# February 2026

## Keeper SDK Release 1.1.4

Several new features and upgrades have been published to Keeper's Python SDK, .Net SDK and PowerShell module, covering vault and administrative actions.

**Pluggable Biometric Login**

Added a new `IBiometricLoginProvider` / `IBiometricLoginResult` interface pair to `KeeperSecurity.Authentication`, enabling host applications to inject their own biometric credential provider into the auth flow without a hard dependency on `KeeperBiometrics`.

`BiometricLoginProvider` property — set to an `IBiometricLoginProvider` implementation to activate biometric login.\
`TryBiometricLoginAsync()` — attempts biometric login, returning a `BiometricLoginAttemptResult` struct with \`Success\` and \`ErrorMessage\`.\
`TryLoginWithBiometricsAsync()` — convenience wrapper returning a \`bool\`.

**Push Notifications Toggle**

`IAuthEndpoint` / `AuthCommon` exposes a new `UsePushNotifications` property (default `true`). Setting it to `false` before login prevents the WebSocket connection from being established, which is useful for batch/service workloads that don't need real-time sync.

**SQL Storage Refactored**

The monolithic `SqliteStorage.cs` / `SqliteDao.cs` have been replaced with a layered, dialect-agnostic storage subsystem. Migration: Replace usages of the removed `SqliteStorage` class with `SqlKeeperStorage`, passing a `SqliteDialect` instance.

**New data types added to AuditLog**

`KeeperVersionType` — client version metadata (version ID, type, category).\
`IpAddressType` — IP address with city/region/country geo fields.\
`GeoLocationType` — geo location with IP count.

**Commander CLI (inside the SDK)**

Note: The Commander CLI code which exists inside of the KeeperSDK is a paired down version of the full Commander CLI application.

`enterprise-info` / `ei` — new command that displays an enterprise hierarchy tree with node, user, role, and team counts.\
`audit-report` — significantly expanded; now supports structured column selection, scope filtering, and enriched event data (geo-IP, client version).\
`action-report` — new command for aggregated action reporting.\
MSP commands — new `msp` context with sub-commands: switch context to/from MSP, display MSP details, refresh MSP data, modify managed company licenses, remove managed companies.

#### PowerShell Module

We have added several new features to the PowerCommander PowerShell module:

`Get-KeeperEnterpriseInfoTree` — displays the enterprise as a tree\
`Get-KeeperEnterpriseInfoNode` — node details.\
`Get-KeeperEnterpriseInfoUser` — user details.\
`Get-KeeperEnterpriseInfoTeam` — team details.\
`Get-KeeperEnterpriseInfoRole` — role details.\
`Get-KeeperEnterpriseInfoManagedCompany` — managed company details.\
`Invoke-KeeperEnterpriseNodeWipeOut` — removes all content (users, roles, teams, subnodes) under a node.\
`Get-KeeperEnterpriseTeams` — lists all enterprise teams with member counts\
`Copy-KeeperMCRole` — copies a role from the MSP to a managed company.\
`Get-KeeperRecordHistory` — retrieves the history of changes for a record.\
`Find-KeeperDuplicateRecords` — identifies duplicate records across the vault.\
`Get-KeeperRecordFieldValue` — extracts a specific field value from a typed record.\
`Revoke-KeeperSharesWithUser` — revokes all shares to/from a specified user.

#### Samples

The Sample projects have been significantly expanded into categorized, focused examples covering the full SDK surface.

#### References

**Unified Keeper SDK Documentation**

* [https://docs.keeper.io/keeperpam/commander-sdk/keeper-commander-sdks](/en/keeperpam/commander-sdk/keeper-commander-sdks.md)

**Keeper SDK .Net**

* <https://github.com/Keeper-Security/keeper-sdk-dotnet>

**.Net Sample Code**

* <https://github.com/Keeper-Security/keeper-sdk-dotnet/tree/master/Sample>

**PowerCommander PowerShell**

* <https://github.com/Keeper-Security/keeper-sdk-dotnet/tree/master/PowerCommander>

**Python SDK**

* <https://github.com/Keeper-Security/keeper-sdk-python>

**Python SDK Examples**

* <https://github.com/Keeper-Security/keeper-sdk-python/tree/master/examples/sdk_examples>
* For a full authentication code example see [login.py](https://github.com/Keeper-Security/keeper-sdk-python/blob/master/examples/sdk_examples/auth/login.py)

**PyPi Python SDK**

* <https://pypi.org/project/keepersdk/>

***

## Commander SDK

We have released PowerCommander 1.1.0 and Keeper SDK 1.1.4-beta02.

