Sharing Secrets Manager Applications

Sharing KSM Applications with users

This feature will be live on July 2025

Overview

After creating a Keeper Secrets Manager (KSM) Application, you have the option to share it with other end users within your organization. Shared users gain access to the features and resources within the application, including the ability to view secrets, manage devices and gateways, and configure PAM record types using the associated Keeper Gateway.

Sharing enables teams to collaborate securely while maintaining strict access control through Keeper’s zero-knowledge architecture.

Prerequisites

Prior to proceeding with this guide, ensure that you have created a KSM application. KSM applications can be created from your Vault or on Commander, for step-by-step instructions:

Sharing KSM Applications

To share the KSM application:

  1. Select the KSM Application you want to share

  2. Edit the KSM Application by clicking edit

  3. Navigate to the "Users" tab

  4. In the search bar, enter the user’s email address

  5. Select the user from the dropdown to add them to the application.

KSM Application

User Permissions

When sharing a KSM application with other users, the following permissions can be assigned:

Permission
Description

Admin

Can manage folders, users, devices and gateways within the application

Member

Can view the application and use the gateways associated with the application

Sharing Implications

Shared Folders

Shared folders assigned to a KSM application are accessible by the devices and gateways created on the KSM application.

When sharing a KSM application with another user, If the user does not already have access to the shared folders associated with the application, those folders will be automatically shared with the user.

The level of access the user receives to these shared folders depends on their assigned role in the application:

  • If the user is added as an "Admin":

    • The user receives the default shared folder permissions

  • If the user is added as a "Member":

    • The user receives the "No User Permissions" shared folder permissions

If the user already had access to any of the shared folders before being added to the KSM application, their existing folder permissions remain unchanged and are not overwritten.

Records

Records can be directly assigned to a KSM application via Keeper Commander.

When sharing a KSM application with another user, if the user does not already have access to the records associated with the application, those records will be automatically shared with the user. Regardless of "Admin" or "Member" roles, the level of access the user receives to these records is "View Only".

Note: The above is applicable to directly adding records to a KSM application via Keeper Commander.

Removing a user from the KSM application

Removing a user from the KSM application does not revoke their permissions from the shared folders. Folder access must be manually removed if desired.

Sharing KSM Applications via Commander

KSM Applications can also be shared on Commander. For more information, visit this page.

Sharing Keeper Gateways

Gateways are associated with KSM applications. When you share a KSM application with another user, the associated Keeper Gateway is also shared. For more information, visit this page.

PreviousSecrets Manager ConfigurationNextKeeper Notation

Last updated

Was this helpful?