Install CLI client

Get the latest version and install the appropriate package:

curl -s "${AUTHOR}/${REPO_NAME}/releases/latest" \
  | jq -r '.assets[].browser_download_url'
# wget whatever makes sense to download

Upgrade CLI client

python3 -m pip install --upgrade keepercommander

Login to Keeper

Run this command:

keeper login

When prompted, enter your email, then your TOTP, and finally your master password.


Get a password from the commander shell

This particular example will return the password for the entry called in the vault:

My Vault> find-password

Retrieve password using commander on the cli

This will allow you to get a credential without accessing the commander shell:

keeper find-password


Retrieve encryptedNote

keeper get "${RECORD_UID}" --unmask --format json | jq -r '.fields | .[0].value[0]'
  • .fields selects the “fields” array in the input JSON data
  • | is used to pipe the output of the previous selection to the next operation
  • . [0] selects the first element in the “fields” array
  • .value[0] selects the first value element within that element
  • -r is used to output the raw string value without any quotes or formatting.


Useful dotfile alias

pushd "${HOME}/.keeper"
# If we're logged in, get the Password/My Password credential
if [[ ! "$(echo 'n' | keeper login ${KEEPER_EMAIL} | grep -i 'not logged in')" ]]; then
    alias my_pw="keeper find-password 'Password/My Password' | pbcopy"

Keeper Secrets Manager (KSM)

Note: This section of the the cheatsheet requires an enterprise keeper account.

Login to KSM

keeper login "${KEEPER_EMAIL}"
# Once logged into Vault:
enterprise-role "Keeper Administrator" --enforcement "ALLOW_SECRETS_MANAGER:True"

Create secrets manager application

keeper login "${KEEPER_EMAIL}"
# Once logged into Vault:
secrets-manager app create MyApplication

Create secrets manager client device

secrets-manager client add --app MyApplication

Kubernetes integration

secrets-manager client add --app MyApplication --unlock-ip --config-init k8s


Login to LP

To get started, you have to login:

lpass login <your email address>

Look for passwords matching a string

lpass show stringtomatch

Get a password

This will grab a password from LastPass via the cli.

lpass show folder_name/name_of_password \
  | grep -i password | awk -F ': ' '{print $2}'