pip3 install -U keeper-secrets-manager-coreSecretsManager(token, config)
# At least one API call is required to complete token binding
get_secrets(uids=None)from keeper_secrets_manager_core import SecretsManager
from keeper_secrets_manager_core.storage import FileKeyValueStorage
secrets_manager = SecretsManager(
token='<One Time Access Token>',
config=FileKeyValueStorage('ksm-config.json')
)
# Required: completes token binding and populates the config file
secrets_manager.get_secrets()from keeper_secrets_manager_core import SecretsManager
from keeper_secrets_manager_core.storage import FileKeyValueStorage
# First run: provide a one-time token and a persistent storage path.
sm = SecretsManager(
token="US:BASE64_ONE_TIME_TOKEN",
config=FileKeyValueStorage("ksm-config.json")
)
records = sm.get_secrets() # Token is redeemed here; ksm-config.json is updated.
# Subsequent runs: omit the token. Stored credentials are used directly.
sm = SecretsManager(config=FileKeyValueStorage("ksm-config.json"))
records = sm.get_secrets()get_secrets(uids=None)from keeper_secrets_manager_core import SecretsManager
from keeper_secrets_manager_core.storage import FileKeyValueStorage
# setup secrets manger
secrets_manager = SecretsManager(
token='<One Time Access Token>',
config=FileKeyValueStorage('ksm-config.json')
)
# get all records
all_secrets = secrets_manager.get_secrets()
# print out all records
for secret in all_secrets:
print(secret.dict)from keeper_secrets_manager_core import SecretsManager
from keeper_secrets_manager_core.storage import FileKeyValueStorage
# setup secrets manger
secrets_manager = SecretsManager(
token='<One Time Access Token>',
config=FileKeyValueStorage('ksm-config.json')
)
# get a specific secret by record UID
secret = secrets_manager.get_secrets(['EG6KdJaaLG7esRZbMnfbFA'])[0]
# print out secret
print(secret.dict)secret.field('password', single=True)from keeper_secrets_manager_core import SecretsManager
from keeper_secrets_manager_core.storage import FileKeyValueStorage
# setup secrets manger
secrets_manager = SecretsManager(
token='<One Time Access Token>',
config=FileKeyValueStorage('ksm-config.json')
)
# get a specific secret by record UID
secret = secrets_manager.get_secrets(['<RECORD UID>'])[0]
# get password from record
my_secret_password = secret.field('password', single=True)secret.field(field_type, value=None, single=False)from keeper_secrets_manager_core import SecretsManager
from keeper_secrets_manager_core.storage import FileKeyValueStorage
# setup secrets manger
secrets_manager = SecretsManager(
token='<One Time Access Token>',
config=FileKeyValueStorage('ksm-config.json')
)
# get a specific secret by record UID
secret = secrets_manager.get_secrets(['<RECORD UID>'])[0]
# get login field from the secret
my_secret_login = secret.field("login", single=True)secret.custom_field(label, field_type=None, value=None, single=False)from keeper_secrets_manager_core import SecretsManager
from keeper_secrets_manager_core.storage import FileKeyValueStorage
# setup secrets manger
secrets_manager = SecretsManager(
token='<One Time Access Token>',
config=FileKeyValueStorage('ksm-config.json')
)
# get a specific secret by UID
secret = secrets_manager.get_secrets(['EG6KdJaaLG7esRZbMnfbFA'])[0]
# Get a standard template field
password = secret.field('password', single=True)
# Get a custom field, e.g. API Key
api_key = secret.custom_field('API Key', single=True)# get all matching records
get_secrets_by_title(record_title)
# get only the first matching record
get_secret_by_title(record_title)from keeper_secrets_manager_core import SecretsManager
from keeper_secrets_manager_core.storage import FileKeyValueStorage
# setup secrets manger
secrets_manager = SecretsManager(
config=FileKeyValueStorage('ksm-config.json'))
# get the first secret matching the record title
secret = secrets_manager.get_secret_by_title("My Credentials")
# get all secrets matching the record title
secrets = secrets_manager.get_secrets_by_title("My Credentials")get_notation(query)from keeper_secrets_manager_core import SecretsManager
from keeper_secrets_manager_core.storage import FileKeyValueStorage
