Keeper - A Better Secure Way to Store Password from Command Line

Posted on : April 3, 2017 , Last Updated on : April 3, 2017 By in LINUX HOWTO
| Reply More

Keeper password manager is a tool that stores password credentials in an encrypted digital vault. You need one master password to gain access to the vault and then create a new entry for password, edit/view previous passwords. You can also specify password complexity rules and generate a strong password using random password generators. Keeper password manager has a command-line shell interface by the name keeper commander that provides instant terminal access to the vault on any Unix,  Mac or Windows system. This article covers how to store, edit passwords using keeper password manager and then gain access to the password from terminal using commander.

In the first step, we will create an account in keeper security for creating our vault and in the second step we will explore keeper commander to download, rotate, decrypt passwords from the stored vault.

Create Account/Vault

To setup the vault, create an account in keeper security and then log in to the vault to create new records for your daily usages passwords. while creating records for passwords, you have the options for creating new custom fields, specifying its value, adding files or photos, folder name, note etc. Proceed with creating few records so that you can access these records using commander for editing, decryption, rotation of passwords etc. that we will explore in the next step.

About Keeper commander

The commander is an open source SDK that is written in Python to customized to meet any needs and to integrate it into back-end systems. There are few useful cases where we can safe-keep the passwords using commander-

→ Eliminate hard-coded or plain-text passwords in any back-end systems.
→ Rotate passwords on shared accounts.
→ Perform password rotations on target systems.
→Access passwords through a terminal or SSH session.
→Authenticate with Yubikey and other 2FA methods.
→Schedule and automate rotations.

Keeper Commander provides deep integration of privileged password management into back-end systems to securely access credentials, elevate permissions, rotate passwords and automate key security features. Any changes made through Keeper Commander is instantly propagated to all users who have access to the particular record. When you grant and revoke access or rotate a password, it instantly updates to users on their mobile and desktop devices. Commander controls access to highly secure systems by rotating passwords and pushing these credentials to users within the Keeper ecosystem.

Install Keeper commander in Ubuntu 16

Keeper commander needs python3 and Ubuntu 16 comes preloaded with python3. We need to install only python3-pip. Install pip3 by executing the following command in the terminal.

 # sudo apt-get install -y python3-pip

Now install commander using pip3

 # pip3 install keepercommander
 # keeper --version
 keeper, version 0.6.4

To upgrade the keeper commander pass upgrade parameter with install command.

 # pip3 install --upgrade keepercommander

Usages of Keeper commander

we can use commander in three ways-

  1. From command line or script.
  2. From keeper shell.
  3. From Python program by importing keeper commander package.

We will mainly explore usages of commander via keeper shell. Start the keeper shell by executing the following command from the terminal. Commander will ask for e-mail id, password and two factor code if you have set it in the step1.

 # keeper shell
 .......................
 .......................

 User(Email):
 Password:
 Downloading records...
 Two-Factor Code:
 Updated mfa_token in config.json
 Downloaded & Decrypted [1] Record
 Keeper >

Type 'l' to list all the records.

 Keeper > l
  #      Record UID                 Folder      Title
  ---  ----------------------      --------  ------------
  1    GInv_JTr3G0tvD88fiBpmw         PC      CentOS Login
  2    FTiS3-bnQJOrjZAFzVhuhw         PC      Windows7

Type 'a' to add a record interactively. we will also add two custom field by the name cmdr:plugin and cmdr:rules. These two fields are already defined in unixpasswd plugins section of keeper commander. The value for both these fields are unixpasswd and 4,4,2,0 respectively.

 Keeper > a
 ... Title (req'd): Ubuntu
 ... Folder: PC
 ... Login: 
 ... Password: badpassword
 ... Login URL: 
 ... Notes: Local Ubuntu login
 ... Custom Field Name : cmdr:plugin
 ... Custom Field Value : unixpasswd
 ... Custom Field Name : cmdr:rules
 ... Custom Field Value : 4,4,2,0
 ... Custom Field Name : 
 New record successful for record_uid=5Y_pelKVOLnSqzk9dmD_-g, revision=0 , new_revision=131513087
 Downloading records...
 Downloaded & Decrypted [3] Records

To make use of these two custom fields, install the dependency for unixpasswd i.e pexpect. Unixpasswd is a commander plugin for Unix Passwd Command.

 # pip3 install pexpect

There are a number of plugins available for commander like MySQL, AWS, Oracle etc. To make use of these plugins, install the dependencies for each plugins add then add the custom field and its value in the record as described in each plugins usages section.

To rotate the password the format is r <UID>

 Keeper > r FTiS3-bnQJOrjZAFzVhuhw    
 Rotation successful for record_uid=FTiS3-bnQJOrjZAFzVhuhw, revision=131373275,
 new_revision=131517950

To find the list of available commands, type '?' in the Keeper shell.

 Keeper > ?
 Commands:

 d         ... download & decrypt data
 l         ... list folders and titles
 s <regex> ... search with regular expression
 g <uid>   ... get record details for uid
 r <uid>   ... rotate password for uid
 b <regex> ... rotate password for matches of regular expression
 a         ... add a new record interactively
 c         ... clear the screen
 h         ... show command history
 q         ... quit

To download the record type 'd' in keeper shell.

 Keeper > d
 Downloading records...
 Downloaded & Decrypted [1] Record

To get the record details of particular UID type 'g <uid>' in keeper shell.

 Keeper > g gM_dfAQOtbmHOGh9fEWJ6w

To quit the keeper shell, type 'q'

 Keeper > q

We have checked all the commands from keeper shell that includes adding custom fields for 'unixpasswd' plugin. You can now use other commander plugins easily.

Conclusion

Managing passwords is simple with Keeper password manager. Keeper generates strong passwords and organizes passwords on all platforms and devices. Using  Keeper's Cloud Security Vault, you can securely store, manage and share your digital assets. Thanks for reading the article.

Filed Under : LINUX HOWTO, OPEN SOURCE TOOLS

Tagged With : ,

Free Linux Ebook to Download

Leave a Reply

All comments are subject to moderation.