var storage =newLocalConfigStorage("ksm-config.json");SecretsManagerClient. InitializeStorage(storage,"[One Time Access Token]");// Using token only to generate a config (for later usage)// requires at least one access operation to bind the token//var options = new SecretsManagerOptions(storage);//await SecretsManagerClient.GetSecrets(options);
Object containing all Keeper records, or records that match the given filter criteria
Example Usage
Retrieve all Secrets
var options =newSecretsManagerOptions(storage, testPostFunction);var secrets =GetSecrets(options);
Retrieve Secrets by Title
// get all matching recordsasyncTask<IEnumerable<KeeperRecord>> GetSecretsByTitle(SecretsManagerOptions options,string recordTitle)// get only the first matching recordasync Task<KeeperRecord> GetSecretByTitle(SecretsManagerOptions options,string recordTitle)
Example Usage
usingSystem;usingSystem.Threading.Tasks;usingSecretsManager;privatestaticasyncTaskgetOneIndividualSecret(){var storage =newLocalConfigStorage("ksm-config.json");var options =newSecretsManagerOptions(storage);var records = (awaitSecretsManagerClient.GetSecretsByTitle( options,"My Credentials") ).Records;foreach (var record in records) {Console.WriteLine(record.RecordUid+" - "+record.Data.title);foreach (var field inrecord.Data.fields) {Console.WriteLine("\t"+field.label+" ("+field.type+"): ["+String.Join(", ",field.value) +"]"); } }}
Retrieve Values from a Secret
Retrieve a Password
secret.FieldValue("password")
var storage =newLocalConfigStorage(configName);Console.WriteLine($"Local Config Storage opened from the file {configName}");if (clientKey !=null)SecretsManagerClient.InitializeStorage(storage,"<One Time Access Token>");}var options =newSecretsManagerOptions(storage);//get secretsvar secrets= (awaitSecretsManagerClient.GetSecrets(options)).Records;// get the password from the first secretvar firstSecret=secrets[0];var password =firstSecret.FieldValue("password").ToString();
Fields are found by type, for a list of field types see the Record Types documentation.
Retrieve Other Fields Using Keeper Notation
GetValue(KeeperSecrets secrets,string notation)
var storage =newLocalConfigStorage(configName);Console.WriteLine($"Local Config Storage opened from the file {configName}");if (clientKey !=null)SecretsManagerClient.InitializeStorage(storage,"<One Time Access Token>");}var options =newSecretsManagerOptions(storage);//get secretsvarsecrets (await SecretsManagerClient.GetSecrets(options)).Records;// get login field value using dot notationvar password =Notation.GetValue(secrets,"BediNKCMG21ztm5xGYgNww/field/login");
var storage =newLocalConfigStorage(configName);Console.WriteLine($"Local Config Storage opened from the file {configName}");if (clientKey !=null)SecretsManagerClient.InitializeStorage(storage,"<One Time Access Token>");}var options =newSecretsManagerOptions(storage);//get secretsvarsecrets (await SecretsManagerClient.GetSecrets(options)).Records;// get TOTP url from a recordvar url =Notation.GetValue(secrets,"BediNKCMG21ztm5xGYgNww/field/OneTimeCode");// get TOTP codevar totp =CryptoUtils.GetTotpCode(url);Console.WriteLine(totp.Code);
Update Values in a Secret
Record update commands don't update local record data on success (esp. updated record revision) so any consecutive updates to an already updated record will fail due to revision mismatch. Make sure to reload all updated records after each update batch.
var options =SecretsManagerOptions(storage, testPostFunction)updateSecret(options, secret)
var storage =newLocalConfigStorage(configName);var options =newSecretsManagerOptions(storage);//get secretsvar secrets = (awaitSecretsManagerClient.GetSecrets(options)).Records;// get the first secretvar secret =secrets[0];// rotate password on the recordsecret.updateFieldValue("password","MyNewPassword");//start a transactionawaitSecretsManagerClient.UpdateSecret(options, secret,UpdateTransactionType.Rotation);// rotate password on remote hostsuccess =rotateRemoteSshPassword("MyNewPassword");// complete the transaction - commit or rollbackawaitSecretsManagerClient.CompleteTransaction(options,secret.RecordUid, rollback:!success);
Use UpdateSecret to save changes made to a secret record. Changes will not be reflected in the Keeper Vault until UpdateSecret is performed.
Update a Field Value
UpdateFieldValue(string fieldType,object value)
var storage =newLocalConfigStorage(configName);Console.WriteLine($"Local Config Storage opened from the file {configName}");if (clientKey !=null)SecretsManagerClient.InitializeStorage(storage,"<One Time Access Token>");}var options =newSecretsManagerOptions(storage);//get secretsvar secrets= (awaitSecretsManagerClient.GetSecrets(options)).Records;// get the password from the first secretvar firstSecret=secrets[0];// update the login fieldfirstSecret.updateFieldValue("login","My New Login");// save changesupdateSecret(options, firstSecret);
// generate a random passwordvar password =CryptoUtils.GeneratePassword();// update a record with the new passwordfirstRecord.UpdateFieldValue("password", password);awaitSecretsManagerClient.UpdateSecret(options, firstRecord);
Each parameter indicates the min number of a type of character to include. For example, 'uppercase' indicates the minimum number of uppercase letters to include.
