search

Ruby SDK

Detailed Ruby SDK docs for Keeper Secrets Manager

hashtag
Download and Installation

hashtag
Installation

The Ruby SDK supports Ruby version 3.1 and above. For more information, see:

https://rubygems.org/gems/keeper_secrets_managerarrow-up-right

hashtag
Install with gem:

hashtag
Or add to your Gemfile:

Then run:

hashtag
Source Code

Find the Ruby source code in the GitHub repositoryarrow-up-right

hashtag
Using the SDK

hashtag
Initialize Storage

The Keeper Secrets Manager SDK requires a One-Time Access Token to initialize storage on a client device. After initialization, the SDK stores the configuration for future use.

Parameter
Type
Required
Default
Description

token

String

Optional

nil

One-Time Access Token for initial binding

config

KeyValueStorage

Yes

-

Storage implementation for configuration persistence

hostname

String

Optional

'keepersecurity.com'

API hostname (e.g., 'keepersecurity.eu' for EU datacenter)

verify_ssl_certs

Boolean

Optional

true

Enable/disable SSL certificate verification

Note: Using a One-Time Access Token requires at least one read operation to bind the token and fully populate the configuration.

hashtag
Example Usage

Using a One-Time Access Token:

hashtag
Using File-Based Storage

For persistent configuration across application restarts:

Alternatively connect with the base64 configuration file generated by your vault:

hashtag
Using Environment Variables

For read-only configuration from environment:

hashtag
Retrieve Secrets

hashtag
Get Secrets

Parameter
Type
Required
Default
Description

uids

Array<String>

Optional

[]

Record UIDs to retrieve. Empty array retrieves all secrets.

Response:

Type: Array<KeeperRecord>

Array containing all Keeper records, or records that match the given UID filter.

hashtag
Example Usage

Retrieve All Secrets:

Retrieve Secrets by UID:

hashtag
Get Secrets by Title

Parameter
Type
Required
Default
Description

title

String

Yes

-

Record title to search for (exact match)

Response:

Type: Array<KeeperRecord> (for get_secrets_by_title) or KeeperRecord (for get_secret_by_title)

Returns all records matching the title, or the first matching record.

hashtag
Example Usage

hashtag
Retrieve Values From a Secret

Once a secret is retrieved, individual fields can be accessed using multiple approaches:

hashtag
Using Dynamic Field Access

hashtag
Using Explicit Field Methods

hashtag
Using Keeper Notation

hashtag
Retrieve a TOTP Code

To generate a TOTP code, retrieve the TOTP URL from the record and use the KeeperSecretsManager::TOTP module.

Parameter
Type
Required
Default
Description

secret

String

Yes

-

Base32-encoded TOTP secret

algorithm

String

Optional

'SHA1'

Hash algorithm (SHA1, SHA256, SHA512)

digits

Integer

Optional

6

Number of digits in the code

period

Integer

Optional

30

Time period in seconds

Response:

Type: String

Returns the current Time-Based One-Time Password (TOTP) code for two-factor authentication.

hashtag
Example Usage

Note: TOTP generation requires the base32 gem for decoding the secret. Install with gem install base32.

hashtag
Generate a Random Password

Generate cryptographically secure random passwords with customizable character requirements. This utility function is useful when creating or updating secrets programmatically.

Parameter
Type
Required
Default
Description

length

Integer

Optional

64

Total password length

lowercase

Integer

Optional

0

Minimum number of lowercase letters (a-z)

uppercase

Integer

Optional

0

Minimum number of uppercase letters (A-Z)

digits

Integer

Optional

0

Minimum number of digit characters (0-9)

special_characters

Integer

Optional

0

Minimum number of special characters (!@#$%^&*()_+-=[]{}

Response:

Type: String

Returns a cryptographically secure random password meeting the specified requirements.

