# Sharing Secrets Manager Applications

## Overview

After creating a Keeper Secrets Manager (KSM) Application, you have the option to share it with other end users within your organization. Shared users gain access to the features and resources within the application, including the ability to view secrets, manage devices and gateways, and configure PAM record types using the [associated Keeper Gateway](#sharing-keeper-gateways).

Sharing enables teams to collaborate securely while maintaining strict access control through Keeper’s zero-knowledge architecture.

### Prerequisites

Prior to proceeding with this guide, ensure that you have created a KSM application. KSM applications can be created from your Vault or on Commander, for step-by-step instructions:

* [Creating KSM Application from your Vault](https://docs.keeper.io/en/keeperpam/secrets-manager/one-time-token#using-the-keeper-vault-to-generate-a-token)
* [Creating KSM Application on Commander](https://docs.keeper.io/en/keeperpam/secrets-manager/one-time-token#using-commander-to-generate-a-token)

## Sharing KSM Applications

To share the KSM application:

1. Select the KSM Application you want to share
2. Edit the KSM Application by clicking edit
3. Navigate to the "Users" tab
4. In the search bar, enter the user’s email address
5. Select the user from the dropdown to add them to the application.

<figure><img src="https://762006384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJXOXEifAmpyvNVL1to%2Fuploads%2F3mr4wxoe8aBtDlAXaA0B%2Fksmappsharing.png?alt=media&#x26;token=9d179952-834c-4080-9755-8165459c5264" alt=""><figcaption><p>KSM Application</p></figcaption></figure>

## User Permissions

When sharing a KSM application with other users, the following permissions can be assigned:

<table><thead><tr><th width="187.421875">Permission</th><th>Description</th></tr></thead><tbody><tr><td>Member</td><td>Can <strong>view</strong> the application and use the <strong>gateways</strong> associated with the application</td></tr></tbody></table>

### Sharing Implications

#### Shared Folders

Shared folders assigned to a KSM application are accessible by the devices and gateways associated with the application. When sharing a KSM application with another user, if the user does not already have access to the shared folders associated with the application, those folders **will be automatically shared** with the user.

The level of access the user receives to these shared folders depends on their assigned role in the application:

* If the user is added as a "Member":
  * The user receives the "No User Permissions" shared folder permissions

If the user already had access to any of the shared folders before being added to the KSM application, their existing folder permissions remain unchanged and are not overwritten.

#### Records

Records can be directly assigned to a KSM application via Keeper Commander `secrets-manager app share` command.

When sharing a KSM application with another user, if the user does not already have access to the records associated with the application, those records **will be automatically shared** with the user. The level of access the user receives to these records is "View Only".

**Note**: Adding individual records to a KSM application requires using Keeper Commander.

### **Removing a user from the KSM application**

Removing a user from the KSM application does not revoke their permissions from the shared folders. Folder access must be manually removed if desired.

### Sharing KSM Applications via Commander

KSM Applications can also be shared on Commander using the `secrets-manager app share` command. For more information, visit this [page](https://docs.keeper.io/en/keeperpam/commander-cli/command-reference/secrets-manager-commands#secrets-manager-app-share-command).

### Sharing Keeper Gateways

Gateways are associated with KSM applications. When you share a KSM application with another user, the associated Keeper Gateway is also shared. For more information, visit this [page](https://docs.keeper.io/en/keeperpam/privileged-access-manager/getting-started/gateways/sharing-gateways).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.keeper.io/en/keeperpam/secrets-manager/about/sharing-secrets-manager-applications.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.