Developer SDKs

Installation
Java
Kotlin
JavaScript
Python
.Net
GoLang
Reference the maven repository for snapshots:
repositories {
    mavenCentral()
    maven { url "https://s01.oss.sonatype.org/content/groups/public/" }
}
Add the following dependency to your project: 
com.keepersecurity.secrets-manager:core:16.0.1-SNAPSHOT
Reference the maven repository for snapshots:
repositories {
    mavenCentral()
    maven("https://s01.oss.sonatype.org/content/groups/public/")
}
Add the following dependency to your project: 
com.keepersecurity.secrets-manager:core:16.0.1-SNAPSHOT
npm install @keeper-security/secrets-manager-core
1
pip3 install -U keeper-secrets-manager-core
Copied!
dotnet add package Keeper.SecretsManager
1
import (
2
	ksm "github.com/keeper-security/secrets-manager-go/core"
3
	klog "github.com/keeper-security/secrets-manager-go/core/logger"
4
)
Copied!
​
Authentication
The Secrets Manager SDK authenticates to the Keeper Vault using either the One Time Access Token or using the generated keys within the local configuration file.  To generate one or more One Time Access Tokens from Commander CLI use the secrets-manager client add command.
1
$ keeper shell
2
​
3
... login ...
4
​
5
My Vault> secrets-manager client add --app MyApplication --unlock-ip
Copied!
Initialization
Java
Kotlin
JavaScript
Python
.Net
GoLang
1
import com.keepersecurity.secretsManager.core.*;
2
import static com.keepersecurity.secretsManager.core.SecretsManager.*;
3
import java.io.FileOutputStream;
4
​
5
// oneTimeToken is used only once to initialize the storage
6
// after the first run, subsequent calls will use config.json
7
String oneTimeToken = "<One Time Access Token>";
8
KeyValueStorage storage = new LocalConfigStorage("config.json");
9
try {
10
    initializeStorage(storage, oneTimeToken, "keepersecurity.com");
11
    SecretsManagerOptions options = 
12
       new SecretsManagerOptions(storage);
13
    KeeperSecrets secrets = getSecrets(options);
14
    System.out.println(secrets.getRecords());
15
  
16
    // get the password from the first record
17
    KeeperRecord firstRecord = secrets.getRecords().get(0);
18
    String firstRecordPassword = firstRecord.getPassword();
19
    System.out.println(firstRecordPassword);
20
 } catch (Exception e) {
21
    System.out.println(e.getMessage());
22
 }
Copied!
1
import com.keepersecurity.secretsManager.core.*
2
import java.io.FileOutputStream
3
​
4
// oneTimeToken is used only once to initialize the storage
5
// after the first run, subsequent calls will use config.json
6
val oneTimeToken = "<One Time Access Token>";
7
val storage: KeyValueStorage = LocalConfigStorage("config.json")
8
try {
9
    initializeStorage(storage, oneTimeToken, "keepersecurity.com")
10
    val options = SecretsManagerOptions(storage)
11
    val (records) = getSecrets(options)
12
    println(records)
13
​
14
    // get the password from the first record
15
    val firstRecord = records[0]
16
    val firstRecordPassword = firstRecord.getPassword()
17
    println(firstRecordPassword)
18
} catch (e: Exception) {
19
    println(e.message)
20
}
Copied!
1
const {
2
    getSecrets,
3
    initializeStorage,
4
    localConfigStorage,
5
    downloadFile,
6
    updateSecret
7
} = require('@keeper-security/secrets-manager-core')
8
​
9
const fs = require("fs")
10
​
11
const oneTimeToken = '9XJIPhkOA40-SFAA2dXQRniqfH-lzj38gec2dDh0u1U'
12
​
13
const getKeeperRecords = async () => {
14
    const storage = localConfigStorage("config.json")
15
    await initializeStorage(storage, oneTimeToken, 'keepersecurity.com')
16
    const {records} = await getSecrets({storage: storage})
17
    console.log(records)
18
​
19
    const firstRecord = records[0]
20
    const firstRecordPassword = firstRecord.data.fields.find(x => x.type === 'password')
21
    console.log(firstRecordPassword.value[0])
22
}
23
​
24
getKeeperRecords().finally()
Copied!
1
from keeper_secrets_manager_core import SecretsManager
2
from keeper_secrets_manager_core.storage import FileKeyValueStorage
3
​
4
secrets_manager = SecretsManager(
5
    hostname='keepersecurity.com',
6
    token='<One Time Access Token>',
7
    config=FileKeyValueStorage('config.json')
8
)
Copied!
1
using System;
2
using SecretsManager;
3
​
4
var oneTimeToken = "<One Time Access Token>";
5
var storage = new LocalConfigStorage("config.json");
6
try {
7
    SecretsManagerClient.InitializeStorage(storage, oneTimeToken, "keepersecurity.com");
8
    var options = new SecretsManagerOptions(storage);
9
    var records = (await SecretsManagerClient.GetSecrets(options)).Records;
10
    Console.WriteLine(quot;Received {records.Length} record(s)");
11
    
