# Vault Release 18.0.0

## New Feature

### **Nested Share Subfolders With Role-Based Folder Permissions**

Keeper is redefining how users and teams organize, share and protect their most sensitive records. With the introduction of **Nested Share Subfolders with Role-Based Folder Permissions**, we’ve rebuilt the vault’s folder, sharing and permissions model from the ground up, delivering a more flexible and scalable experience for every user and team.

During this transition, the new Nested Share Subfolder system will exist alongside the existing Classic folder system and permission model, with two distinct folder icons to help users easily differentiate between them. 

{% hint style="info" %}
This feature is currently available by invitation only. To request access or learn more, please contact your Keeper representative or visit [keepersecurity.com/contact](https://www.keepersecurity.com/contact.html).
{% endhint %}

Organize records and folders up to five levels deep, with no flat structures or workarounds — just logical organization that scales with your team.

<figure><img src="/files/RZYlZMAIyR5P9dBPpg3k" alt=""><figcaption><p><strong>Hierarchical Folder &#x26; Subfolder Organization</strong></p></figcaption></figure>

Permissions flow down automatically from a parent folder through all nested subfolders and records within it, so broad access policies apply consistently without manual effort

<figure><img src="/files/MKvn9fbqZvim65fcQ3Xm" alt=""><figcaption></figcaption></figure>

Role-Based Folder Permissions give administrators granular control over exactly who can view, edit, share and manage content at every level of the folder hierarchy — whether you're an individual user, managing a small team, or operating across a global enterprise.

<figure><img src="/files/GqrpGJDNv28XddIXHNon" alt=""><figcaption></figcaption></figure>

#### Creating Folders

Clicking on **Create New** > **Folder** creates a folder - no need to decide between a regular or shared folder. If you want to share a folder, click Share.

<figure><img src="/files/A0byJQheBvtL2snrPWzO" alt=""><figcaption></figcaption></figure>

#### Rollout Approach

The Nested Share Subfolders feature was a rebuild from the ground up - which includes advanced encryption upgrades in addition to functional upgrades. Therefore, the Classic and Nested Share Subfolder systems must be separated in the vault. When creating a new Folder, you will have the option to use the Classic permission model which will limit sharing to basic access levels and can be used for compatibility with older workflows. Existing workflows remain unaffected while organizations adopt the new experience at their own pace. In the future, we plan to support conversion between the two systems — for now, they remain separate.

<figure><img src="/files/ETf0nwAP2FyNLEtoy4uw" alt=""><figcaption><p>Checkbox for Classic Permission Model</p></figcaption></figure>

#### **Key Features**

* **Hierarchical organization up to five levels deep** — Create folders and subfolders with independent sharing configurations at each level, enabling logical organization that scales with your team structure.
* **Role-based folder permissions** — Assign granular permissions at both the folder and record level, giving every user exactly the access their role requires. Permissions can be applied through inheritance (flowing automatically from parent to child folders), direct folder assignment, or direct record assignment.
* **Permission inheritance with targeted overrides** — Broad access policies apply consistently across a folder structure, with the flexibility to make precise exceptions at any level. When multiple permission paths apply, precedence rules ensure the most specific assignment wins — record-level permissions override folder-level ones, which override inherited permissions from a parent.
* **Access management controls** — Share managers can add users and teams, perform bulk permission changes, and set access expiration dates or revoke access entirely at the folder or record level. Users cannot grant permissions higher than their own access level.

#### Roadmap

The Nested Share Subfolder feature is available through a "feature flag" that can be enabled by the Keeper support team. Over the coming weeks, we plan to gather customer feedback and roll out critical capabilities which include:

* Vault Transfer Policy
* Deletion and Restore
* Moving records
* Import
* Migration from Classic shared folders
* iOS, Android, Browser Extension end-user application support
* Secrets Manager SDKs and integrations

#### Commander CLI

The Nested Share Subfolder capabilities are supported with [Commander CLI](/keeperpam/commander-cli/overview.md) with the new "KeeperDrive Commands" that have the prefix of `kd-`. The list of commands is below.

{% code overflow="wrap" %}

```
KeeperDrive Commands
    kd-get                            Get details of a KeeperDrive record or folder
    kd-list                           List Keeper Drive folders and records
    kd-ln                             Link a record into a KeeperDrive folder (positional)
    kd-mkdir                          Create a KeeperDrive folder
    kd-record-add                     Create a KeeperDrive record
    kd-record-details                 Get record metadata (title, color)
    kd-record-permission              Modify sharing permissions of records in a folder
    kd-record-update                  Update a KeeperDrive record
    kd-rm                             Remove (delete/unlink) a KeeperDrive record
    kd-rmdir                          Remove a KeeperDrive folder and its contents
    kd-rndir                          Rename a KeeperDrive folder
    kd-share-folder                   Grant/update/revoke folder sharing
    kd-share-record                   Grant/update/revoke record sharing
    kd-shortcut                       Manage KeeperDrive record shortcuts (multi-folder links)
    kd-transfer-record                Transfer record ownership to another user
```

{% endcode %}

## Bug Fixes

* **VAUL-8619:** Various issues with Dark Mode.&#x20;
* **VAUL-8714:** Improved Error Messaging for Session Persistence Conflicts.
* **VAUL-8748:** Resolved test alignment in the Query Log display.&#x20;

## Web Vault Update Instructions

* To ensure you're using the latest Web Vault, simply reload the vault login page (or Shift+Ctrl/Cmd+R to force refresh)

## Desktop Update Instructions

* If you installed Keeper Desktop directly from the Keeper website, download the latest version from:\
  <https://www.keepersecurity.com/download.html?t=d>
* If you installed Keeper Desktop from the Mac App Store or Microsoft Store, visit the store to perform the update.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.keeper.io/release-notes/desktop/web-vault-+-desktop-app/vault-release-18.0.0.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.