeper login ${KEEPER_EMAIL} | grep -i 'not logged in')" ]]; then
    alias my_pw="keeper find-password 'Password/My Password' | pbcopy"
fi
popd

Keeper Secrets Manager (KSM)

Note: This section of the the cheatsheet requires an enterprise keeper account.

Login to KSM

keeper login "${KEEPER_EMAIL}"
# Once logged into Vault:
enterprise-role "Keeper Administrator" --enforcement "ALLOW_SECRETS_MANAGER:True"

Create secrets manager application

keeper login "${KEEPER_EMAIL}"
# Once logged into Vault:
secrets-manager app create MyApplication

Create secrets manager client device

secrets-manager client add --app MyApplication

Kubernetes integration

secrets-manager client add --app MyApplication --unlock-ip --config-init k8s

LastPass

Login to LP

To get started, you have to login:

lpass login <your email address>

Look for passwords matching a string

lpass show stringtomatch

Get a password

This will grab a password from LastPass via the cli.

lpass show folder_name/name_of_password \
  | grep -i password | awk -F ': ' '{print $2}'