12
    // get the password from the first record
13
    var firstRecord = records[0];
14
    var password = records[0].FieldValue("password").ToString();
15
    Console.WriteLine(quot;Password: {password}");
16
} catch (Exception e) {
17
    Console.WriteLine(e);
18
}
Copied!
1
hostname := "keepersecurity.com"
2
token := "<One Time Access Token>"
3
verifySslCerts := true
4
sm := ksm.NewSecretsManagerFromSettings(token, hostname, verifySslCerts)
Copied!
This initialization code will create a configuration file on the device local storage.
Field
Description
hostname
The destination host where your Enterprise tenant is located:

keepersecurity.com
keepersecurity.eu
keepersecurity.com.au
govcloud.keepersecurity.us
token
One Time Access Token generated from Commander or Vault UI
config
Filename to store the local config
After initialization, the config file will contain a few more generated keys:
Config Name
Description
appKey
Application Private Key (AES-256)
clientID
Unique Client Device Identifier
privateKey
Client Device Private Key (ECC secp256r1)
Retrieve All Secrets
Java
Kotlin
JavaScript
Python
.Net
GoLang
1
KeeperSecrets secrets = getSecrets(options);
2
List<KeeperRecord> records = secrets.getRecords();
Copied!
1
val (records) = getSecrets(options)
Copied!
1
const {records} = await getSecrets({storage: storage})
Copied!
1
all_records = secrets_manager.get_secrets()
2
​
3
# print out all record JSON data
4
for secret in all_records:
5
    print(secret.dict)
6
​
Copied!
1
var records = (await SecretsManagerClient.GetSecrets(options)).Records;
Copied!
1
allRecords, err := sm.GetSecrets([]string{})
Copied!
Retrieve One Individual Secret
In this example, the Record UID is XXX
Java
Kotlin
JavaScript
Python
.Net
GoLang
1
KeeperSecrets secrets = getSecrets(options, Arrays.asList("XXX"));
2
List<KeeperRecord> records = secrets.getRecords();
3
KeeperRecord firstRecord = records.get(0);
Copied!
1
val (records) = getSecrets(options, listOf("XXX"));
Copied!
1
const {records} = await getSecrets({storage: storage}, ['XXX'])
Copied!
1
secret = secrets_manager.get_secrets(['XXX'])[0]
2
​
3
# Show all fields and custom fields
4
print(mysql_secret.dict)
5
​
6
# Get a standard template field
7
password = secret.field('password', single=True)
8
​
9
# Get a custom field, e.g. API Key
10
api_key = secret.custom_field('API Key', single=True)
Copied!
1
var records = (await SecretsManagerClient.GetSecrets(
2
        options, new[] { "XXX" })
3
    ).Records;
Copied!
1
record, err := sm.GetSecrets([]string{"XXX"}
Copied!
Retrieve a Password
Example to retrieve an individual record password field.
Java
Kotlin
JavaScript
Python
.Net
GoLang
1
secret.getPassword()
Copied!
1
secret.getPassword()
Copied!
1
secret.data.fields.find(x => x.type === 'password')
Copied!
1
secret.field('password', single=True)
Copied!
1
secret.FieldValue("password")
Copied!
1
secret.GetFieldValueByType("password")
Copied!
Download a File Attachment
Java
Kotlin
JavaScript
Python
.Net
GoLang
1
// download the first file from the first record