# setup secrets manger
secrets_manager = SecretsManager(
token='<One Time Access Token>',
config=FileKeyValueStorage('ksm-config.json')
)
# get a specific standard field with Keeper Notation
password = secrets_manager.get_notation('EG6KdJaaLG7esRZbMnfbFA/field/password')
# get a specific custom field with Keeper Notation
custom_field_value = secrets_manager.get_notation('EG6KdJaaLG7esRZbMnfbFA/custom_field/my_field')get_totp_code(url)from keeper_secrets_manager_core import SecretsManager
from keeper_secrets_manager_core.storage import FileKeyValueStorage
from keeper_secrets_manager_core.utils import get_totp_code
# setup secrets manager
secrets_manager = SecretsManager(
token='<One Time Access Token>',
config=FileKeyValueStorage('ksm-config.json')
)
# get a specific secret by record UID
record = secrets_manager.get_secrets(['<RECORD UID>'])[0]
# get TOTP url value from the record
url = record.get_standard_field_value('oneTimeCode', True)
# get code from TOTP url
totp = get_totp_code(url)
print(totp.code)for record in records:
if record.type == "pamMachine":
host = record.field("pamHostname")[0] # {"hostName": ..., "port": ...}
elif record.type == "pamUser":
login = record.field("login")[0]
elif record.type == "pamDatabase":
db_type = record.field("databaseType")[0]from keeper_secrets_manager_core.dto.payload import QueryOptions
query_options = QueryOptions(
records_filter=['<RECORD UID>'],
folders_filter=None,
request_links=True
)
records = secrets_manager.get_secrets_with_options(query_options)
for link in records[0].get_links():
print(link.record_uid) # UID of the linked record
print(link.path) # None = credential link; "meta" = PAM settingsfrom keeper_secrets_manager_core import SecretsManager
from keeper_secrets_manager_core.storage import FileKeyValueStorage
from keeper_secrets_manager_core.dto.payload import QueryOptions
secrets_manager = SecretsManager(
config=FileKeyValueStorage('ksm-config.json')
)
query_options = QueryOptions(
records_filter=['<RECORD UID>'],
folders_filter=None,
request_links=True
)
records = secrets_manager.get_secrets_with_options(query_options)
for link in records[0].get_links():
print(f"Linked record: {link.record_uid} path: {link.path}")
# Credential link flags (path is None)
if link.path is None:
print(f" Admin user: {link.is_admin_user()}")
print(f" Launch credential: {link.is_launch_credential()}")
print(f" IAM user: {link.is_iam_user()}")
# PAM settings flags (path == "meta")
if link.path == "meta":
print(f" Allows rotation: {link.allows_rotation()}")
print(f" Allows connections: {link.allows_connections()}")save(record: KeeperRecord)from keeper_secrets_manager_core import SecretsManager
from keeper_secrets_manager_core.storage import FileKeyValueStorage
# setup secrets manger
secrets_manager = SecretsManager(
token='<One Time Access Token>',
config=FileKeyValueStorage('ksm-config.json')
)
# get a specific secret by UID
secret_to_update = secrets_manager.get_secrets(['EG6KdJaaLG7esRZbMnfbFA'])[0]
# update a field value
secret_to_update.field('login', value='new login')
# update non-field values
secret_to_update.title = "New Title"
secret_to_update.notes = "New Notes"
# save updated secret
secrets_manager.save(secret_to_update)from keeper_secrets_manager_core import SecretsManager
from keeper_secrets_manager_core.storage import FileKeyValueStorage
# setup secrets manger
secrets_manager = SecretsManager(
config=FileKeyValueStorage('ksm-config.json')
)
# get a specific secret by UID
secret = secrets_manager.get_secrets(['EG6KdJaaLG7esRZbMnfbFA'])[0]
# rotate password on the record
secret.field('password', value='new password')
# start a transaction
secrets_manager.save(secret, 'rotation')
# rotate password on remote host
success = rotate_remote_ssh_password('new password')
# complete the transaction - commit or rollback
secrets_manager.complete_transaction(secret.uid, rollback=not success)
secret.field(field_type, value=None, single=False)from keeper_secrets_manager_core import SecretsManager
from keeper_secrets_manager_core.storage import FileKeyValueStorage
# setup secrets manger
secrets_manager = SecretsManager(
