# KSM Developer SDKs

<figure><img src="https://762006384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJXOXEifAmpyvNVL1to%2Fuploads%2Ffsmutfj0MPa7RGwzk8Q7%2FKeeper%20SDK%20Header.png?alt=media&#x26;token=a36f95dd-abe2-4acc-a2a0-4c2949b19559" alt=""><figcaption></figcaption></figure>

## Overview

The Keeper Secrets Manager SDKs are purpose-built to provide extremely simple, fast and efficient access to Secrets Management functionality from all popular languages.

### Secrets Manager SDKs

* [Python](https://docs.keeper.io/en/keeperpam/secrets-manager/developer-sdk-library/python-sdk)
* [Java / Kotlin](https://docs.keeper.io/en/keeperpam/secrets-manager/developer-sdk-library/java-sdk)
* [JavaScript](https://docs.keeper.io/en/keeperpam/secrets-manager/developer-sdk-library/javascript-sdk)
* [.Net](https://docs.keeper.io/en/keeperpam/secrets-manager/developer-sdk-library/.net-sdk)
* [Go](https://docs.keeper.io/en/keeperpam/secrets-manager/developer-sdk-library/golang-sdk)
* [Ruby](https://docs.keeper.io/en/keeperpam/secrets-manager/developer-sdk-library/ruby-sdk)
* [Rust](https://docs.keeper.io/en/keeperpam/secrets-manager/developer-sdk-library/rust-sdk)
* [PowerShell](https://docs.keeper.io/en/keeperpam/secrets-manager/integrations/powershell-plugin)

### Authentication

The Secrets Manager SDK authenticates to the Keeper Vault using either the One Time Access Token or using the generated keys within the local configuration file.  To generate one or more One Time Access Tokens from the [Commander CLI](https://docs.keeper.io/en/keeperpam/commander-cli/overview) use the [`secrets-manager client add`](https://docs.keeper.io/en/keeperpam/commander-cli/command-reference/secrets-manager-commands) command.

```sh
My Vault> secrets-manager client add --app MyApplication --unlock-ip
```

{% hint style="warning" %}
After a config file has been initialized, the One-Time Access Token should be removed from code
{% endhint %}

This initialization code will create a JSON configuration file with the following keys:

| **Key**             | **Description**                                                                                                                                                                                                                                             |
| ------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `hostname`          | <p>The destination host where your Enterprise tenant is located:<br></p><ul><li>keepersecurity.com</li><li>keepersecurity.eu</li><li>keepersecurity.com.au</li><li>keepersecurity.jp</li><li>keepersecurity.ca</li><li>govcloud.keepersecurity.us</li></ul> |
| `clientID`          | The hashed `clientKey` where `clientKey` is the Unique Client Device Identifier                                                                                                                                                                             |
| `privateKey`        | Client Device Private Key                                                                                                                                                                                                                                   |
| `serverPublicKeyId` | Keeper Infrastructure's Public Key ID                                                                                                                                                                                                                       |
| `appKey`            | Application Private Key                                                                                                                                                                                                                                     |
| `appOwnerPublicKey` | Application Owner's Public Key                                                                                                                                                                                                                              |

The following is an example of a generated configuration file:

{% code title="ksm-config.json" %}

```json
{
  "hostname": "keepersecurity.com",
  "clientId": "xxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "privateKey": "xxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "serverPublicKeyId": "10",
  "appKey": "xxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "appOwnerPublicKey": "xxxxxxxxxxxxxxxxxxxxxxxxxxx"
}
```

{% endcode %}

For more information on configuration files, see the [Config File documentation](https://docs.keeper.io/en/keeperpam/secrets-manager/about/secrets-manager-configuration).

### Configuration File Protection

Keeper provides several options for the secure encryption and storage of the KSM configuration file using popular cloud services:

* [AWS KMS](https://docs.keeper.io/en/keeperpam/secrets-manager/integrations/aws-kms)
* [Azure Key Vault](https://docs.keeper.io/en/keeperpam/secrets-manager/integrations/azure-key-vault-ksm)
* [Entrust HSM](https://docs.keeper.io/en/keeperpam/secrets-manager/integrations/entrust-hsm)
* [Google Cloud Key Management](https://docs.keeper.io/en/keeperpam/secrets-manager/integrations/google-cloud-key-management-encryption)
* [Oracle Key Vault](https://docs.keeper.io/en/keeperpam/secrets-manager/integrations/oracle-key-vault)

***

## Script Integration

Keeper Secrets Manager CLI provides a wrapper function that executes any arbitrary system call and replaces environmental variables with values from the Keeper Vault.

[Secrets Manager CLI Exec Command](https://docs.keeper.io/en/keeperpam/secrets-manager/secrets-manager-command-line-interface/exec-command)

## Vault and Admin SDKs&#x20;

For higher level functionality at the Vault and Administrative level, please see the Vault SDKs page which contains links to various development tools.

[Vault SDKs](https://docs.keeper.io/en/keeperpam/secrets-manager/developer-sdk-library/vault-sdks)