Vault Release 17.5.0

Features

VAUL-7049: Notification Center

We’ve introduced a new Notification Center in the Web Vault—a secure, in-app hub for viewing and managing important account and security updates, without relying solely on email. Notifications now appear directly in the Vault and can also be delivered through native OS or browser notifications.

After logging into the Vault, you’ll see a bell icon in the upper-right corner next to your profile. This is your Notification Center. The bell displays the number of unread notifications at a glance.

Inside the Notification Center, you can filter notifications and respond to actionable events such as device approvals and sharing requests.

To learn more about how it works, please visit our documentation page.

VAUL-7401: KeeperPAM Session Metadata

When you launch a PAM connection, Keeper now displays more session details, making it easier to recognize and track your connections at a glance.

For each launched session, Keeper now displays key metadata, including:

• Title – Always shown and taken directly from the PAM resource record title.

• Host / Address – For standard PAM connections, we display the hostname or IP address. For RBI connections, we display the initial URL used at launch (this will not update if you navigate to other sites during the session).

• Login / Username – Shown when the session is launched with known credentials from the record.

• Port – The port used for the connection.

• Protocol – The connection protocol (e.g., RDP, SSH, etc.).

• Time Elapsed – How long the session has been active.

• Gateway – The name of the Gateway as it appears in the Vault; all other Gateway details remain hidden by design.

• Session Recording Indicator – Session is being recorded (visual and keystroke) as defined by the administrator.

• KeeperAI Indicator - AI-based session analysis and threat detection is active for the connection.

This enhancement makes it easier to identify, audit, and manage sessions, especially in environments with many concurrent connections.

• VAUL-6706: Improved import handling to detect simple CSV files and process them as standard CSVs, regardless of the selected password manager.

• VAUL-7934: Added native Google Cloud (GCP) support to PAM configurations, including fields for GCP ID, Workspace Admin Email, and Service Account Key.

KDE-1656: Password Zoom

Added an improvement to show password character positions in the Password Zoom tray. Click on the "Password Zoom" feature from the password viewer inside the Keeper vault record.

VAUL-7934: KeeperPAM Support for Google Cloud

KeeperPAM now natively supports Google Cloud as a PAM Configuration in addition to AWS, Azure, Local Network and Domain Controller.

Learn More about setting up Google Cloud with KeeperPAM

Managed resource types:

• GCP Principal User Password

• Managed Microsoft AD User

• Google Compute Virtual Machine User

• Cloud SQL Database User

New Import UI

We've created an all new import flow for customers who are transitioning from a different password manager, web browser or a flat file. The new wizard has the following steps:

• Choose a source

• Map columns to Keeper fields

• Preview the import results

Known Issues

• Errors when logging in with Biometrics: After login, open Settings and disable/re-enable Biometric Login.

Bug Fixes and Improvements

• VAUL-7816: Cleaned up and refactored the Vault rotation and rotation-settings code to support upcoming features more reliably.

• VAUL-7984: Fixed Electron local storage not persisting user data by switching to electron-store and ensuring Web Vault storage remained unaffected.

• KDE-1807: Fixed a typo in the macOS hotkey settings.

• KDE-1769: Updated to Electron V37.x.x

• KDE-1750: Compatibility with the new MacOS Tahoe V26

• VAUL-7845: Fixed an issue where Unchecking options caused the modal size to be reset.

• VAUL-7920: Resolved a potential issue where Security Audit might not run if restrict_breach_watch enforcement was enabled.

• VAUL-7813: Improved backend error handling in the Vault and Desktop App.

• VAUL-7576: Fixed an issue where users saw unclear or missing error messages when sharing a record or folder with an email that doesn’t have a Keeper account.

• VAUL-7607: Fixed an issue where multiple URLs were being added to text fields instead of URL fields, likely due to URL fields being introduced later.

• VAUL-7734: IMPORT: Fixed an issue where header rows from Google Chrome and Dropbox password manager exports were incorrectly imported as Keeper records. These rows are now properly ignored.

• VAUL-7688: Fixed an issue where “Password Manager Pro” overlapped the close (X) button in the Importer View Instructions modal.

• VAUL-7686: Fixed an issue where duplicate numbers appeared in the Importer View Instructions.

• VAUL-6004: Fixed an issue with the Import from Browser install prompt.

• VAUL-8047: Fixed a misspelling in the import error message.

• VAUL-8045: Fixed a UI mismatch in the Import tab to align with design.

• VAUL-8050: Updated the 1Password import instructions to match the latest design.

• VAUL-8063: Fixed confusing logic for closing the import popup.

• VAUL-8068: Fixed an issue with stray dots appearing in LastPass and CSV import instructions.

• VAUL-8088: Fixed an issue where keys were missing when selecting Import.

• VAUL-8103: Fixed the ordering of items in the import source list.

• VAUL-8106: Fixed a missing focus state for Review/Edit in the import flow.

• VAUL-8108: Fixed the Import Completed modal to match the design.

• VAUL-8111: Fixed an issue where .csv import steps were not translated in any language.

• VAUL-8095: Fixed missing translations for “Summary” across 11 languages in the import flow.

• VAUL-8126: Fixed an issue where 2FA codes were being imported.

• VAUL-8089: Fixed the Source Text File import options to match the design (pending translations).

• VAUL-8094: Fixed an issue where Dashlane import showed an “undefined” error and updated the design accordingly.

• VAUL-8064: Fixed an issue where a random “8” appeared in the 1Password import instructions header.

• VAUL-8066: Fixed an issue where Role Enforcement incorrectly blocked all record types when only Login records were disabled, affecting onboarding.

