package setup and deployment

.gitignore

@@ -1,3 +1,6 @@
 .idea/
 venv/
 config.json*
+dist
+build
+keeper.egg-info

MANIFEST

@@ -0,0 +1,2 @@
+# file GENERATED by distutils, do NOT edit
+setup.py

README.md

@@ -1,11 +1,11 @@
-<img src="src/images/commander_logo_512x205.png" width="400">
+<img src="keeper/images/commander_logo_512x205.png" width="400">
 
 ----
 #### The Password Management SDK for IT Admins & Developers
 
 Keeper Commander is a command-line and SDK interface to [Keeper&reg; Password Manager](https://keepersecurity.com).  Keeper Commander can be used to interactively access your Keeper Vault via a standard terminal or SSH console, or it can be used as an SDK for integrating your back-end into Keeper's zero-knowledge Cloud Security Vault&trade;.
 
-Commander can securely rotate passwords in your Keeper vault and then automatically synchronize the change to all users with privileged access to the record.  Using our connector [plugins](https://github.com/Keeper-Security/commander/tree/master/src/plugins), you can then perform the password reset directly on the source (e.g. database, active directory, unix/pc login, etc...).  Using Commander to rotate passwords, combined with the flexibility of Keeper's secure record sharing features provides you with the most secure and flexible way to grant and revoke access to extremely confidential data.
+Commander can securely rotate passwords in your Keeper vault and then automatically synchronize the change to all users with privileged access to the record.  Using our connector [plugins](https://github.com/Keeper-Security/commander/tree/master/keeper/plugins), you can then perform the password reset directly on the source (e.g. database, active directory, unix/pc login, etc...).  Using Commander to rotate passwords, combined with the flexibility of Keeper's secure record sharing features provides you with the most secure and flexible way to grant and revoke access to extremely confidential data.
 
 [Here's a Video](https://youtu.be/p50OKRiaxl8) demonstrating Commander.
 
@@ -20,16 +20,155 @@ Commander can securely rotate passwords in your Keeper vault and then automatica
 * Control record and user permissions
 * Automate everything
 
-<img src="src/images/mac.png" width="709" height="727">
+<img src="keeper/images/mac.png" width="709" height="727">
 
 Keeper Commander provides deep integration of privileged password management into back-end systems to securely access credentials, elevate permissions and rotate passwords. With Keeper Commander you can automate key security features on any platform.
 
 Changes made through Keeper Commander instantly propagate to the users who have access to that specific record.
 
 When you grant and revoke access or rotate a password, it instantly updates to users on their mobile and desktop devices. Control access to highly secure systems by rotating passwords and pushing those credentials to users - all within the Keeper ecosystem.
 
