# February 2026 ## Keeper SDK Release 1.1.4 Several new features and upgrades have been published to Keeper's Python SDK, .Net SDK and PowerShell module, covering vault and administrative actions. **Pluggable Biometric Login** Added a new `IBiometricLoginProvider` / `IBiometricLoginResult` interface pair to `KeeperSecurity.Authentication`, enabling host applications to inject their own biometric credential provider into the auth flow without a hard dependency on `KeeperBiometrics`. `BiometricLoginProvider` property — set to an `IBiometricLoginProvider` implementation to activate biometric login.\ `TryBiometricLoginAsync()` — attempts biometric login, returning a `BiometricLoginAttemptResult` struct with \`Success\` and \`ErrorMessage\`.\ `TryLoginWithBiometricsAsync()` — convenience wrapper returning a \`bool\`. **Push Notifications Toggle** `IAuthEndpoint` / `AuthCommon` exposes a new `UsePushNotifications` property (default `true`). Setting it to `false` before login prevents the WebSocket connection from being established, which is useful for batch/service workloads that don't need real-time sync. **SQL Storage Refactored** The monolithic `SqliteStorage.cs` / `SqliteDao.cs` have been replaced with a layered, dialect-agnostic storage subsystem. Migration: Replace usages of the removed `SqliteStorage` class with `SqlKeeperStorage`, passing a `SqliteDialect` instance. **New data types added to AuditLog** `KeeperVersionType` — client version metadata (version ID, type, category).\ `IpAddressType` — IP address with city/region/country geo fields.\ `GeoLocationType` — geo location with IP count. **Commander CLI (inside the SDK)** Note: The Commander CLI code which exists inside of the KeeperSDK is a paired down version of the full Commander CLI application. `enterprise-info` / `ei` — new command that displays an enterprise hierarchy tree with node, user, role, and team counts.\ `audit-report` — significantly expanded; now supports structured column selection, scope filtering, and enriched event data (geo-IP, client version).\ `action-report` — new command for aggregated action reporting.\ MSP commands — new `msp` context with sub-commands: switch context to/from MSP, display MSP details, refresh MSP data, modify managed company licenses, remove managed companies. #### PowerShell Module We have added several new features to the PowerCommander PowerShell module: `Get-KeeperEnterpriseInfoTree` — displays the enterprise as a tree\ `Get-KeeperEnterpriseInfoNode` — node details.\ `Get-KeeperEnterpriseInfoUser` — user details.\ `Get-KeeperEnterpriseInfoTeam` — team details.\ `Get-KeeperEnterpriseInfoRole` — role details.\ `Get-KeeperEnterpriseInfoManagedCompany` — managed company details.\ `Invoke-KeeperEnterpriseNodeWipeOut` — removes all content (users, roles, teams, subnodes) under a node.\ `Get-KeeperEnterpriseTeams` — lists all enterprise teams with member counts\ `Copy-KeeperMCRole` — copies a role from the MSP to a managed company.\ `Get-KeeperRecordHistory` — retrieves the history of changes for a record.\ `Find-KeeperDuplicateRecords` — identifies duplicate records across the vault.\ `Get-KeeperRecordFieldValue` — extracts a specific field value from a typed record.\ `Revoke-KeeperSharesWithUser` — revokes all shares to/from a specified user. #### Samples The Sample projects have been significantly expanded into categorized, focused examples covering the full SDK surface. #### References **Unified Keeper SDK Documentation** * [https://docs.keeper.io/en/keeperpam/commander-sdk/keeper-commander-sdks](https://docs.keeper.io/keeperpam/commander-sdk/keeper-commander-sdks) **Keeper SDK .Net** * **.Net Sample Code** * **PowerCommander PowerShell** * **Python SDK** * **Python SDK Examples** * * For a full authentication code example see [login.py](https://github.com/Keeper-Security/keeper-sdk-python/blob/master/examples/sdk_examples/auth/login.py) **PyPi Python SDK** * *** ## Commander SDK We have