#### PowerCommander

* Enterprise: `Get-KeeperEnterpriseInfoTree`/`Node`/`User`/`Team`/`Role`/`ManagedCompany` (keitree, kein, keiu, keit, keir, keimc); `Invoke-KeeperEnterpriseNodeWipeOut` (kenwipe), `Get-KeeperNodePath,` Copy-`KeeperEnterpriseRole` (kercopy), `Get-KeeperEnterpriseTeams` (lst-team)
* MSP: `Copy-KeeperMCRole` (msp-copy-role)\
  \- Records: `Find-KeeperDuplicateRecords` (find-duplicates), `Get-KeeperRecordHistory` (krh); `Get-KeeperFileReport` (file-report)
* Import/Export: `Import-KeeperMembership` (kapplymbs)
* Sharing: `Revoke-KeeperSharesWithUser`
* Clipboard: `clipboard-copy command support`

#### SDK (KeeperSdk)

* Auth/Biometrics: `BiometricLoginAttemptResult` struct (Success, ErrorMessage; Completed, NotAttempted, Failed); `AuthSync.TryBiometricLoginAsync()` returns result for clearer app handling; `TryLoginWithBiometricsAsync` delegates to it
* Vault/File Report: `KeeperFileReport.GenerateFileReport()`, `FileReportOptions`, `FileReportItem`
* Vault/Records: `RecordHistory`, record history extensions – supports `Get-KeeperRecordHistory`
* Vault/Membership: `DownloadMembership`, `ApplyMembership` – supports import/export shared folder membership
* Enterprise/MSP: `MspManagement`, `ManagedCompanyOptions`, `ManagedCompanyAddonOptions`, `IMspManagement` – MC create/update/remove, addons, seats
* Enterprise: Node `wipe-out` support (wipe node and all content)

#### Bug Fixes

\- `Add-KeeperRecord` -GeneratePassword flag fixed

#### Links:

* [Commander SDK](/en/keeperpam/commander-sdk/keeper-commander-sdks.md)

***

## Secrets Manager Python SDK 17.2.0

> **Breaking Change** Minimum supported Python version is now **3.9** (previously 3.6). Python 3.6-3.8 users should stay on `v17.1.0`

* **KSM-778:** Raised minimum Python version to 3.9
  * Updated dependency floors for security fixes: `cryptography` to `>=46.0.5` (CVE-2026-26007), `urllib3` to `>=2.6.3` (CVE-2026-21441, CVE-2025-66471, CVE- 2025-66418, CVE-2025-50181, CVE-2025-50182), and `requests` to `>=2.32.4` (CVE-2024-47081)

**Links:**

* [PyPI package](https://pypi.org/project/keeper-secrets-manager-core/)
* See [Python SDK Documentation](/en/keeperpam/secrets-manager/developer-sdk-library/python-sdk.md)

***

## Terraform Provider 1.2.0

* **KSM-527:** Added PAM record type support — new `secretsmanager_pam_machine`, `secretsmanager_pam_database`, and `secretsmanager_pam_directory` resources and data sources for managing SSH/RDP, database, and directory credentials; `pam_settings` field supports protocol-specific connection configuration as JSON
  * Added/expanded PAM field support and readback coverage across PAM resources/data sources, including `database_type`, `directory_type`, `connect_database`, `private_pem_key`, `private_key_passphrase`, `folder_uid`, `totp`, and PAM Machine credential fields (`login`, `password`, `ssl_verification`) (KSM-792, 793, 794, KSM-796, 797, 798)
* **KSM-788:** Added SSH key pair generation to `secretsmanager_ssh_keys` resource — supports ED25519, RSA (2048/3072/4096), and ECDSA (P-256/P-384/P-521) with optional passphrase encryption via `generate = "yes"` on the `key_pair` block
* **KSM-789:** Added SSH key generation and `private_pem_key` field to `secretsmanager_pam_user` and `secretsmanager_pam_machine` resources; passphrase stored as custom field for PAM interoperability
* **KSM-389:** Added `title_patterns` parameter to `secretsmanager_records` data source for filtering records with Go regex; patterns can be combined with UIDs and exact titles in a single query
* **KSM-522:** Fixed error when shortcuts/linked records are present across multiple shared folders

**Security updates**

* **KSM-707, KSM-795:** Upgraded Go from 1.24.0 to 1.24.13 to address CVE-2025-22871, CVE-2025-58185, and additional security CVEs

