search

March 2026

SDK and Integration Updates for March 2026

hashtag
KSM CLI 1.3.0

Breaking Change Minimum supported Python version is now 3.10 (previously 3.7). Python 3.7-3.9 users should stay on v1.2.0

Breaking Change boto3 is no longer installed by default. AWS sync users must install the [aws] extra: pip install keeper-secrets-manager-cli[aws]

  • KSM-800: Added OS-native keyring storage for CLI configuration

    • New profiles store configuration in the OS keyring by default (macOS Keychain, Windows Credential Manager, Linux Secret Service)

    • Existing keeper.ini profiles continue to work without migration

    • Added --ini-file flag to opt into explicit file-based storage

    • Install keyring support: pip install keeper-secrets-manager-cli[keyring]

    • Additional fixes:

      • Profile name validated against [a-zA-Z0-9_-]{1,64} before redeeming one-time token

      • SHA-256 integrity check on every keyring load with clear error and recovery hint

      • Warning on stderr when keyring is empty and a keeper.ini exists

      • Graceful fallback to keeper.ini on Linux when Secret Service is unavailable

      • --ini-file flag respected by all profile and config subcommands and no longer requires boto3 for non-AWS profiles

  • KSM-810: added ksm profile delete <name> command

  • KSM-820: ksm secret get --json now outputs custom fields under "custom" key (was "custom_fields"), matching the canonical V3 record format

  • KSM-818: ksm shell no longer crashes when click>=8.2 is installed

  • KSM-702: Record create payload now always includes custom: []; previously omitted when no custom fields were set

  • KSM-691: keeper.ini is now written with owner-only permissions (0600)

  • Dependency Update: Updated keeper-secrets-manager-core to >=17.2.0 and keeper-secrets-manager-helper to >=1.1.0

Security updates

  • KSM-761: Fixed CVE-2026-23949 (jaraco.context path traversal vulnerability)

Links:

hashtag
Ansible Integration 1.4.0

Breaking Change Minimum supported Python version is now 3.9 (previously 3.7). Python 3.7-3.8 users should stay on v1.3.0

  • KSM-811: Raised minimum Python version from 3.7 to 3.9

    • Updated keeper-secrets-manager-core dependency to >=17.2.0

    • Updated keeper-secrets-manager-helper dependency to >=1.1.0

    • Replaced importlib_metadata backport with stdlib importlib.metadata

  • KSM-816: Fixed keeper_create failing when the target shared folder contains no records

  • KSM-827: Fixed Tower Execution Environment Docker image missing system packages required by Ansible Automation Platform

    • Added openssh-clients, sshpass, rsync, and git to the EE image

    • Resolves [dumb-init] ssh agent: No such file or directory startup error

Links:

Previous2026NextFebruary 2026

Last updated

Was this helpful?