February 2026

Secrets Manager Python SDK 17.2.0

Breaking Change Minimum supported Python version is now 3.9 (previously 3.6). Python 3.6-3.8 users should stay on v17.1.0

• KSM-778: Raised minimum Python version to 3.9

  • Updated dependency floors for security fixes: cryptography to >=46.0.5 (CVE-2026-26007), urllib3 to >=2.6.3 (CVE-2026-21441, CVE-2025-66471, CVE- 2025-66418, CVE-2025-50181, CVE-2025-50182), and requests to >=2.32.4 (CVE-2024-47081)

Links:

• PyPI package

• See Python SDK Documentation

Terraform Provider 1.2.0

• KSM-527: Added PAM record type support — new secretsmanager_pam_machine, secretsmanager_pam_database, and secretsmanager_pam_directory resources and data sources for managing SSH/RDP, database, and directory credentials; pam_settings field supports protocol-specific connection configuration as JSON

  • Added/expanded PAM field support and readback coverage across PAM resources/data sources, including database_type, directory_type, connect_database, private_pem_key, private_key_passphrase, folder_uid, totp, and PAM Machine credential fields (login, password, ssl_verification) (KSM-792, 793, 794, KSM-796, 797, 798)

• KSM-788: Added SSH key pair generation to secretsmanager_ssh_keys resource — supports ED25519, RSA (2048/3072/4096), and ECDSA (P-256/P-384/P-521) with optional passphrase encryption via generate = "yes" on the key_pair block

• KSM-789: Added SSH key generation and private_pem_key field to secretsmanager_pam_user and secretsmanager_pam_machine resources; passphrase stored as custom field for PAM interoperability

• KSM-389: Added title_patterns parameter to secretsmanager_records data source for filtering records with Go regex; patterns can be combined with UIDs and exact titles in a single query

• KSM-522: Fixed error when shortcuts/linked records are present across multiple shared folders

Security updates

• KSM-707, KSM-795: Upgraded Go from 1.24.0 to 1.24.13 to address CVE-2025-22871, CVE-2025-58185, and additional security CVEs

Links:

• Terraform Registry

• See GitHub Repository

Secrets Manager Rust SDK 17.1.0

• KSM-584, KSM-791: Added HTTP/HTTPS proxy support (ClientOptions.proxy_url or HTTP_PROXY/HTTPS_PROXY), applied consistently to all operations including file uploads and downloads

• KSM-688: Added update operations with transaction support for password rotation

• KSM-689, KSM-693: Added title-based secret and file retrieval (get_secrets_by_title, get_secret_by_title, download_file_by_title, KeeperFile.get_thumbnail_data)

• KSM-690: Added disaster recovery caching with automatic server fallback

• KSM-744: Added transmission public key #18 for GovCloud Dev support

• Security: Updated openssl to 0.10.75 (CVE-2025-3416, Medium) and ring to 0.17.14 (CVE-2025-4432, Medium)

• KSM-700, KSM-783: Fixed config file handling (secure 0600 permissions on Unix; no longer panics on empty JSON config)

• KSM-769, KSM-735: Fixed notation lookup bugs (custom_field selector searched wrong array; duplicate UIDs from shortcuts returned wrong record)

• KSM-776, KSM-779: Fixed linked record handling (Record.links now populated when request_links is true; file link removal no longer fails silently)

• KSM-775, KSM-787: Fixed record reliability (corrupt records filtered from results; CryptoError resolved when falling back to offline cache)

• KSM-782: Fixed password generation with exact character counts

• KSM-639: Fixed key rotation with numeric key_id values

• Breaking Change: Minimum Rust version raised to 1.87 (previously 1.56)

Links:

• Crates.io package

• See Rust SDK Documentation

Ansible Plugin 1.3.0

• KSM-714: Added notes field update support for keeper_set (field_type: notes)

• KSM-768: Added notes field support across all plugins (keeper_get, keeper_copy, keeper_set)

• KSM-770, KSM-771, KSM-772: Fixed notes field handling bugs (empty field retrieval, parameter validation, data loss prevention)

• KSM-773: Fixed parameter naming inconsistency and added missing documentation (keeper_create now uses 'notes' instead of 'note')

• KSM-780: Added backward compatibility for deprecated 'note' parameter

• KSM-781: Fixed Jinja2 templating for keeper_config_file and keeper_cache_dir variables

• KSM-762: Fixed CVE-2026-23949 (jaraco.context path traversal)

• Dependency Update: Updated to KSM Python SDK v17.1.0 for latest security fixes and features

Links:

• PyPi package

• Ansible package

• Docker image

• See Ansible documentation

Secrets Manager .NET SDK 17.1.1

• KSM-767: Fixed PowerShell 7.5.4 compatibility issue caused by System.Text.Json 10.0.1 dependency

Links:

• Nuget package

• Powershell package

See .NET SDK Documentation

Secrets Manager .NET SDK 17.1.0

• KSM-741: Added transmission public key #18 for GovCloud Dev support

• KSM-724: Fixed notation lookup with record shortcuts (handles duplicate UIDs from shortcuts)

• KSM-698: Fixed file permissions for config files (write with 0600 permissions for security)

• KSM-674: Fixed parsing of lastModified file data field

See .NET SDK Documentation