token='<One Time Access Token>',
config=FileKeyValueStorage('ksm-config.json')
)
# get a specific secret by record UID
secret = secrets_manager.get_secrets(['<RECORD UID>'])[0]
# update login
secret.field("login", value="My New Login")
# save secret
secrets_manager.save(secret)secret.custom_field(label, field_type=None, value=None, single=False)from keeper_secrets_manager_core import SecretsManager
from keeper_secrets_manager_core.storage import FileKeyValueStorage
# setup secrets manger
secrets_manager = SecretsManager(
token='<One Time Access Token>',
config=FileKeyValueStorage('ksm-config.json')
)
# get a specific secret by UID
secret = secrets_manager.get_secrets(['EG6KdJaaLG7esRZbMnfbFA'])[0]
# Get a standard template field
password = secret.field('password', single=True)
# Set custom field 'API Key'
my_new_api_key = "wKridl2ULt20qGuiP3IY"
secret.custom_field('API Key', value=my_new_api_key)
# Save changes to the secret
secrets_manager.save(secret)generate_password(length, lowercase, uppercase, digits, special_characters, special_characterset)from keeper_secrets_manager_core import SecretsManager
from keeper_secrets_manager_core.storage import FileKeyValueStorage
from keeper_secrets_manager_core.utils import generate_password
# setup secrets manger
secrets_manager = SecretsManager(
token='<One Time Access Token>',
config=FileKeyValueStorage('ksm-config.json')
)
# get a specific secret by UID
secret = secrets_manager.get_secrets(['EG6KdJaaLG7esRZbMnfbFA'])[0]
# generate a random password
password = generate_password(special_characterset="@!#$%^&*<>?")
# update a record with new password
secret.field('password', value=password)
# Save changes to the secret
secrets_manager.save(secret)file.save_file(file_path, create_folders=False)# Save all files to a /tmp folder (create folder if does not exist)
for file in secret.files:
print("file: %s" % file)
file.save_file("/tmp/" + file.name, True)upload_file(owner_record, file: KeeperFileUpload)KeeperFileUpload.from_file(path, file_name=None, file_title=None, mime_type=None)from keeper_secrets_manager_core import SecretsManager
from keeper_secrets_manager_core.storage import FileKeyValueStorage
from keeper_secrets_manager_core.core import KeeperFileUpload
secrets_manager = SecretsManager(
config=FileKeyValueStorage('ksm-config.json')
)
# Get an individual secret by UID to attach the file to
UID_FILTER = 'XXX'
owner_record= secrets_manager.get_secrets([UID_FILTER])[0]
# Prepare file data for upload
my_file = KeeperFileUpload.from_file("./myFile.json", "myfile.json", "My File")
# Upload file attached to the owner record and get the file UID
file_uid = secrets_manager.upload_file(owner_record, file = my_file)secrets_manager.save(record, links_to_remove=['<FILE_UID>'])from keeper_secrets_manager_core import SecretsManager
from keeper_secrets_manager_core.storage import FileKeyValueStorage
secrets_manager = SecretsManager(
config=FileKeyValueStorage('ksm-config.json')
)
# Get a secret by UID
secret = secrets_manager.get_secrets(['<RECORD_UID>'])[0]
# Get file UIDs from the record
file_uids = [file.file_uid for file in secret.files]
print(f"Files to remove: {file_uids}")
# Remove specific files by UID
secrets_manager.save(secret, links_to_remove=file_uids)from keeper_secrets_manager_core import SecretsManager
from keeper_secrets_manager_core.storage import FileKeyValueStorage
secrets_manager = SecretsManager(
config=FileKeyValueStorage('ksm-config.json')
)
# Get a secret by UID
secret = secrets_manager.get_secrets(['<RECORD_UID>'])[0]
# Remove multiple specific files
files_to_remove = ['<FILE_UID_1>', '<FILE_UID_2>']
secrets_manager.save(secret, links_to_remove=files_to_remove)
# Or remove all files
all_file_uids = [file.file_uid for file in secret.files]
secrets_manager.save(secret, links_to_remove=all_file_uids)from keeper_secrets_manager_core.dto.dtos import RecordCreate,RecordField
record = RecordCreate(record_type='login', title='test_KSM')
record.fields = [
RecordField(field_type='login',value='test_login'),
RecordField(field_type='password',value='test_pwd')
]