**Links:**

* [Terraform Registry](https://registry.terraform.io/providers/Keeper-Security/secretsmanager/latest)
* See [GitHub Repository](https://github.com/Keeper-Security/terraform-provider-secretsmanager)

***

## Secrets Manager Rust SDK 17.1.0

* **KSM-584, KSM-791**: Added HTTP/HTTPS proxy support (`ClientOptions.proxy_url` or `HTTP_PROXY`/`HTTPS_PROXY`), applied consistently to all operations including file uploads and downloads
* **KSM-688**: Added update operations with transaction support for password rotation
* **KSM-689, KSM-693**: Added title-based secret and file retrieval (`get_secrets_by_title`, `get_secret_by_title`, `download_file_by_title`, `KeeperFile.get_thumbnail_data`)
* **KSM-690**: Added disaster recovery caching with automatic server fallback
* **KSM-744**: Added transmission public key #18 for GovCloud Dev support
* **Security**: Updated openssl to 0.10.75 (CVE-2025-3416, Medium) and ring to 0.17.14 (CVE-2025-4432, Medium)
* **KSM-700, KSM-783**: Fixed config file handling (secure 0600 permissions on Unix; no longer panics on empty JSON config)
* **KSM-769, KSM-735**: Fixed notation lookup bugs (`custom_field` selector searched wrong array; duplicate UIDs from shortcuts returned wrong record)
* **KSM-776, KSM-779**: Fixed linked record handling (`Record.links` now populated when `request_links` is true; file link removal no longer fails silently)
* **KSM-775, KSM-787**: Fixed record reliability (corrupt records filtered from results; CryptoError resolved when falling back to offline cache)
* **KSM-782**: Fixed password generation with exact character counts
* **KSM-639**: Fixed key rotation with numeric `key_id` values
* **Breaking Change**: Minimum Rust version raised to 1.87 (previously 1.56)

**Links:**

* [Crates.io package](https://crates.io/crates/keeper-secrets-manager-core/17.1.0)
* See [Rust SDK Documentation](/en/keeperpam/secrets-manager/developer-sdk-library/rust-sdk.md)

***

## Ansible Plugin 1.3.0

* **KSM-714**: Added notes field update support for keeper\_set (field\_type: notes)
* **KSM-768**: Added notes field support across all plugins (keeper\_get, keeper\_copy, keeper\_set)
* **KSM-770**, **KSM-771**, **KSM-772**: Fixed notes field handling bugs (empty field retrieval, parameter validation, data loss prevention)
* **KSM-773**: Fixed parameter naming inconsistency and added missing documentation (keeper\_create now uses 'notes' instead of 'note')
* **KSM-780**: Added backward compatibility for deprecated 'note' parameter
* **KSM-781**: Fixed Jinja2 templating for keeper\_config\_file and keeper\_cache\_dir variables
* **KSM-762**: Fixed CVE-2026-23949 (jaraco.context path traversal)
* **Dependency Update**: Updated to KSM Python SDK v17.1.0 for latest security fixes and features

**Links:**

* [PyPi package](https://pypi.org/project/keeper-secrets-manager-ansible/)
* [Ansible package](https://galaxy.ansible.com/ui/repo/published/keepersecurity/keeper_secrets_manager/)
* [Docker image](https://hub.docker.com/r/keeper/keeper-secrets-manager-tower-ee)
* See [Ansible documentation](/en/keeperpam/secrets-manager/integrations/ansible.md)

***

## Secrets Manager .NET SDK 17.1.1

* **KSM-767**: Fixed PowerShell 7.5.4 compatibility issue caused by System.Text.Json 10.0.1 dependency

**Links:**

* [Nuget package](https://www.nuget.org/packages/Keeper.SecretsManager/17.1.1)
* [Powershell package](https://www.powershellgallery.com/packages/SecretManagement.Keeper/17.1.1)

See [.NET SDK Documentation](/en/keeperpam/secrets-manager/developer-sdk-library/.net-sdk.md)

***

## Secrets Manager .NET SDK 17.1.0

* **KSM-741**: Added transmission public key #18 for GovCloud Dev support
* **KSM-724**: Fixed notation lookup with record shortcuts (handles duplicate UIDs from shortcuts)
* **KSM-698**: Fixed file permissions for config files (write with 0600 permissions for security)
* **KSM-674**: Fixed parsing of lastModified file data field

See [.NET SDK Documentation](/en/keeperpam/secrets-manager/developer-sdk-library/.net-sdk.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.keeper.io/en/release-notes/enterprise/keeper-secrets-manager/2026/february-2026.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.