Note: This function uses Ruby's SecureRandom for cryptographic-strength randomness and applies Fisher-Yates shuffle to ensure proper character distribution.

hashtag
Example Usage

Generate a default 64-character password:

Generate password with specific requirements:

Use when creating a new secret:

Use when updating an existing secret:

Password rotation script:

hashtag
Update a Secret

Parameter
Type
Required
Default
Description

record

KeeperRecord

Yes

-

The modified record to update in the vault

Response:

Type: void

Updates the secret in the vault with the modified values.

hashtag
Example Usage

hashtag
Download a File

Parameter
Type
Required
Default
Description

file

KeeperFile

Yes

-

File object from a KeeperRecord to download

Response:

Type: Hash

Returns a hash containing:

  • 'name' - File name

  • 'data' - File contents as binary string

  • 'size' - File size in bytes

  • 'type' - MIME type of the file

hashtag
Example Usage

hashtag
Upload a File

Parameter
Type
Required
Default
Description

owner_record_uid

String

Yes

-

UID of the record to attach the file to

file_data

String

Yes

-

File contents as binary string or text

file_name

String

Yes

-

Name of the file in Keeper

file_title

String

Optional

nil

Title/description of the file in Keeper

Response:

Type: String

Returns the UID of the uploaded file.

hashtag
Example Usage

hashtag
Create a Secret

Parameter
Type
Required
Default
Description

record_data

Hash

Yes

-

Hash containing record structure (type, title, fields, custom, notes)

options

CreateOptions

Yes

-

CreateOptions object containing folder_uid (required) and optional settings

Response:

Type: String

Returns the UID of the created secret.

Prerequisites:

  • Shared folder UID (if specifying folder_uid)

  • Shared folder must be accessible by the Secrets Manager Application

  • You and the Secrets Manager application must have edit permission

  • There must be at least one record in the shared folder

  • Record fields must be formatted correctly (see field type documentation)

hashtag
Example Usage

hashtag
Create Custom Type Record

hashtag
Delete a Secret

Parameter
Type
Required
Default
Description

uids

String or Array<String>

Yes

-

UID or array of UIDs of secrets to delete

Response:

Type: void

Deletes the specified secret(s) from the vault.

hashtag
Example Usage

hashtag
Folders

The Ruby SDK provides full CRUD support for folder operations.

hashtag
Get Folders

Response:

Type: Array<KeeperFolder>

Returns all folders accessible to the Secrets Manager application.

hashtag
Example Usage

hashtag
Get Folder Path

Parameter
Type
Required
Default
Description

folder_uid

String

Yes

-

UID of the folder

Response:

Type: String

Returns the full path to the folder (breadcrumb trail separated by "/").

hashtag
Example Usage

hashtag
Find Folder by Name

Parameter
Type
Required
Default
Description

name

String

Yes

-

Name of the folder to find

parent_uid

String

Optional

nil

UID of parent folder to search within

Response:

Type: KeeperFolder or nil

Returns the first folder matching the name, or nil if not found.

hashtag
Example Usage

hashtag
Build Folder Tree

hashtag
Create a Folder

Parameter
Type
Required
Default
Description

name

String

Yes

-

Name of the folder to create

parent_uid

String

Yes

-

UID of the parent shared folder

Response:

Type: String

Returns the UID of the created folder.

hashtag
Example Usage

hashtag
Update a Folder

Parameter
Type
Required
Default
Description

folder_uid

String

Yes

-

UID of the folder to update

new_name

String

Yes

-

New name for the folder

Response:

Type: void

Renames the specified folder.

hashtag
Example Usage

hashtag
Delete Folders

Parameter
Type
Required
Default
Description

folder_uid

String

Yes

-

UID of the folder to delete

force

Boolean

Optional

false

If true, deletes folder and all its contents. If false, only deletes empty folders.

Response:

Type: void

Deletes the specified folder from the vault.

hashtag
Example Usage

hashtag
Caching

Improve performance by caching secrets locally:

hashtag
Using CachingStorage

hashtag
Custom Caching with custom_post_function

For advanced caching scenarios:

hashtag
Error Handling

The SDK provides specific exception classes for different error scenarios:

hashtag
Common Error Scenarios

hashtag
Advanced Configuration

hashtag
Custom Hostname

hashtag
SSL Certificate Verification

hashtag
Custom Logging

hashtag
All Configuration Options

hashtag
Field Type Helpers

Optional convenience methods for creating typed fields:

hashtag
Dynamic Record Access

The Ruby SDK uses method_missing to provide JavaScript-style dynamic field access:

PreviousRecord Field ClassesNextRust SDK

Last updated

Was this helpful?