Rust SDK
Detailed Rust SDK docs for Keeper Secrets Manager
Download and Installation
Adding as Package using Cargo
Source Code
Find the Rust source code in the GitHub repository
Using the SDK
Initialise
Parameter
Required
Description
Type
token
Yes
One Time Access Token
String
config
Yes
Storage Configuration
KeyValueStorage
Retrieve Secrets
Parameter
Type
Required
Default
Description
uids
Vec<String>
Optional
None
Record UIDs to fetch
Response
Type: Vec<Record>
All Keeper records, or records with the given UIDs
default - we will get all records which the token given has access to
Retrieve Values from secret
Retrieve a password
This shortcut gets the password of a secret once that secret has been retrieved from Keeper Secrets Manager.
Retrieve Standard Fields
field_type
String
Yes
None
Field type to get
single
boolean
Optional
False
Return only the first value
Field types are based on the Keeper Record Type. For a detailed list of available fields based on the Keeper Record Type, see the record-type-info command in Keeper Commander.
Retrieve Custom Fields
field_type
String
Yes
-
Field type to get
single
boolean
Optional
False
Return only the first value
Custom fields are any field that is not part of the record type definition but can be added by users.
Response
Type:
StringorVec<String>
the value or values of the field. It will be a single value only if the single=true option is passed.
Records by Title
Response
Type:
Record<Option<Vec<Record>>>
record_title
&str
Yes
Title of the record to be fetched
Retrieve Values using Keeper Notation
See Keeper Notation documentation to learn about Keeper Notation format and capabilities
query
String
Yes
-
Keeper Notation query for getting a value from a specified field
Returns
The value of the queried field
Type: String or Vec<String>
Retrieve a TOTP Code
Returns
Type:
Result<TotpCode,KSMRError>
url
String
Yes
TOTP Url
Update a Secret
Record update commands don't update local record data on success (esp. updated record revision) so any consecutive updates to an already updated record will fail due to revision mismatch. Make sure to reload all updated records after each update batch.
Save Changes to a Secret
record
Record
Yes
Storage and query configuration
transaction_type
UpdateTransactionType
Yes
Configuration for transactional update
Set field values using the set_standard_field_value_mut or the set_custom_field_value_mut method.
Fields are found by type.
For a list of field types, see the Record Types documentation. Some fields have multiple values in these cases, the value can be set to a list.
Update a Standard Field Value
field_type
String
Yes
Field type to get
transaction_type
UpdateTransactionType
Yes
None
Configuration for transactional update
Fields are found by type. For a list of field types, see the Record Types documentation.
Update a Custom Field Value
field_type
String
Yes
Field type to get
transaction_type
UpdateTransactionType
Yes
None
Configuration for transactional update
Generate a Random Password
password_options
PasswordOptions
Yes
Configuration for the password
charset
String
Optional
Set of special characters to be included in the password
length
i32
Optional
64
Length of password
lowercase
i32
Optional
0
Count of lowercase characters in the password
uppercase
i32
Optional
0
Count of uppercase characters in the password
digits
i32
Optional
0
Count of digits in the password
special_characters
i32
Optional
0
Count of special characters in the password
Each parameter indicates the minimum number of a type of character to include. For example, 'uppercase' indicates the minimum number of uppercase letters to include.
Download a File
file_name
&str
Yes
Name of the file to be downloaded
path
&str
Yes
Path to download file
Upload File
Upload File Parameters
owner_record
Record
Yes
None
The record in which the file has to be uploaded
keeper_file
KeeperFileUpload
Yes
The file to be uploaded
File Parameters
file_path
&str
Yes
Path to upload file
file_name
Option<&str>
Yes
Name of the file to be uploaded
file_title
Option<&str>
Yes
Title of the file to be uploaded
mime_type
Option<&str>
Yes
None
The type of data in the file. If none is provided, 'application/octet-stream' will be used
Returns
Type:
String
The file UID of the attached file
Create a secret
Prerequisites:
Shared folder UID
The shared folder must be accessible by the Secrets Manager Application
You and the Secrets Manager application must have edit permission
There must be at least one record in the shared folder
Created records and record fields must be formatted correctly
See the documentation for expected field formats for each record type
TOTP fields accept only URL generated outside of the KSM SDK
After record creation, you can upload file attachments using upload_file
record_type
DefaultRecordType
Yes
None
Type of record to be created
title
String
Yes
The title of the created record
note
String
Yes
None
The note to be made in the created record
value
String
Yes
Value for the field
label
String
Yes
None
Label for the field
required
bool
Yes
false
Defines if the field is required
privacy_screen
bool
Yes
false
Defines if the field value should be hidden
Returns
Type:
String
The record UID of the new record
Delete A Secret
The Rust KSM SDK can delete records in the Keeper Vault.
record_uid
String
Yes
None
The uid of the record to be deleted
Caching
To protect against losing access to your secrets when network access is lost, the Rust SDK allows caching of secrets to the local machine in an encrypted file.
Setup and Configure Cache
In order to setup caching in the Rust SDK, include a caching post function when creating a SecretsManager object.
The Rust SDK includes a default caching function in the KSMRCache class, which stores cached queries to a local file, thus serving as a disaster recovery function (as long as there's network connectivity, it always prefers network over cached data and will use cache only if the web vault is inaccessible).
The default caching function in KSMCache class always stores last request only. For example, if the first request (R1) successfully retrieves UID1 and updates the cache, but a subsequent request (R2) for UID2 fails, the cache will not include UID2. As a result, any later operations involving UID2 (e.g., lookup or disconnect) will return an empty response, since it was never added to the cache.
Updating a record from cache (or creating new record) invalidates cached record data and consecutive updates of the same record will fail. Batch updates work as long as they modify different records. Always follow up cached record updates with a call to get_secrets function to refresh cache (and pull updated metadata from vault like the new record revision etc.)
Folders
Folders have full CRUD support—create, read, update, and delete operations.
Read Folders
Downloads full folder hierarchy.
Returns
Type:
Vec<KeeperFolder>
Create Folder
Requires CreateOptions and folder name to be provided. The folder UID parameter in CreateOptions is required—the UID of a shared folder, while sub-folder UID is optional, and if missing, a new regular folder is created directly under the parent (shared folder). There's no requirement for the sub-folder to be a direct descendant of the parent shared folder - it could be many levels deep.
create_options
CreateOptions
Yes
None
The parent and sub-folder UIDs
folder_name
str
Yes
The folder name
folders
Vec<KeeperFolder>
No
None
List of folders to use in the search for parent and sub-folder from CreateOptions
Update Folder
Updates the folder metadata—currently folder name only.
folder_uid
str
Yes
The folder uid
folder_name
str
Yes
The new folder name
folders
Vec<KeeperFolder>
No
None
List of folders to use in the search for parent folder
Delete Folders
Removes a list of folders. Use the force_deletion flag to remove non-empty folders.
folder_uids
Vec<String>
Yes
The folder UID list
force_deletion
boolean
No
false
Force deletion of non-empty folders
Last updated
Was this helpful?