KSM Developer SDKs

Overview

The Keeper Secrets Manager SDKs are purpose-built to provide extremely simple, fast and efficient access to Secrets Management functionality from all popular languages.

Secrets Manager SDKs

• Python

• Java / Kotlin

• JavaScript

• .Net

• Go

• Ruby

• Rust

• PowerShell

Authentication

The Secrets Manager SDK authenticates to the Keeper Vault using either the One Time Access Token or using the generated keys within the local configuration file. To generate one or more One Time Access Tokens from the Commander CLI use the secrets-manager client add command.

My Vault> secrets-manager client add --app MyApplication --unlock-ip

This initialization code will create a JSON configuration file with the following keys:

The following is an example of a generated configuration file:

{
  "hostname": "keepersecurity.com",
  "clientId": "xxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "privateKey": "xxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "serverPublicKeyId": "10",
  "appKey": "xxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "appOwnerPublicKey": "xxxxxxxxxxxxxxxxxxxxxxxxxxx"
}

For more information on configuration files, see the Config File documentation.

Configuration File Protection

Keeper provides several options for the secure encryption and storage of the KSM configuration file using popular cloud services:

• AWS KMS

• Azure Key Vault

• Entrust HSM

• Google Cloud Key Management

• Oracle Key Vault

Script Integration

Keeper Secrets Manager CLI provides a wrapper function that executes any arbitrary system call and replaces environmental variables with values from the Keeper Vault.

Secrets Manager CLI Exec Command

Vault and Admin SDKs

For higher level functionality at the Vault and Administrative level, please see the Vault SDKs page which contains links to various development tools.

Vault SDKs