Secrets Manager Share Commands

This page focuses on usage of secrets manager commands related to sharing and removing the secrets to an application

Overview

Controls which records or folders (secrets) are accessible to a Secrets Manager App.

  • User "share" secrets with an App by linking them via this command.

  • User can also choose whether the app has read-only or editable access.

Commands

Secrets Manager Share

This command associates a vault folder or record with a Secrets Manager Application, granting the app access to those secrets.

DotNet CLI

Command: ksm

Action: share

Flags:

  • --folder : Shared Folder UID or name. "share", "unshare" only

  • -e, --can-edit : Can secret be edited? "share", "unshare" only

  • --help : Display this help screen.

  • --version : Display version information.

  • value pos. 0 : KSM command: "view", "create", "delete", "share", "unshare", "add-client", "delete-client", "list", "app-share", "app-unshare"

  • value pos. 1 : Secret Manager application UID or Title

Example:

My Vault > ksm share ksm_app_uid --folder folder_uid
  Application UID: ksm_app_uid
               Title: Test_Example Application

Shares
  #  Share Type    Share UID               Share Title                    Editable  Created           
---  ------------  ----------------------  -----------------------------  --------  ------------------
  1  SharedFolder  ksm_app_uid             Example Resources                 X         5/2/2025 9:53 AM

Devices
  #  Name                  Device ID  Created             Last Accessed     
---  --------------------  ---------  ------------------  ------------------
  1  Exmaple Application    4xeebo     5/2/2025 9:53 AM    7/8/2025 10:56 AM
DotNet SDK

Function: ShareToSecretManagerApplication

 Task<SecretsManagerApplication> ShareToSecretManagerApplication(string applicationId,
            string sharedFolderOrRecordUid, bool canEdit);

Arguments:

applicationId - ID of ksm application to whom the folder or record is being shared

sharedFolderOrRecordUid ID of record or shared folder

canEdit - Boolean whether the permission to be edited is to be given or not

PowerCommander

Command: Grant-KeeperSecretManagerFolderAccess

Aliases : ksm-share

Flags:

  • -App : Application UID

  • -Secret : UID of the Secret/Record/Folder

Example:

PS > Grant-KeeperSecretManagerFolderAccess -App ksm_app_uid  -Secret record_uid   

Uid                    Title                    IsExternalShare DeviceCount ShareCount
---                    -----                    --------------- ----------- ----------
ksm_app_uid            Example Application         False           7           6
Python CLI

Command: secret-manager-share --command=<add/remove>

Parameters:

  • --command Add or remove

  • -a --app Application Name or UID

  • -s --secret Record UID - space separated (e.g., "uid1 uid2 uid3")

Options:

  • -e --editable Is this share going to be editable or not

Example:

My Vault> secrets-manager-share --command='add' -e -a='ksm_uid' -s='record_uid'

Successfully added secrets to app uid=ksm_uid, editable=True:
record_uid  Record
Share updates processed successfully
My Vault>
Python SDK

Function: Coming Soon

Secrets Manager Unshare

This command removes a previously shared folder or record from a Secrets Manager Application, revoking its access to that secret.

DotNet CLI

Command: ksm

Action: unshare

Flags:

  • --folder : Shared Folder UID or name. "share", "unshare" only

  • -e, --can-edit : Can secret be edited? "share", "unshare" only

  • value pos. 1 : Secret Manager application UID or Title

Example:

My Vault > ksm unshare ksm_app_uid --folder folder_uid
  Application UID: ksm_app_uid
               Title: Test_Example Application

Shares
  #  Share Type    Share UID               Share Title                    Editable  Created           
---  ------------  ----------------------  -----------------------------  --------  ------------------

Devices
  #  Name                  Device ID  Created             Last Accessed     
---  --------------------  ---------  ------------------  ------------------
  1  Exmaple Application    4xeebo     5/2/2025 9:53 AM    7/8/2025 10:56 AM
DotNet SDK

Function: UnshareFromSecretManagerApplication

Task<SecretsManagerApplication> UnshareFromSecretManagerApplication(string applicationId,
            string sharedFolderOrRecordUid);

Arguments:

applicationId - ID of ksm application to whom the folder or record is being unshared

sharedFolderOrRecordUid ID of record or shared folder whose permissions are being revoked

PowerCommander

Command: Revoke-KeeperSecretManagerFolderAccess

Alias: ksm-unshare

Flags:

  • -App : Application UID

  • -Secret : UID of the Secret/Record/Folder

Example:

PS > Revoke-KeeperSecretManagerFolderAccess -App ksm_app_uid  -Secret record_uid 

Uid                    Title                    IsExternalShare DeviceCount ShareCount
---                    -----                    --------------- ----------- ----------
ksm_app_uid            Example Application         False           7           5
Python CLI

Command: secret-manager-share --command=<add/remove>

Parameters:

  • --command Add or remove

  • -a --app Application Name or UID

  • -s --secret Record UID - space separated (e.g., "uid1 uid2 uid3")

Example:

My Vault> secrets-manager-share --command='remove' -a='ksm_uid' -s='record_uid'
Shared secrets were successfully removed from the application
Python SDK

Function: Coming soon

PreviousSecrets Manager Client CommandsNextBreachWatch Commands

Last updated

Was this helpful?