Developer SDKs
Sample code and SDK integration instructions for Keeper Secrets Manager

Installation

Java
Kotlin
JavaScript
Python
.Net
GoLang
Reference the maven repository for snapshots: repositories { mavenCentral() maven { url "https://s01.oss.sonatype.org/content/groups/public/" } }
Add the following dependency to your project:
    com.keepersecurity.secrets-manager:core:16.0.1-SNAPSHOT
Reference the maven repository for snapshots: repositories { mavenCentral() maven("https://s01.oss.sonatype.org/content/groups/public/") }
Add the following dependency to your project:
    com.keepersecurity.secrets-manager:core:16.0.1-SNAPSHOT
npm install @keeper-security/secrets-manager-core
1
pip3 install -U keeper-secrets-manager-core
Copied!
dotnet add package Keeper.SecretsManager
1
import (
2
ksm "github.com/keeper-security/secrets-manager-go/core"
3
klog "github.com/keeper-security/secrets-manager-go/core/logger"
4
)
Copied!

Authentication

The Secrets Manager SDK authenticates to the Keeper Vault using either the One Time Access Token or using the generated keys within the local configuration file. To generate one or more One Time Access Tokens from Commander CLI use the secrets-manager client add command.
1
$ keeper shell
2
3
... login ...
4
5
My Vault> secrets-manager client add --app MyApplication --unlock-ip
Copied!

Initialization

Java
Kotlin
JavaScript
Python
.Net
GoLang
1
import com.keepersecurity.secretsManager.core.*;
2
import static com.keepersecurity.secretsManager.core.SecretsManager.*;
3
import java.io.FileOutputStream;
4
5
// oneTimeToken is used only once to initialize the storage
6
// after the first run, subsequent calls will use config.json
7
String oneTimeToken = "<One Time Access Token>";
8
KeyValueStorage storage = new LocalConfigStorage("config.json");
9
try {
10
initializeStorage(storage, oneTimeToken, "keepersecurity.com");
11
SecretsManagerOptions options =
12
new SecretsManagerOptions(storage);
13
KeeperSecrets secrets = getSecrets(options);
14
System.out.println(secrets.getRecords());
15
16
// get the password from the first record
17
KeeperRecord firstRecord = secrets.getRecords().get(0);
18
String firstRecordPassword = firstRecord.getPassword();
19
System.out.println(firstRecordPassword);
20
} catch (Exception e) {
21
System.out.println(e.getMessage());
22
}
Copied!
1
import com.keepersecurity.secretsManager.core.*
2
import java.io.FileOutputStream
3
4
// oneTimeToken is used only once to initialize the storage
5
// after the first run, subsequent calls will use config.json
6
val oneTimeToken = "<One Time Access Token>";
7
val storage: KeyValueStorage = LocalConfigStorage("config.json")
8
try {
9
initializeStorage(storage, oneTimeToken, "keepersecurity.com")
10
val options = SecretsManagerOptions(storage)
11
val (records) = getSecrets(options)
12
println(records)
13
14
// get the password from the first record
15
val firstRecord = records[0]
16
val firstRecordPassword = firstRecord.getPassword()
17
println(firstRecordPassword)
18
} catch (e: Exception) {
19
println(e.message)
20
}
Copied!
1
const {
2
getSecrets,
3
initializeStorage,
4
localConfigStorage,
5
downloadFile,
6
updateSecret
7
} = require('@keeper-security/secrets-manager-core')
8
9
const fs = require("fs")
10
11
const oneTimeToken = '9XJIPhkOA40-SFAA2dXQRniqfH-lzj38gec2dDh0u1U'
12
13
const getKeeperRecords = async () => {
14
const storage = localConfigStorage("config.json")
15
await initializeStorage(storage, oneTimeToken, 'keepersecurity.com')
16
const {records} = await getSecrets({storage: storage})
17
console.log(records)
18
19
const firstRecord = records[0]
20
const firstRecordPassword = firstRecord.data.fields.find(x => x.type === 'password')
21
console.log(firstRecordPassword.value[0])
22
}
23
24
getKeeperRecords().finally()
Copied!
1
from keeper_secrets_manager_core import SecretsManager
2
from keeper_secrets_manager_core.storage import FileKeyValueStorage
3
4
secrets_manager = SecretsManager(
5
hostname='keepersecurity.com',
6
token='<One Time Access Token>',
7
config=FileKeyValueStorage('config.json')
8
)
Copied!
1
using System;
2
using SecretsManager;
3
4
var oneTimeToken = "<One Time Access Token>";
5
var storage = new LocalConfigStorage("config.json");
6
try {
7
SecretsManagerClient.InitializeStorage(storage, oneTimeToken, "keepersecurity.com");
8
var options = new SecretsManagerOptions(storage);
9
var records = (await SecretsManagerClient.GetSecrets(options)).Records;
10
Console.WriteLine(quot;Received {records.Length} record(s)");
11
12
// get the password from the first record
13
var firstRecord = records[0];
14
var password = records[0].FieldValue("password").ToString();
15
Console.WriteLine(quot;Password: {password}");
16
} catch (Exception e) {
17
Console.WriteLine(e);
18
}
Copied!
1
hostname := "keepersecurity.com"
2
token := "<One Time Access Token>"
3
verifySslCerts := true
4
sm := ksm.NewSecretsManagerFromSettings(token, hostname, verifySslCerts)
Copied!
This initialization code will create a configuration file on the device local storage.
Field
Description
hostname
The destination host where your Enterprise tenant is located:
    keepersecurity.com
    keepersecurity.eu
    keepersecurity.com.au
    govcloud.keepersecurity.us
token
One Time Access Token generated from Commander or Vault UI
config
Filename to store the local config
After initialization, the config file will contain a few more generated keys:
Config Name
Description
appKey
Application Private Key (AES-256)
clientID
Unique Client Device Identifier
privateKey
Client Device Private Key (ECC secp256r1)

