Ruby SDK

Detailed Ruby SDK docs for Keeper Secrets Manager

Download and Installation

Installation

The Ruby SDK supports Ruby version 3.1 and above. For more information, see:

https://rubygems.org/gems/keeper_secrets_manager

Install with gem:

Or add to your Gemfile:

Then run:

Source Code

Find the Ruby source code in the GitHub repository

Using the SDK

Initialize Storage

The Keeper Secrets Manager SDK requires a One-Time Access Token to initialize storage on a client device. After initialization, the SDK stores the configuration for future use.

Parameter
Type
Required
Default
Description

token

String

Optional

nil

One-Time Access Token for initial binding

config

KeyValueStorage

Yes

-

Storage implementation for configuration persistence

hostname

String

Optional

'keepersecurity.com'

API hostname (e.g., 'keepersecurity.eu' for EU datacenter)

verify_ssl_certs

Boolean

Optional

true

Enable/disable SSL certificate verification

Note: Using a One-Time Access Token requires at least one read operation to bind the token and fully populate the configuration.

Example Usage

Using a One-Time Access Token:

Using File-Based Storage

For persistent configuration across application restarts:

Alternatively connect with the base64 configuration file generated by your vault:

Using Environment Variables

For read-only configuration from environment:

Retrieve Secrets

Get Secrets

Parameter
Type
Required
Default
Description

uids

Array<String>

Optional

[]

Record UIDs to retrieve. Empty array retrieves all secrets.

Response:

Type: Array<KeeperRecord>

Array containing all Keeper records, or records that match the given UID filter.

Example Usage

Retrieve All Secrets:

Retrieve Secrets by UID:

Get Secrets by Title

Parameter
Type
Required
Default
Description

title

String

Yes

-

Record title to search for (exact match)

Response:

Type: Array<KeeperRecord> (for get_secrets_by_title) or KeeperRecord (for get_secret_by_title)

Returns all records matching the title, or the first matching record.

Example Usage

Retrieve Values From a Secret

Once a secret is retrieved, individual fields can be accessed using multiple approaches:

Using Dynamic Field Access

Using Explicit Field Methods

Using Keeper Notation

Retrieve a TOTP Code

To generate a TOTP code, retrieve the TOTP URL from the record and use the KeeperSecretsManager::TOTP module.

Parameter
Type
Required
Default
Description

secret

String

Yes

-

Base32-encoded TOTP secret

algorithm

String

Optional

'SHA1'

Hash algorithm (SHA1, SHA256, SHA512)

digits

Integer

Optional

6

Number of digits in the code

period

Integer

Optional

30

Time period in seconds

Response:

Type: String

Returns the current Time-Based One-Time Password (TOTP) code for two-factor authentication.

Example Usage

Note: TOTP generation requires the base32 gem for decoding the secret. Install with gem install base32.

Generate a Random Password

Generate cryptographically secure random passwords with customizable character requirements. This utility function is useful when creating or updating secrets programmatically.

Parameter
Type
Required
Default
Description

length

Integer

Optional

64

Total password length

lowercase

Integer

Optional

0

Minimum number of lowercase letters (a-z)

uppercase

Integer

Optional

0

Minimum number of uppercase letters (A-Z)

digits

Integer

Optional

0

Minimum number of digit characters (0-9)

special_characters

Integer

Optional

0

Minimum number of special characters (!@#$%^&*()_+-=[]{}

Response:

Type: String

Returns a cryptographically secure random password meeting the specified requirements.

Note: This function uses Ruby's SecureRandom for cryptographic-strength randomness and applies Fisher-Yates shuffle to ensure proper character distribution.

Example Usage

Generate a default 64-character password:

Generate password with specific requirements:

Use when creating a new secret:

Use when updating an existing secret:

Password rotation script:

Update a Secret

Parameter
Type
Required
Default
Description

record

KeeperRecord

Yes

-

The modified record to update in the vault

Response:

Type: void

Updates the secret in the vault with the modified values.

Example Usage

Download a File

Parameter
Type
Required
Default
Description

file

KeeperFile

Yes

-

File object from a KeeperRecord to download

Response:

Type: Hash

Returns a hash containing:

  • 'name' - File name

  • 'data' - File contents as binary string

  • 'size' - File size in bytes

  • 'type' - MIME type of the file

Example Usage

Upload a File

Parameter
Type
Required
Default
Description

owner_record_uid

String

Yes

-

UID of the record to attach the file to

file_data

String

Yes

-

File contents as binary string or text

file_name

String

Yes

-

Name of the file in Keeper

file_title

String

Optional

nil

Title/description of the file in Keeper

Response:

Type: String

Returns the UID of the uploaded file.

Example Usage

Create a Secret

Parameter
Type
Required
Default
Description

record_data

Hash

Yes

-

Hash containing record structure (type, title, fields, custom, notes)

options

CreateOptions

Yes

-

CreateOptions object containing folder_uid (required) and optional settings

Response:

Type: String

Returns the UID of the created secret.

Prerequisites:

  • Shared folder UID (if specifying folder_uid)

  • Shared folder must be accessible by the Secrets Manager Application

  • You and the Secrets Manager application must have edit permission

  • There must be at least one record in the shared folder

  • Record fields must be formatted correctly (see field type documentation)

Example Usage

Create Custom Type Record

Delete a Secret

Parameter
Type
Required
Default
Description

uids

String or Array<String>

Yes

-

UID or array of UIDs of secrets to delete

Response:

Type: void

Deletes the specified secret(s) from the vault.

Example Usage

Folders

The Ruby SDK provides full CRUD support for folder operations.

Get Folders

Response:

Type: Array<KeeperFolder>

Returns all folders accessible to the Secrets Manager application.

Example Usage

Get Folder Path

Parameter
Type
Required
Default
Description

folder_uid

String

Yes

-

UID of the folder

Response:

Type: String

Returns the full path to the folder (breadcrumb trail separated by "/").

Example Usage

Find Folder by Name

Parameter
Type
Required
Default
Description

name

String

Yes

-

Name of the folder to find

parent_uid

String

Optional

nil

UID of parent folder to search within

Response:

Type: KeeperFolder or nil

Returns the first folder matching the name, or nil if not found.

Example Usage

Build Folder Tree

Create a Folder

Parameter
Type
Required
Default
Description

name

String

Yes

-

Name of the folder to create

parent_uid

String

Yes

-

UID of the parent shared folder

Response:

Type: String

Returns the UID of the created folder.

Example Usage

Update a Folder

Parameter
Type
Required
Default
Description

folder_uid

String

Yes

-

UID of the folder to update

new_name

String

Yes

-

New name for the folder

Response:

Type: void

Renames the specified folder.

Example Usage

Delete Folders

Parameter
Type
Required
Default
Description

folder_uid

String

Yes

-

UID of the folder to delete

force

Boolean

Optional

false

If true, deletes folder and all its contents. If false, only deletes empty folders.

Response:

Type: void

Deletes the specified folder from the vault.

Example Usage

Caching

Improve performance by caching secrets locally:

Using CachingStorage

Custom Caching with custom_post_function

For advanced caching scenarios:

Error Handling

The SDK provides specific exception classes for different error scenarios:

Common Error Scenarios

Advanced Configuration

Custom Hostname

SSL Certificate Verification

Custom Logging

All Configuration Options

Field Type Helpers

Optional convenience methods for creating typed fields:

Dynamic Record Access

The Ruby SDK uses method_missing to provide JavaScript-style dynamic field access:

PreviousRecord Field ClassesNextRust SDK

Last updated

Was this helpful?