# April 2026 ## .NET SDK 17.1.2 * **KSM-843:** Fixed `ObjectDisposedException` in `LocalConfigStorage.SaveToFile()` which prevented config writes from completing * **KSM-822:** Record create payload now always includes `custom: []`, fixing creation failures on some server configurations * **KSM-864:** `GetSecrets` no longer silently drops records when `required`, `privacyScreen`, or `enforceGeneration` fields contain integer values * **KSM-865:** `DownloadThumbnail` now correctly fetches the thumbnail instead of the full file * **KSM-873:** `Get-SecretInfo` now returns names that resolve correctly with `Get-Secret`. The list-then-fetch workflow documented at docs.keeper.io/powershell now works as expected * **KSM-863:** Fixed PowerShell module failing to import due to a bundled system DLL conflict * **KSM-874:** Removed `Set-KeeperVault` from the PowerShell module manifest, the function was never implemented and caused a hard error on call * **KSM-875:** Fixed `FieldValue()` throwing errors on records with empty or missing field values **Links:** * [NuGet Package](https://www.nuget.org/packages/Keeper.SecretsManager/17.1.2) * [PowerShell Gallery](https://www.powershellgallery.com/packages/SecretManagement.Keeper/17.1.2) ## KSM GitHub Action v1.3.0 * **KSM-641:** Added `<` operator to store values back to Keeper Vault * pipelines can now generate and persist credentials, not just consume them * **KSM-872:** Structured field values (SSH keys, host entries, phone numbers, etc.) now retrieve correctly * previously these fields returned garbled or unusable output **Security updates** * Stored values masked in GitHub Actions logs via `setSecret()` * File write paths validated within `GITHUB_WORKSPACE` boundary (path traversal prevention) * Sensitive field types (fileRef, passkey, recordRef) protected from direct modification **Links:** * [GitHub Marketplace](https://github.com/marketplace/actions/keeper-secrets-manager-github-action) * [Release v1.3.0](https://github.com/Keeper-Security/ksm-action/releases/tag/v1.3.0) ## JavaScript GCP KMS Storage 1.0.0 * **KSM-704:** You can now encrypt and decrypt KSM configuration files with GCP Cloud Key Management; supports symmetric and asymmetric keys, service account credentials or application default authentication, key rotation, and config export. **Security updates** * Upgraded `@google-cloud/kms` to 5.2.1 — resolves CVE-2025-65945 * Upgraded `pino` to v10 — resolves CVE-2025-57319 **Links:** * [Javascript SDK for Keeper Secrets Manager](https://app.gitbook.com/s/-MJXOXEifAmpyvNVL1to/secrets-manager/developer-sdk-library/javascript-sdk) * [Google Cloud Key Encryption Documentation](https://app.gitbook.com/s/-MJXOXEifAmpyvNVL1to/secrets-manager/integrations/google-cloud-key-management-encryption) * [NPM Package](https://www.npmjs.com/package/@keeper-security/secrets-manager-gcp) ## JavaScript Oracle KMS Storage 1.0.0 * **KSM-705:** You can now encrypt and decrypt KSM configuration files with Oracle Cloud Infrastructure (OCI) Vault; supports AES symmetric and RSA asymmetric keys, OCI config file authentication, key rotation, and config export. **Security updates** * Upgraded `oci-common` and `oci-keymanagement` to 2.127.0 — resolves CVE-2026-4800 and CVE-2026-2950 * Upgraded `pino` to v10 — resolves CVE-2025-57319 **Links:** * [Javascript SDK for Keeper Secrets Manager](https://app.gitbook.com/s/-MJXOXEifAmpyvNVL1to/secrets-manager/developer-sdk-library/javascript-sdk) * [OCI Vault Encryption Documentation](https://app.gitbook.com/s/-MJXOXEifAmpyvNVL1to/secrets-manager/integrations/oracle-key-vault) * [NPM Package](https://www.npmjs.com/package/@keeper-security/secrets-manager-oracle-kv) ## JavaScript AWS KMS Storage 1.0.0 * **KSM-703:** You can now encrypt and decrypt KSM configuration files with AWS KMS; supports symmetric and RSA asymmetric keys, explicit credentials or environment-based AWS authentication, key rotation, and config export. **Security updates** * Upgraded `pino` to v10 — resolves CVE-2025-57319 (fast-redact, HIGH) **Links:** * [Javascript SDK for Keeper Secrets Manager](https://app.gitbook.com/s/-MJXOXEifAmpyvNVL1to/secrets-manager/developer-sdk-library/javascript-sdk) * [AWS KMS Encryption Documentation](https://app.gitbook.com/s/-MJXOXEifAmpyvNVL1to/secrets-manager/integrations/aws-kms) * [NPM Package](https://www.npmjs.com/package/@keeper-security/secrets-manager-aws) *** ## JavaScript Azure Key Vault Storage 1.0.0 * **KSM-706:** You can now encrypt and decrypt KSM configuration files with Azure Key Vault; supports RSA keys, explicit credentials or environment-based DefaultAzureCredential, key rotation, and config export **Security updates** * Upgraded `pino` to v10 — resolves CVE-2025-57319 (fast-redact, HIGH) * Upgraded `jws` to v3.2.3 — resolves CVE-2025-65945 (HIGH) **Links:** * [Javascript SDK for Keeper Secrets Manager](https://app.gitbook.com/s/-MJXOXEifAmpyvNVL1to/secrets-manager/developer-sdk-library/javascript-sdk) * [Azure Key Vault Encryption Documentation](https://app.gitbook.com/s/-MJXOXEifAmpyvNVL1to/secrets-manager/integrations/azure-key-vault-ksm) * [NPM Package](https://www.npmjs.com/package/@keeper-security/secrets-manager-azure)