Retrieve All Secrets

Java
Kotlin
JavaScript
Python
.Net
GoLang
1
KeeperSecrets secrets = getSecrets(options);
2
List<KeeperRecord> records = secrets.getRecords();
Copied!
1
val (records) = getSecrets(options)
Copied!
1
const {records} = await getSecrets({storage: storage})
Copied!
1
all_records = secrets_manager.get_secrets()
2
3
# print out all record JSON data
4
for secret in all_records:
5
print(secret.dict)
6
Copied!
1
var records = (await SecretsManagerClient.GetSecrets(options)).Records;
Copied!
1
allRecords, err := sm.GetSecrets([]string{})
Copied!

Retrieve One Individual Secret

In this example, the Record UID is XXX
Java
Kotlin
JavaScript
Python
.Net
GoLang
1
KeeperSecrets secrets = getSecrets(options, Arrays.asList("XXX"));
2
List<KeeperRecord> records = secrets.getRecords();
3
KeeperRecord firstRecord = records.get(0);
Copied!
1
val (records) = getSecrets(options, listOf("XXX"));
Copied!
1
const {records} = await getSecrets({storage: storage}, ['XXX'])
Copied!
1
secret = secrets_manager.get_secrets(['XXX'])[0]
2
3
# Show all fields and custom fields
4
print(mysql_secret.dict)
5
6
# Get a standard template field
7
password = secret.field('password', single=True)
8
9
# Get a custom field, e.g. API Key
10
api_key = secret.custom_field('API Key', single=True)
Copied!
1
var records = (await SecretsManagerClient.GetSecrets(
2
options, new[] { "XXX" })
3
).Records;
Copied!
1
record, err := sm.GetSecrets([]string{"XXX"}
Copied!

Retrieve a Password

Example to retrieve an individual record password field.
Java
Kotlin
JavaScript
Python
.Net
GoLang
1
secret.getPassword()
Copied!
1
secret.getPassword()
Copied!
1
secret.data.fields.find(x => x.type === 'password')
Copied!
1
secret.field('password', single=True)
Copied!
1
secret.FieldValue("password")
Copied!
1
secret.GetFieldValueByType("password")
Copied!

Download a File Attachment

Java
Kotlin
JavaScript
Python
.Net
GoLang
1
// download the first file from the first record
2
KeeperFile file = secrets.getRecords().get(0).getFileByName("acme.cer");
3
byte[] fileBytes = downloadFile(file);
4
try (FileOutputStream fos = new FileOutputStream(file.getData().getName())) {
5
fos.write(fileBytes);
6
}
Copied!
1
// download the file from the 1st record
2
val file = records[0].getFileByName("acme.cer")
3
if (file != null) {
4
val fileBytes = downloadFile(file)
5
FileOutputStream(file.data.name).use { fos -> fos.write(fileBytes) }
6
}
Copied!
1
const file = firstRecord.files.find(x => x.data.name === 'acme.cer')
2
if (file) {
3
const fileBytes = await downloadFile(file)
4
fs.writeFileSync(file.data.name, fileBytes)
5
}
Copied!
1
# Save all files to a /tmp folder (create folder if does not exist)
2
for file in secret.files:
3
print("file: %s" % file)
4
file.save_file("/tmp/" + file.name, True)
Copied!
1
// download the file from the 1st record
2
var file = firstRecord.GetFileByName("acme.cer");
3
if (file != null)
4
{
5
var fileBytes = SecretsManagerClient.DownloadFile(file);
6
await File.WriteAllBytesAsync(file.Data.name, fileBytes);
7
}
Copied!
1
allRecords, err := sm.GetSecrets([]string{})
2
record := allRecords[0]
3
file := record.Files[0]
4
f.SaveFile("/tmp/"+f.Name, true)
Copied!

Update a Secret

Java
Kotlin
JavaScript
Python
.Net
GoLang
1
// update the password on the first record
2
firstRecord.updatePassword("aP1$t367QOCvL$eM$bG#");
3
updateSecret(options, firstRecord);
Copied!
1
// update the password on the first record
2
firstRecord.updatePassword("aP1\$t367QOCvL\$eM\$bG#")
3
updateSecret(options, firstRecord)
Copied!
1
// update the password on the first record
2
firstRecordPassword.value[0] = 'aP1$t367QOCvL$eM$bG#'
3
await updateSecret({storage: storage}, firstRecord)
Copied!
1
secret.password = 'NewPassword123#x27;
2
secrets_manager.save(secret)
Copied!
1
firstRecord.UpdateFieldValue("password", "aP1$t367QOCvL$eM$bG#");
2
await SecretsManagerClient.UpdateSecret(options, firstRecord);
Copied!
1
allRecords, err := sm.GetSecrets([]string{})
2
record := allRecords[0]
3
record.SetPassword("NewPassword123quot;)
Copied!

Script Integration

Keeper Secrets Manager CLI provides a wrapper function that executes any arbitrary system call and replaces environmental variables with values from the Keeper Vault.

.Net Vault SDK

Keeper also provides a .Net based Commander tool with a developer SDK for basic vault access and administrative functions that are outside of the scope of Secrets Manager:

PowerShell CLI

Keeper's PowerShell command-line tool (PowerCommander) provides basic vault access and administrative functions:
https://github.com/Keeper-Security/keeper-sdk-dotnet/tree/release/PowerCommander For more advanced command line capabilities, please refer to the Python-based Commander CLI.
Last modified 14d ago