secrets_manager.create_secret(folder_uid, record)from keeper_secrets_manager_core.dto.dtos import RecordCreate,RecordField
record = RecordCreate(record_type='login', title='test_KSM')
record.fields = [
RecordField(field_type='login',value='test_login'),
RecordField(field_type='password',value='test_pwd')
]
from keeper_secrets_manager_core.dto.payload import CreateOptions
create_options = CreateOptions(
folder_uid='shared_folder_uid',
subfolder_uid='user_folder_uid'
)
secrets_manager.create_secret_with_options(create_options, record)# create a new login record
new_login_record = RecordCreate('login', "Sample KSM Record: Python")
# fill in login and password fields
new_login_record.fields = [
RecordField(field_type='login', value='username@email.com'),
RecordField(field_type='password', value=generate_password())
]
# fill in notes
new_login_record.notes = 'This is a Python record creation example'
# create the new record and get its UID
record_uid = secrets_manager.create_secret('[FOLDER UID]', new_login_record)from keeper_secrets_manager_core import SecretsManager
from keeper_secrets_manager_core.storage import FileKeyValueStorage
from keeper_secrets_manager_core.dto.dtos import RecordCreate, RecordField
from keeper_secrets_manager_core.utils import generate_password
# setup secrets manger
secrets_manager = SecretsManager(
# token='US:XXXXXX',
config=FileKeyValueStorage('ksm-config.json')
)
custom_login = RecordCreate(record_type='Custom Login', title='Sample Custom Type KSM Record: Python')
custom_login.fields = [
RecordField(field_type='host',
value={'hostName': '127.0.0.1', 'port': '8080'},
label="My Custom Host lbl",
required=True),
RecordField(field_type='login',
value='login@email.com',
label='My Custom Login lbl',
required=True),
RecordField(field_type='password',
value=generate_password(),
label='My Custom Password lbl',
required=True),
RecordField(field_type='url',
value='http://localhost:8080/login',
label='My Login Page',
required=True),
RecordField(field_type='securityQuestion',
value={
'question': 'What is one plus one (write just a number)',
'answer': '2'
},
label='My Question 1',
required=True),
RecordField(field_type='phone',
value={
'region': 'US',
'number': '510-444-3333',
'ext': '2345',
'type': 'Mobile'},
label='My Phone Number'),
RecordField(field_type='date',
value=1641934793000,
label='My Date Lbl',
required=True),
RecordField(field_type='name',
value={
'first': 'John',
'middle': 'Patrick',
'last': 'Smith'},
label="My Custom Name lbl",
required=True),
RecordField(field_type='oneTimeCode',
value='otpauth://totp/Example:alice@google.com?secret=JBSWY3DPEHPK3PXP&issuer=Example',
label='My TOTP',
required=True)
]
custom_login.custom = [
RecordField(field_type='phone',
value={'region': 'US', 'number': '510-222-5555', 'ext': '99887', 'type': 'Mobile'},
label='My Custom Phone Lbl 1'),
RecordField(field_type='phone',
value={'region': 'US', 'number': '510-111-3333', 'ext': '45674', 'type': 'Mobile'},
label='My Custom Phone Lbl 2'),
]
custom_login.notes = "\tThis custom type record was created\n\tvia Python SDK copied from https://docs.keeper.io/secrets-manager/secrets-manager/developer-sdk-library/python-sdk"
record_uid = secrets_manager.create_secret('[FOLDER UID]', custom_login)secrets_manager.delete_secret(record_uids)from keeper_secrets_manager_core import SecretsManager
from keeper_secrets_manager_core.storage import FileKeyValueStorage
# setup secrets manger
secrets_manager = SecretsManager(
token='<One Time Access Token>',
config=FileKeyValueStorage('ksm-config.json')
)
# delete a specific secret by record UID
secrets_manager.delete_secret('EG6KdJaaLG7esRZbMnfbFA')secrets_manager = SecretsManager(
token='<One Time Access Token>',
config=FileKeyValueStorage('ksm-config.json'),
custom_post_function=KSMCache.caching_post_function
)from keeper_secrets_manager_core import SecretsManager
from keeper_secrets_manager_core.core import KSMCache, KSMHttpResponse
def caching_post_function(
url, transmission_key, encrypted_payload_and_signature, verify_ssl_certs=True, proxy_url=None
):
ksm_rs = SecretsManager.post_function(
url, transmission_key, encrypted_payload_and_signature, verify_ssl_certs
)
