# March 2026 ## Keeper Secrets Manager CLI 1.3.0 This update introduces enhanced security features that use native secure profile storage to safeguard Keeper device identity information. This security measure is enabled by default on all compatible Windows, macOS, and Linux devices. > **Breaking Change** Minimum supported Python version is now **3.10** (previously 3.7). Python 3.7-3.9 users should stay on `v1.2.0` > **Breaking Change** `boto3` is no longer installed by default. AWS sync users must install the `[aws]` extra: `pip install keeper-secrets-manager-cli[aws]` * **KSM-800:** Added OS-native keyring storage for CLI configuration * New profiles store configuration in the OS keyring by default (macOS Keychain, Windows Credential Manager, Linux Secret Service) * Existing `keeper.ini` profiles continue to work without migration * Added `--ini-file` flag to opt into explicit file-based storage * Install keyring support: `pip install keeper-secrets-manager-cli[keyring]` * Additional fixes: * Profile name validated against `[a-zA-Z0-9_-]{1,64}` before redeeming one-time token * SHA-256 integrity check on every keyring load with clear error and recovery hint * Warning on stderr when keyring is empty and a `keeper.ini` exists * Graceful fallback to `keeper.ini` on Linux when Secret Service is unavailable * `--ini-file` flag respected by all `profile` and `config` subcommands and no longer requires `boto3` for non-AWS profiles * **KSM-810**: added `ksm profile delete ` command * **KSM-820:** `ksm secret get --json` now outputs custom fields under `"custom"` key (was `"custom_fields"`), matching the canonical V3 record format * **KSM-818:** `ksm shell` no longer crashes when `click>=8.2` is installed * **KSM-702:** Record create payload now always includes `custom: []`; previously omitted when no custom fields were set * **KSM-691:** `keeper.ini` is now written with owner-only permissions (0600) * **Dependency Update:** Updated `keeper-secrets-manager-core` to `>=17.2.0` and `keeper-secrets-manager-helper` to `>=1.1.0` **Security updates** * **KSM-761:** Fixed CVE-2026-23949 (jaraco.context path traversal vulnerability) **Links:** * [KSM CLI Docs](/en/keeperpam/secrets-manager/secrets-manager-command-line-interface.md) * [PyPI Package](https://pypi.org/project/keeper-secrets-manager-cli/) * [Docker Hub](https://hub.docker.com/r/keeper/keeper-secrets-manager-cli/tags?name=1.3.0) * [Docker Hub (Alpine)](https://hub.docker.com/r/keeper/keeper-secrets-manager-cli-alpine/tags?name=1.3.0) * [GitHub Release](https://github.com/Keeper-Security/secrets-manager/releases/tag/ksm-cli-v1.3.0) *** ## Ansible Integration 1.4.0 > **Breaking Change** Minimum supported Python version is now **3.9** (previously 3.7). Python 3.7-3.8 users should stay on `v1.3.0` * **KSM-811:** Raised minimum Python version from 3.7 to 3.9 * Updated `keeper-secrets-manager-core` dependency to `>=17.2.0` * Updated `keeper-secrets-manager-helper` dependency to `>=1.1.0` * Replaced `importlib_metadata` backport with stdlib `importlib.metadata` * **KSM-816:** Fixed `keeper_create` failing when the target shared folder contains no records * **KSM-827:** Fixed Tower Execution Environment Docker image missing system packages required by Ansible Automation Platform * Added `openssh-clients`, `sshpass`, `rsync`, and `git` to the EE image * Resolves `[dumb-init] ssh agent: No such file or directory` startup error **Links:** * [Ansible Integration Docs](/en/keeperpam/secrets-manager/integrations/ansible.md) * [PyPI Package](https://pypi.org/project/keeper-secrets-manager-ansible/1.4.0/) * [Ansible Galaxy](https://galaxy.ansible.com/ui/repo/published/keepersecurity/keeper_secrets_manager/?version=1.4.0) * [Docker Hub](https://hub.docker.com/r/keeper/keeper-secrets-manager-tower-ee/tags) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.keeper.io/en/release-notes/enterprise/keeper-secrets-manager/2026/march-2026.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.