search

February 2026

SDK and Integration Updates for February 2026

hashtag
Keeper SDK Release 1.1.4

Several new features and upgrades have been published to Keeper's Python SDK, .Net SDK and PowerShell module, covering vault and administrative actions.

Pluggable Biometric Login

Added a new IBiometricLoginProvider / IBiometricLoginResult interface pair to KeeperSecurity.Authentication, enabling host applications to inject their own biometric credential provider into the auth flow without a hard dependency on KeeperBiometrics.

BiometricLoginProvider property — set to an IBiometricLoginProvider implementation to activate biometric login. TryBiometricLoginAsync() — attempts biometric login, returning a BiometricLoginAttemptResult struct with `Success` and `ErrorMessage`. TryLoginWithBiometricsAsync() — convenience wrapper returning a `bool`.

Push Notifications Toggle

IAuthEndpoint / AuthCommon exposes a new UsePushNotifications property (default true). Setting it to false before login prevents the WebSocket connection from being established, which is useful for batch/service workloads that don't need real-time sync.

SQL Storage Refactored

The monolithic SqliteStorage.cs / SqliteDao.cs have been replaced with a layered, dialect-agnostic storage subsystem. Migration: Replace usages of the removed SqliteStorage class with SqlKeeperStorage, passing a SqliteDialect instance.

New data types added to AuditLog

KeeperVersionType — client version metadata (version ID, type, category). IpAddressType — IP address with city/region/country geo fields. GeoLocationType — geo location with IP count.

Commander CLI (inside the SDK)

Note: The Commander CLI code which exists inside of the KeeperSDK is a paired down version of the full Commander CLI application.

enterprise-info / ei — new command that displays an enterprise hierarchy tree with node, user, role, and team counts. audit-report — significantly expanded; now supports structured column selection, scope filtering, and enriched event data (geo-IP, client version). action-report — new command for aggregated action reporting. MSP commands — new msp context with sub-commands: switch context to/from MSP, display MSP details, refresh MSP data, modify managed company licenses, remove managed companies.

hashtag
PowerShell Module

We have added several new features to the PowerCommander PowerShell module:

Get-KeeperEnterpriseInfoTree — displays the enterprise as a tree Get-KeeperEnterpriseInfoNode — node details. Get-KeeperEnterpriseInfoUser — user details. Get-KeeperEnterpriseInfoTeam — team details. Get-KeeperEnterpriseInfoRole — role details. Get-KeeperEnterpriseInfoManagedCompany — managed company details. Invoke-KeeperEnterpriseNodeWipeOut — removes all content (users, roles, teams, subnodes) under a node. Get-KeeperEnterpriseTeams — lists all enterprise teams with member counts Copy-KeeperMCRole — copies a role from the MSP to a managed company. Get-KeeperRecordHistory — retrieves the history of changes for a record. Find-KeeperDuplicateRecords — identifies duplicate records across the vault. Get-KeeperRecordFieldValue — extracts a specific field value from a typed record. Revoke-KeeperSharesWithUser — revokes all shares to/from a specified user.

hashtag
Samples

The Sample projects have been significantly expanded into categorized, focused examples covering the full SDK surface.

hashtag
References

Unified Keeper SDK Documentation

Keeper SDK .Net

.Net Sample Code

PowerCommander PowerShell

Python SDK

Python SDK Examples

PyPi Python SDK

hashtag
Commander SDK

We have released PowerCommander 1.1.0 and Keeper SDK 1.1.4-beta02.

hashtag
PowerCommander

  • Enterprise: Get-KeeperEnterpriseInfoTree/Node/User/Team/Role/ManagedCompany (keitree, kein, keiu, keit, keir, keimc); Invoke-KeeperEnterpriseNodeWipeOut (kenwipe), Get-KeeperNodePath, Copy-KeeperEnterpriseRole (kercopy), Get-KeeperEnterpriseTeams (lst-team)

  • MSP: Copy-KeeperMCRole (msp-copy-role) - Records: Find-KeeperDuplicateRecords (find-duplicates), Get-KeeperRecordHistory (krh); Get-KeeperFileReport (file-report)

  • Import/Export: Import-KeeperMembership (kapplymbs)

  • Sharing: Revoke-KeeperSharesWithUser

  • Clipboard: clipboard-copy command support

hashtag
SDK (KeeperSdk)

  • Auth/Biometrics: BiometricLoginAttemptResult struct (Success, ErrorMessage; Completed, NotAttempted, Failed); AuthSync.TryBiometricLoginAsync() returns result for clearer app handling; TryLoginWithBiometricsAsync delegates to it

  • Vault/File Report: KeeperFileReport.GenerateFileReport(), FileReportOptions, FileReportItem

  • Vault/Records: RecordHistory, record history extensions – supports Get-KeeperRecordHistory

  • Vault/Membership: DownloadMembership, ApplyMembership – supports import/export shared folder membership

  • Enterprise/MSP: MspManagement, ManagedCompanyOptions, ManagedCompanyAddonOptions, IMspManagement – MC create/update/remove, addons, seats