-### Installation  
-Follow the instructions in the README within the src/ and src/plugins/ folder.
+### Installation
+
+You can install Keeper Commander with pip (the only requirement for this type of install is python 3.
+You can install python3 by going to [python.org](https://www.python.org) and following the instructions):
+
+```
+pip3 install keeper
+```
+Or, if you would like to make modifications, clone the repository and follow the instructions in the README within the keeper/ and keeper/plugins/ folder.
+
+#### Logging in
+<img src="keeper/images/screenshot1.png" width="625">
+
+#### Listing available commands
+<img src="keeper/images/screenshot2.png" width="625">
+
+#### Searching for records
+<img src="keeper/images/screenshot3.png" width="625">
+
+#### Getting record details
+<img src="keeper/images/screenshot4.png" width="625">
+
+#### Rotating a password
+<img src="keeper/images/screenshot5.png" width="625">
+
+The above screenshots are using the terminal version.  You can make the necessary hooks in the Commander source code to meet your integration needs.
+
+### Command line usage
+
+./keeper
+
+### Optional parameters
+
+./keeper --email=email@company.com
+
+### Auto-configuration file
+
+To automate the use of Commander, create a file called config.json and place the file in your install folder.  If you don't provide a config file, Commander will just prompt you for the information.
+
+Here's an example config.json file:
+
+```
+{
+    "server":"https://keeperapp.com/v2/",
+    "email":"your_email_here",
+    "password":"your_password_here",
+    "debug":false,
+    "commands":[]
+}
+```
+
+You can also tell Commander which config file to use.  By default, we look at the config.json file.  Example:
+
+./keeper --config=foo.json
+
+In this case, Commander will start up using foo.json as the configuration.
+
+### Auto-command execution
+
+You can provide Commander a set of commands to run without having to type them manually.  This is the easiest way to automate password resets.
+
+Example:
+
+```
+{
+    "debug":false,
+    "server":"https://keeperapp.com/v2/",
+    "email":"admin@company.com",
+    "password":"somereallystrongpassword",
+    "commands":["d", "r 3PMqasi9hohmyLWJkgxCWg", "r tlCK0x1chKH8keW8-NOraA"]
+}
+```
+
+In this example, we are telling Commander to first download and decrypt records, then reset 2 passwords.  As you can see, each unique password record in the Keeper system is represented by a unique record UID.  Use the "l" or "s" command in Commander's interactive mode to display the record UIDs in your account.
+
+### Two-Factor Authentication and Device Token
+
+If you have Two-Factor Authentication enabled on your Keeper account (highly recommended), Keeper Commander will prompt you for the one-time passcode the first time you login.  After successfully logging in, you will be provided a device token. This device token needs to be saved for subsequent calls. Copy-paste this device token into your config.json file.  For example:
+
+```
+{
+    "debug":false,
+    "server":"https://keeperapp.com/v2/",
+    "email":"email@company.com",
+    "password":"123456",
+    "mfa_token":"vFcl44TdjQcgTVfCMlUw0O9DIw8mOg8fJypGOlS_Rw0WfXbCD9iw",
+    "mfa_type":"device_token",
+    "commands":["d", "r 3PMqasi9hohmyLWJkgxCWg", "r tlCK0x1chKH8keW8-NOraA"]
+}
+```
+
+### Plugins
+
+Keeper Commander can talk to external systems for the purpose of resetting a password and synchronizing the change inside the Keeper Vault.  For example, you might want to rotate your MySQL password and Active Directory password automatically.  To support a plugin, simply add a custom field to the record to specify which plugin Keeper Commander should use when changing passwords.  Example:
+
+```
+Name: cmdr:plugin
+Value: mysql
+```
+```
+Name: cmdr:plugin
+Value: adpasswd
+```
+
+When a plugin is specified in a record, Commander will search in the plugins/ folder to load the module based on the name provided (e.g. mysql.py and active_directory.py).
+
+Keeper's team is expanding the number of plugins on an ongoing basis. If you need a particular plugin created, just let us know.
+
+### Commands
+
+To see a list of supported commands, simply type '?':
+
+```
+Keeper > ?
+
+Commands:
+
+  d         ... download & decrypt data
+  l         ... list folders and titles
+  s <regex> ... search with regular expression
+  g <uid>   ... get record details for uid
+  r <uid>   ... rotate password for uid
+  b <regex> ... rotate password for matches of regular expression
+  a         ... add a new record interactively
+  c         ... clear the screen
+  h         ... show command history
+  q         ... quit
+
+```
+
+* d (download): Downloads all records from the account, decrypts the data key, private key, decrypts records and shared folders.
+
+* l (list): Displays the Record UID, Folder and Title for all records.
+
+* s (search): search across all record data and display the Record UID, Folder and Title for matching records.
+
+* g (get): displays the full record details for a specified Record UID.  The Record UID can be determined by looking at the response from the "l" or "s" commands.
+
+* r (rotate): rotates the password field of a specified Keeper record.  The new password generated is by default set to a very strong 64-byte ASCII-based string.  The previous password is also backed up and stored as a custom field in the record, saved with the timestamp of the change.
+
+* b (batch rotate): search across all record data and rotate the password for matching records.
 
 ### Support 
 We're here to help.  If you need help integrating Keeper into your environment, contact us at ops@keepersecurity.com.

keeper/README.md

@@ -0,0 +1,52 @@
+Keeper Commander for Python 3
+----
+
+This is the codebase for a Python 3 interface to Keeper.
+
+### Installation
+
+This type of installation assumes you want to view/modify the source code. Using the instructions below,
+you will be able to have more than one copy of keeper commander installed without conflicting with each other.
+
+1) Install Python3 from [python.org](https://www.python.org)
+
+2) Install virtualenv:
+
+```
+sudo pip3 install virtualenv
+```
+
+3) Create and activate the virtual environment for your keeper project (you need to be in the keeper root folder):
+
+```
+virtualenv -p python3 venv
+source venv/bin/activate
+```
+
+4) Install the required modules
+
+```
+pip install -r requirements.txt
+```
+
+5) Install the keeper package in development mode
+
+```
+pip install -e .
+```
+
+NOTE: Keeper Commander is only compatible with Python 3.4+
+
+Keeper supports plugins for various 3rd party systems for password reset integration.  Depending on the plugin, you will need to install the modules required.  For example, to support our MySQL plugin:
+
+```
+pip3 install PyMySQL
+```
+
+6) Set up a Keeper account from https://keepersecurity.com if you don't already have one.
+
+7) Execute command line program as described below or use a config.json file to streamline usage.  Command line arguments will override the configuration file.
+
+### Help
+
+If you need help, found a bug, or you're interesting in contributing, email us at ops@keepersecurity.com.

keeper/__init__.py

@@ -0,0 +1,11 @@
+import sys
+
+from keeper.cli import loop
+
+
+def main():
+    loop()
+
+
+if __name__ == "__main__":
+    sys.exit(main())

src/api.py → keeper/api.py

@@ -17,13 +17,11 @@
 import getpass
 import time
 import os
-import generator
+from keeper import generator
 import datetime
-import plugin_manager
-from record import Record
-from error import AuthenticationError
-from error import CommunicationError
-from error import CryptoError
+from keeper import plugin_manager, params
+from keeper.record import Record
+from keeper.error import AuthenticationError, CommunicationError, CryptoError
 from Crypto import Random
 from Crypto.Hash import SHA256, HMAC, SHA
 from Crypto.Protocol.KDF import PBKDF2