# Your custom caching logic here ...
# Make sure to always return a KSMHttpResponse object
return ksm_rsfrom keeper_secrets_manager_core import SecretsManager
from keeper_secrets_manager_core.core import KSMCache, KSMHttpResponse
from keeper_secrets_manager_core.storage import FileKeyValueStorage
from http import HTTPStatus
def caching_post_function(
url, transmission_key, encrypted_payload_and_signature, verify_ssl_certs=True, proxy_url=None
):
ksm_rs = SecretsManager.post_function(
url, transmission_key, encrypted_payload_and_signature, verify_ssl_certs
)
if ksm_rs.status_code < 400:
KSMCache.save_cache(transmission_key.key + ksm_rs.data)
return ksm_rs
# KSMCache can be empty
cached_data = KSMCache.get_cached_data()
cached_transmission_key = cached_data[:32]
transmission_key.key = cached_transmission_key
data = cached_data[32 : len(cached_data)]
new_rs = KSMHttpResponse(HTTPStatus.OK, data, None)
return new_rs
secrets_manager = SecretsManager(
config=FileKeyValueStorage('ksm-config.json'),
verify_ssl_certs=False,
custom_post_function=caching_post_function
)get_folders()from keeper_secrets_manager_core import SecretsManager
from keeper_secrets_manager_core.storage import FileKeyValueStorage
secrets_manager = SecretsManager(config=FileKeyValueStorage('ksm-config.json'))
folders = secrets_manager.get_folders()create_folder(create_options: CreateOptions, folder_name: str, folders=None)from keeper_secrets_manager_core import SecretsManager
from keeper_secrets_manager_core.core import CreateOptions
from keeper_secrets_manager_core.storage import FileKeyValueStorage
secrets_manager = SecretsManager(config=FileKeyValueStorage('ksm-config.json'))
co = CreateOptions(folder_uid="[PARENT_SHARED_FOLDER_UID]", subfolder_uid="")
new_folder_uid = secrets_manager.create_folder(co, "new_folder")update_folder(folder_uid: str, folder_name: str, folders=None)from keeper_secrets_manager_core import SecretsManager
from keeper_secrets_manager_core.storage import FileKeyValueStorage
secrets_manager = SecretsManager(config=FileKeyValueStorage('ksm-config.json'))
secrets_manager.update_folder("[FOLDER_UID]", "new_folder_name")delete_folder(folder_uids: List[str], force_deletion: bool = False)from keeper_secrets_manager_core import SecretsManager
from keeper_secrets_manager_core.storage import FileKeyValueStorage
secrets_manager = SecretsManager(config=FileKeyValueStorage('ksm-config.json'))
secrets_manager.delete_folder(["[FOLDER_UID1]", "[FOLDER_UID2]"], True)HTTPS_PROXY=https://yourproxy:8888 python main.pysecrets_manager = SecretsManager(
config=FileKeyValueStorage('ksm-config.json'),
proxy_url="https://yourproxy:8888"
)https://username:pass@yourproxy:8888from keeper_secrets_manager_core import SecretsManager
from keeper_secrets_manager_core.storage import FileKeyValueStorage
secrets_manager = SecretsManager(
token='REGION:ONE_TIME_TOKEN',
server_public_key='<url-safe-base64-EC-P256-public-key>',
server_public_key_id='<numeric-key-id>',
config=FileKeyValueStorage('ksm-config.json'),
){
"serverPublicKey": "<url-safe-base64-EC-P256-public-key>",
"serverPublicKeyId": "<key-id>"
}