  • Enterprise: Node wipe-out support (wipe node and all content)

hashtag
Bug Fixes

- Add-KeeperRecord -GeneratePassword flag fixed

hashtag
Links:

hashtag
Secrets Manager Python SDK 17.2.0

Breaking Change Minimum supported Python version is now 3.9 (previously 3.6). Python 3.6-3.8 users should stay on v17.1.0

  • KSM-778: Raised minimum Python version to 3.9

    • Updated dependency floors for security fixes: cryptography to >=46.0.5 (CVE-2026-26007), urllib3 to >=2.6.3 (CVE-2026-21441, CVE-2025-66471, CVE- 2025-66418, CVE-2025-50181, CVE-2025-50182), and requests to >=2.32.4 (CVE-2024-47081)

Links:

hashtag
Terraform Provider 1.2.0

  • KSM-527: Added PAM record type support — new secretsmanager_pam_machine, secretsmanager_pam_database, and secretsmanager_pam_directory resources and data sources for managing SSH/RDP, database, and directory credentials; pam_settings field supports protocol-specific connection configuration as JSON

    • Added/expanded PAM field support and readback coverage across PAM resources/data sources, including database_type, directory_type, connect_database, private_pem_key, private_key_passphrase, folder_uid, totp, and PAM Machine credential fields (login, password, ssl_verification) (KSM-792, 793, 794, KSM-796, 797, 798)

  • KSM-788: Added SSH key pair generation to secretsmanager_ssh_keys resource — supports ED25519, RSA (2048/3072/4096), and ECDSA (P-256/P-384/P-521) with optional passphrase encryption via generate = "yes" on the key_pair block

  • KSM-789: Added SSH key generation and private_pem_key field to secretsmanager_pam_user and secretsmanager_pam_machine resources; passphrase stored as custom field for PAM interoperability

  • KSM-389: Added title_patterns parameter to secretsmanager_records data source for filtering records with Go regex; patterns can be combined with UIDs and exact titles in a single query

  • KSM-522: Fixed error when shortcuts/linked records are present across multiple shared folders

Security updates

  • KSM-707, KSM-795: Upgraded Go from 1.24.0 to 1.24.13 to address CVE-2025-22871, CVE-2025-58185, and additional security CVEs

Links:

hashtag
Secrets Manager Rust SDK 17.1.0

  • KSM-584, KSM-791: Added HTTP/HTTPS proxy support (ClientOptions.proxy_url or HTTP_PROXY/HTTPS_PROXY), applied consistently to all operations including file uploads and downloads

  • KSM-688: Added update operations with transaction support for password rotation

  • KSM-689, KSM-693: Added title-based secret and file retrieval (get_secrets_by_title, get_secret_by_title, download_file_by_title, KeeperFile.get_thumbnail_data)

  • KSM-690: Added disaster recovery caching with automatic server fallback

  • KSM-744: Added transmission public key #18 for GovCloud Dev support

  • Security: Updated openssl to 0.10.75 (CVE-2025-3416, Medium) and ring to 0.17.14 (CVE-2025-4432, Medium)

  • KSM-700, KSM-783: Fixed config file handling (secure 0600 permissions on Unix; no longer panics on empty JSON config)

  • KSM-769, KSM-735: Fixed notation lookup bugs (custom_field selector searched wrong array; duplicate UIDs from shortcuts returned wrong record)

  • KSM-776, KSM-779: Fixed linked record handling (Record.links now populated when request_links is true; file link removal no longer fails silently)

  • KSM-775, KSM-787: Fixed record reliability (corrupt records filtered from results; CryptoError resolved when falling back to offline cache)

  • KSM-782: Fixed password generation with exact character counts

  • KSM-639: Fixed key rotation with numeric key_id values

  • Breaking Change: Minimum Rust version raised to 1.87 (previously 1.56)

Links:

hashtag
Ansible Plugin 1.3.0

  • KSM-714: Added notes field update support for keeper_set (field_type: notes)

  • KSM-768: Added notes field support across all plugins (keeper_get, keeper_copy, keeper_set)

  • KSM-770, KSM-771, KSM-772: Fixed notes field handling bugs (empty field retrieval, parameter validation, data loss prevention)

  • KSM-773: Fixed parameter naming inconsistency and added missing documentation (keeper_create now uses 'notes' instead of 'note')

  • KSM-780: Added backward compatibility for deprecated 'note' parameter

  • KSM-781: Fixed Jinja2 templating for keeper_config_file and keeper_cache_dir variables

  • KSM-762: Fixed CVE-2026-23949 (jaraco.context path traversal)

  • Dependency Update: Updated to KSM Python SDK v17.1.0 for latest security fixes and features

Links:

hashtag
Secrets Manager .NET SDK 17.1.1

  • KSM-767: Fixed PowerShell 7.5.4 compatibility issue caused by System.Text.Json 10.0.1 dependency

Links:

See .NET SDK Documentationarrow-up-right

hashtag
Secrets Manager .NET SDK 17.1.0

  • KSM-741: Added transmission public key #18 for GovCloud Dev support

  • KSM-724: Fixed notation lookup with record shortcuts (handles duplicate UIDs from shortcuts)

  • KSM-698: Fixed file permissions for config files (write with 0600 permissions for security)

  • KSM-674: Fixed parsing of lastModified file data field

See .NET SDK Documentationarrow-up-right

Previous2026NextJanuary 2026

Last updated

Was this helpful?