• VAUL-8065: Fixed an issue where import restrictions required too many steps before showing the restriction message.

• VAUL-7991: Fixed an issue where passphrases were missing as a manual password generator option for PAM user records.

• VAUL-7993: Fixed an issue where Rotation Settings did not respect password lengths under 20.

• VAUL-7994: Fixed an issue where enabling Use default rotation schedule left the custom schedule visible, causing confusion.

• VAUL-7998: Fixed an issue where rotation settings validation errors disappeared after changing a setting instead of staying visible.

• VAUL-7718: Fixed an issue where rotation settings reverted to the previously synced values during editing, causing users to lose their changes.

• VAUL-7718: Fixed an issue where 2FA duration persisted after 2FA was disabled.

• VAUL-7877: Fixed placeholder text in the KeeperAI Exceptions dropdown to match updated UI changes.

• VAUL-7272: Fixed spacing for SSO Cloud Admin Approval and Device Approval.VAUL-6199: Fixed an issue where the card icon didn’t clear when typing a value (e.g., “M”) in the Title field.

• VAUL-7906: Fixed an issue where long passwords overlapped in the browser import modal.

• VAUL-5978: Fixed an issue where spaces were not trimmed from the master password during account creation, login, and account recovery.

• VAUL-6473: Fixed an issue where the file_attachment_deleted client event was not being sent.

• VAUL-8031: Fixed an issue where Application Gateway status was truncated in Secrets Manager under My Applications.

• VAUL-8032: Fixed an issue where SSH connections with invalid credentials showed no error and remained stuck in a loading state.

• VAUL-8036: Fixed an issue where resource and config fields were still required even when hidden under General Rotation Profile with Rotation set to Off.

• VAUL-7632: Fixed an issue where two-factor duration did not persist between attempts.

• VAUL-7834: Fixed an issue where the PAM AI Session Activity label wasn’t recognized by screen readers.

• VAUL-7947: Fixed an issue where Keeper AI session recordings continued running far beyond the expected duration.

• VAUL-7883: Fixed an issue where the PAM AI “+” icon now appears gray when no exceptions have been created.

• VAUL-7841: Updated the PAM AI error message to match the latest design.

• VAUL-7879: Removed the Low Exceptions dropdown option in PAM AI, leaving Monitor as the only available choice.

• VAUL-8054: Fixed an issue where AI exceptions were not saved on first save for wizard-created records.

• VAUL-7797: Fixed missing translations for Critical Events, Any, and Duration in PAM AI.

• VAUL-8055: Fixed an issue where AI exceptions failed to save on the first attempt for newly created Docker-based SSH records.

• VAUL-7878: Fixed the PAM AI Exceptions modal to be view-only when the associated PAM configuration has Terminate Session disabled.

• VAUL-7738: Fixed an issue where BreachWatch was not displayed in offline mode.

• VAUL-6565: Fixed an issue where clearing the 10-record limit modal caused recently viewed records to appear in advanced search.

• VAUL-8015: Fixed an issue where new Trial accounts saw “Unable to connect. Please check your network connection.” during automation runs.

• VAUL-8049: Fixed the ordering of options in Create New PAM.

• VAUL-8041: Fixed an issue where Client Check Error was not generated in the new build.

• VAUL-8053: Fixed UI overlap issues with the URL pill when Allow navigation via direct URL manipulation is enabled, ensured it can’t move behind the top bar, added missing scroll behavior on zoom, and restored the recording icon display when any Session Recording option is selected.

• VAUL-6584: Fixed a text-wrapping issue in the Role Password Complexity user message.

• VAUL-6509: Fixed an issue where passkey records in the web vault didn’t display a username when the record’s username field was empty.

• VAUL-8104: Fixed an issue where Offline Mode wasn’t disabled for SSO users when Master Password login was turned off.

• VAUL-8071: Fixed an issue where fields auto-populated during password unmask re-authentication.

• VAUL-8081: Fixed an issue where the re-authentication prompt didn’t appear before viewing a zoomed password.

• VAUL-8084: Fixed an issue where the screen reader read the entire zoomed password twice.

• VAUL-7148: Password Zoom - Show the number of the Password Character positions

• VAUL-8125: Resolved js-yaml security issue CVE-2025-64718.

• KDE-1754: Fixed an issue where the Work Offline option disappeared after the offline access period expired, requiring users to toggle offline mode off and on again.

• KDE-1800: Fixed an issue where new Chrome windows couldn’t be opened on Windows when KeeperFill for Apps was active.

• KDE-1813: Offline Mode not visible for SSO users when Master Password enforcement is disabled

• KDE-1595: Fixed a crash in the desktop renderer that occurred when switching between Touch ID and security key prompts during login.

• KDE-1828: Fixed an issue where ⌘+N couldn’t open a new Chrome window on macOS when KeeperFill for Apps was active.

• KDE-1829: Fixed an issue where header rows from Chrome and Dropbox exports were incorrectly imported as records.

• KDE-1771: Improved backend error handling in the Vault and Desktop App.

• KDE-1623: ​​Fixed an issue where Security Key setup in 2FA failed to enable in the Windows KDE build, despite working in the Web Vault.

• KDE-1825: Fixed an issue where Reset Keeper showed cache-removal notifications but did not actually clear the local cache.

• KDE-1840: Fixed an issue causing a Local Reset Required loop that blocked login on Windows (QA 17.5.0 – AppInstaller & x64).

• KDE-1842: Resolved glob CLI security issue CVE-2025-64756.