released PowerCommander 1.1.0 and Keeper SDK 1.1.4-beta02. #### PowerCommander * Enterprise: `Get-KeeperEnterpriseInfoTree`/`Node`/`User`/`Team`/`Role`/`ManagedCompany` (keitree, kein, keiu, keit, keir, keimc); `Invoke-KeeperEnterpriseNodeWipeOut` (kenwipe), `Get-KeeperNodePath,` Copy-`KeeperEnterpriseRole` (kercopy), `Get-KeeperEnterpriseTeams` (lst-team) * MSP: `Copy-KeeperMCRole` (msp-copy-role)\ \- Records: `Find-KeeperDuplicateRecords` (find-duplicates), `Get-KeeperRecordHistory` (krh); `Get-KeeperFileReport` (file-report) * Import/Export: `Import-KeeperMembership` (kapplymbs) * Sharing: `Revoke-KeeperSharesWithUser` * Clipboard: `clipboard-copy command support` #### SDK (KeeperSdk) * Auth/Biometrics: `BiometricLoginAttemptResult` struct (Success, ErrorMessage; Completed, NotAttempted, Failed); `AuthSync.TryBiometricLoginAsync()` returns result for clearer app handling; `TryLoginWithBiometricsAsync` delegates to it * Vault/File Report: `KeeperFileReport.GenerateFileReport()`, `FileReportOptions`, `FileReportItem` * Vault/Records: `RecordHistory`, record history extensions – supports `Get-KeeperRecordHistory` * Vault/Membership: `DownloadMembership`, `ApplyMembership` – supports import/export shared folder membership * Enterprise/MSP: `MspManagement`, `ManagedCompanyOptions`, `ManagedCompanyAddonOptions`, `IMspManagement` – MC create/update/remove, addons, seats * Enterprise: Node `wipe-out` support (wipe node and all content) #### Bug Fixes \- `Add-KeeperRecord` -GeneratePassword flag fixed #### Links: * [Commander SDK](https://docs.keeper.io/keeperpam/commander-sdk) *** ## Secrets Manager Python SDK 17.2.0 > **Breaking Change** Minimum supported Python version is now **3.9** (previously 3.6). Python 3.6-3.8 users should stay on `v17.1.0` * **KSM-778:** Raised minimum Python version to 3.9 * Updated dependency floors for security fixes: `cryptography` to `>=46.0.5` (CVE-2026-26007), `urllib3` to `>=2.6.3` (CVE-2026-21441, CVE-2025-66471, CVE- 2025-66418, CVE-2025-50181, CVE-2025-50182), and `requests` to `>=2.32.4` (CVE-2024-47081) **Links:** * [PyPI package](https://pypi.org/project/keeper-secrets-manager-core/) * See [Python SDK Documentation](https://docs.keeper.io/keeperpam/secrets-manager/developer-sdk-library/python-sdk) *** ## Terraform Provider 1.2.0 * **KSM-527:** Added PAM record type support — new `secretsmanager_pam_machine`, `secretsmanager_pam_database`, and `secretsmanager_pam_directory` resources and data sources for managing SSH/RDP, database, and directory credentials; `pam_settings` field supports protocol-specific connection configuration as JSON * Added/expanded PAM field support and readback coverage across PAM resources/data sources, including `database_type`, `directory_type`, `connect_database`, `private_pem_key`, `private_key_passphrase`, `folder_uid`, `totp`, and PAM Machine credential fields (`login`, `password`, `ssl_verification`) (KSM-792, 793, 794, KSM-796, 797, 798) * **KSM-788:** Added SSH key pair generation to `secretsmanager_ssh_keys` resource — supports ED25519, RSA (2048/3072/4096), and ECDSA (P-256/P-384/P-521) with optional passphrase encryption via `generate = "yes"` on the `key_pair` block * **KSM-789:** Added SSH key generation and `private_pem_key` field to `secretsmanager_pam_user` and `secretsmanager_pam_machine` resources; passphrase stored as custom field for PAM interoperability * **KSM-389:** Added `title_patterns` parameter to `secretsmanager_records` data source for filtering records with Go regex; patterns can be combined with UIDs and exact titles in a single query * **KSM-522:** Fixed error when shortcuts/linked records are present across multiple shared folders **Security updates** * **KSM-707, KSM-795:** Upgraded Go from 1.24.0 to 1.24.13 to address CVE-2025-22871, CVE-2025-58185, and additional security CVEs **Links:** * [Terraform Registry](https://registry.terraform.io/providers/Keeper-Security/secretsmanager/latest) * See [GitHub Repository](https://github.com/Keeper-Security/terraform-provider-secretsmanager) *** ## Secrets Manager Rust SDK 17.1.0 * **KSM-584, KSM-791**: Added HTTP/HTTPS proxy support (`ClientOptions.proxy_url` or `HTTP_PROXY`/`HTTPS_PROXY`), applied consistently to all operations including file uploads and downloads * **KSM-688**: Added update operations with transaction support for password rotation * **KSM-689, KSM-693**: Added title-based secret and file retrieval (`get_secrets_by_title`, `get_secret_by_title`, `download_file_by_title`, `KeeperFile.get_thumbnail_data`) * **KSM-690**: Added disaster recovery caching with automatic server fallback * **KSM-744**: Added transmission public key #18 for GovCloud Dev support * **Security**: Updated openssl to 0.10.75 (CVE-2025-3416, Medium) and ring to 0.17.14 (CVE-2025-4432, Medium) * **KSM-700, KSM-783**: Fixed config file handling (secure 0600 permissions on Unix; no longer panics on empty JSON config) * **KSM-769, KSM-735**: Fixed notation lookup bugs (`custom_field` selector searched wrong array; duplicate UIDs from shortcuts returned wrong record) * **KSM-776, KSM-779**: Fixed linked record handling (`Record.links` now populated when `request_links` is true; file link removal no longer fails silently) * **KSM-775, KSM-787**: Fixed record reliability (corrupt records filtered from results; CryptoError resolved when falling back to offline cache) * **KSM-782**: Fixed password generation with exact character counts * **KSM-639**: Fixed key rotation with numeric `key_id` values * **Breaking Change**: Minimum Rust version raised to 1.87 (previously 1.56) **Links:** * [Crates.io package](https://crates.io/crates/keeper-secrets-manager-core/17.1.0) * See [Rust SDK Documentation](https://docs.keeper.io/keeperpam/secrets-manager/developer-sdk-library/rust-sdk) *** ## Ansible Plugin 1.3.0 * **KSM-714**: Added notes field update support for keeper\_set (field\_type: notes) * **KSM-768**: Added notes field support across all plugins (keeper\_get, keeper\_copy, keeper\_set) * **KSM-770**, **KSM-771**, **KSM-772**: Fixed notes field handling bugs (empty field retrieval, parameter validation, data loss prevention) * **KSM-773**: Fixed parameter naming inconsistency and added missing documentation (keeper\_create now uses 'notes' instead of 'note') * **KSM-780**: Added backward compatibility for deprecated 'note' parameter * **KSM-781**: Fixed Jinja2 templating for keeper\_config\_file and keeper\_cache\_dir variables * **KSM-762**: Fixed CVE-2026-23949 (jaraco.context path traversal) * **Dependency Update**: Updated to KSM Python SDK v17.1.0 for latest security fixes and features **Links:** * [PyPi package](https://pypi.org/project/keeper-secrets-manager-ansible/) * [Ansible package](https://galaxy.ansible.com/ui/repo/published/keepersecurity/keeper_secrets_manager/) * [Docker image](https://hub.docker.com/r/keeper/keeper-secrets-manager-tower-ee) * See [Ansible documentation](https://docs.keeper.io/keeperpam/secrets-manager/integrations/ansible) *** ## Secrets Manager .NET SDK 17.1.1 * **KSM-767**: Fixed PowerShell 7.5.4 compatibility issue caused by System.Text.Json 10.0.1 dependency **Links:** * [Nuget package](https://www.nuget.org/packages/Keeper.SecretsManager/17.1.1) * [Powershell package](https://www.powershellgallery.com/packages/SecretManagement.Keeper/17.1.1) See [.NET SDK Documentation](https://docs.keeper.io/keeperpam/secrets-manager/developer-sdk-library/.net-sdk) *** ## Secrets Manager .NET SDK 17.1.0 * **KSM-741**: Added transmission public key #18 for GovCloud Dev support * **KSM-724**: Fixed notation lookup with record shortcuts (handles duplicate UIDs from shortcuts) * **KSM-698**: Fixed file permissions for config files (write with 0600 permissions for security) * **KSM-674**: Fixed parsing of lastModified file data field See [.NET SDK Documentation](https://docs.keeper.io/keeperpam/secrets-manager/developer-sdk-library/.net-sdk)