2
KeeperFile file = secrets.getRecords().get(0).getFileByName("acme.cer");
3
byte[] fileBytes = downloadFile(file);
4
try (FileOutputStream fos = new FileOutputStream(file.getData().getName())) {
5
    fos.write(fileBytes);
6
}
Copied!
1
// download the file from the 1st record
2
val file = records[0].getFileByName("acme.cer")
3
if (file != null) {
4
    val fileBytes = downloadFile(file)
5
    FileOutputStream(file.data.name).use { fos -> fos.write(fileBytes) }
6
}
Copied!
1
const file = firstRecord.files.find(x => x.data.name === 'acme.cer')
2
if (file) {
3
    const fileBytes = await downloadFile(file)
4
    fs.writeFileSync(file.data.name, fileBytes)
5
}
Copied!
1
# Save all files to a /tmp folder (create folder if does not exist)
2
for file in secret.files:
3
    print("file: %s" % file)
4
    file.save_file("/tmp/" + file.name, True)
Copied!
1
// download the file from the 1st record
2
var file = firstRecord.GetFileByName("acme.cer");
3
if (file != null)
4
{
5
    var fileBytes = SecretsManagerClient.DownloadFile(file);
6
    await File.WriteAllBytesAsync(file.Data.name, fileBytes);
7
}
Copied!
1
allRecords, err := sm.GetSecrets([]string{})
2
record := allRecords[0]
3
file := record.Files[0]
4
f.SaveFile("/tmp/"+f.Name, true)
Copied!
Update a Secret
Java
Kotlin
JavaScript
Python
.Net
GoLang
1
// update the password on the first record
2
firstRecord.updatePassword("aP1$t367QOCvL$eM$bG#");
3
updateSecret(options, firstRecord);
Copied!
1
// update the password on the first record
2
firstRecord.updatePassword("aP1\$t367QOCvL\$eM\$bG#")
3
updateSecret(options, firstRecord)
Copied!
1
// update the password on the first record
2
firstRecordPassword.value[0] = 'aP1$t367QOCvL$eM$bG#'
3
await updateSecret({storage: storage}, firstRecord)
Copied!
1
secret.password = 'NewPassword123#x27;
2
secrets_manager.save(secret)
Copied!
1
firstRecord.UpdateFieldValue("password", "aP1$t367QOCvL$eM$bG#");
2
await SecretsManagerClient.UpdateSecret(options, firstRecord);
Copied!
1
allRecords, err := sm.GetSecrets([]string{})
2
record := allRecords[0]
3
record.SetPassword("NewPassword123quot;)
Copied!
Script Integration
Keeper Secrets Manager CLI provides a wrapper function that executes any arbitrary system call and replaces environmental variables with values from the Keeper Vault.
​Secrets Manager CLI Exec Command​
.Net Vault SDK
Keeper also provides a .Net based Commander tool with a developer SDK for basic vault access and administrative functions that are outside of the scope of Secrets Manager:
​https://github.com/Keeper-Security/keeper-sdk-dotnet​
PowerShell CLI
Keeper's PowerShell command-line tool (PowerCommander) provides basic vault access and administrative functions:
​https://github.com/Keeper-Security/keeper-sdk-dotnet/tree/release/PowerCommander

For more advanced command line capabilities, please refer to the Python-based Commander CLI.
​
Misc Commands
Python SDK
Last modified 14d ago
Export as PDF
Copy link
Contents
Retrieve One Individual Secret
Retrieve a Password
Download a File Attachment