usingSystem;usingSystem.Threading.Tasks;usingSecretsManager;privatestaticasyncTaskuploadFile(){ // initalize storage and optionsvar storage =newLocalConfigStorage("ksm-config.json");var options =newSecretsManagerOptions(storage); // get a record to attach the file tovar records = (awaitSecretsManagerClient.GetSecrets( options,new[] { "XXX" }) ).Records;var ownerRecord =records[0]; // get file data to uploadvar bytes =awaitFile.ReadAllBytesAsync("my-file.json");var myFile =newKeeperFileUpload("my-file1.json","My File",null, bytes ); // upload file to selected record awaitSecretsManagerClient.UploadFile(options, firstRecord, myFile);}
Create a Secret
Prerequisites:
Shared folder UID
Shared folder must be accessible by the Secrets Manager Application
You and the Secrets Manager application must have edit permission
There must be at least one record in the shared folder
Created records and record fields must be formatted correctly
See the documentation for expected field formats for each record type
TOTP fields accept only URL generated outside of the KSM SDK
After record creation, you can upload file attachments using UploadFile
This example creates a login type record with a login value and a generated password.
Replace '[FOLDER UID]' in the example with the UID of a shared folder that your Secrets Manager has access to.
var newRecord =newKeeperRecordData{type ="login", title ="Sample KSM Record: C#"};newRecord.fields=new[]{newKeeperRecordField { type ="login", value =new[] { "My Username" } },newKeeperRecordField { type ="password", value =new[] { CryptoUtils.GeneratePassword() } },};newRecord.notes="This is a C# record creation example";var recordUid =awaitSecretsManagerClient.CreateSecret(options, folderUid, newRecord);
This example creates a record with a custom record type.
Replace '[FOLDER UID]' in the example with the UID of a shared folder that your Secrets Manager has access to.
var newRecord =newKeeperRecordData();newRecord.type="Custom Login";newRecord.title="Sample Custom Type KSM Record: C#";newRecord.fields=new[]{newKeeperRecordField { type ="host", value =new[] {newDictionary<string,string> { { "hostName","127.0.0.1"}, { "port","8080"} } }, label ="My Custom Host lbl", required =true },newKeeperRecordField { type ="login", value =new[] { "login@email.com" }, required =true, label ="My Custom Login lbl" },newKeeperRecordField { type ="password", value =new[] { CryptoUtils.GeneratePassword() }, required =true, label ="My Custom Password lbl" },newKeeperRecordField { type ="url", value =new[] { "http://localhost:8080/login" }, label ="My Login Page", required =true },newKeeperRecordField { type ="securityQuestion", value =new[] {newDictionary<string,string> { {"question","What is one plus one (write just a number)"}, { "answer","2" } } }, label ="My Question 1", required =true },newKeeperRecordField { type ="phone", value =new[] {newDictionary<string,string> { { "region","US" }, { "number","510-444-3333" }, { "ext","2345" }, { "type","Mobile" } } }, label ="My Private Phone", privacyScreen =true },newKeeperRecordField { type ="date", value =new[] {(object) 1641934793000 }, label ="My Date Lbl" },newKeeperRecordField { type ="name", value =new[] {newDictionary<string,string> { {"first","John"}, {"middle","Patrick"}, {"last","Smith"} } }, required =true },newKeeperRecordField { type ="oneTimeCode", value =new[] {"otpauth://totp/Example:alice@google.com?secret=JBSWY3DPEHPK3PXP&issuer=Example" }, label ="My TOTP", required =true }};newRecord.notes = "\tThis custom type record was created\n\tvia Python SDK copied from https://docs.keeper.io/secrets-manager/secrets-manager/developer-sdk-library/.net-sdk";
var recordUid =awaitSecretsManagerClient.CreateSecret(options,"[FOLDER_UID]", newRecord);
Delete a Secret
The .Net KSM SDK can delete records in the Keeper Vault.
DeleteSecret(smOptions, recordsUids);
usingSecretsManager;// setup secrets managervar storage =newLocalConfigStorage("ksm-config.json");//SecretsManagerClient.InitializeStorage(storage, "<One Time Access Token>");var smOptions =newSecretsManagerOptions(storage);// delete a specific secret by record UIDawaitSecretsManagerClient.DeleteSecret(smOptions,newstring[] {"EG6KdJaaLG7esRZbMnfbFA"});
Caching
To protect against losing access to your secrets when network access is lost, the .Net SDK allows caching of secrets to the local machine in an encrypted file.
Setup and Configure Cache
In order to setup caching in the .Net SDK, include a caching post function as the second argument when instantiating aSecretsManagerOptions object.
The .Net SDK includes a default caching function cachingPostFunction which stores cached queries to a file.
var options =newSecretsManagerOptions(storage,SecretsManagerClient.CachingPostFunction);var secrets =awaitSecretsManagerClient.GetSecrets(options);
Folders
Folders have full CRUD support - create, read, update and delete operations.
Requires CreateOptions and folder name to be provided. The folder UID parameter in CreateOptions is required - UID of a shared folder, while sub-folder UID is optional and if missing, a new regular folder is created directly under the parent (shared folder). There's no requirement for the sub-folder to be a direct descendant of the parent shared folder - it could be many levels deep.
Removes a list of folders. Use forceDeletion flag to remove non-empty folders.
When using forceDeletion avoid sending parent with its children folder UIDs. Depending on the delete order you may get an error - ex. if parent force-deleted child first. There's no guarantee that list will always be processed in FIFO order.
Any folders UIDs missing from the vault or not shared to the KSM Application will not result in error.