secrets-manager
secrets-manager copied to clipboard
Keeper-Security
Python SDK - get a list of records from a shared folder based on folder name
Hello, please excuse the bonehead question but is there a nice way to get a list of Keeper records based on the name of a shared folder?
e.g. if in my keeper vault I have a shared folder called "myfolder" containing two records, "secret1" and "secret2" is there a way that I can sensibly invoke https://github.com/Keeper-Security/secrets-manager/blob/master/sdk/python/core/keeper_secrets_manager_core/dto/dtos.py#L269-L290 to get it to spit out the folder representation and the secrets so I can go:
myfolder = SecretsManager.folder_by_name("myfolder")
for secret in myfolder.records:
print(secret.uid)
Folder management is on the roadmap but still work in progress. Secrets manager clients and SDKs will start adding new features as soon as back-end release with KSM folder management goes live.
@heretic098 right now the payload from the backend returns Shared Folder UID, not title yet. Here is an example code that shows how to get records in the Shared Folders, listing Shared Folder UID:
resp = secrets_manager.get_secrets(full_response=True)
for folder in resp.folders:
print(f'Shared Folder UID: {folder.uid}')
for record in folder.records:
print(f"\t{record.uid} - {record.title}")
Example output will look like this:
Shared Folder UID: OWyDV1XnTdpfxnlk-w0fLQ
KfCMYdaai2ignkAcQfXXfg - QA User 1
O_zJWnfE7SwVOKUtohRr6A - Office Code
pHVV9DQdmL0IKGb547Z9Yg - DB Resource
w7GRHJpKrYIG_IveAfDvgQ - Config Files
Shared Folder UID: 9qVjkUR6-WzA9aGFRKa69w
Jm1HKxKDCCAVXL8kdjKbMQ - MySQL Regular user
mm9wuCFQBQK6glG-e1xPmQ - MySQL (root)
I will create a feature request to add Shared Folder title to the response from the backend.
Thanks, @maksimu , this did work. I'd be interested in whatever the issue number, ticket number whatever is for the feature request for the backend. I'm happy for you to close this issue if it's not useful to keep it open.
With the release of KSM CLI 1.1.3 you can now list secrets in any folder or filter records by matching a JSON Path query release notes download
With the release of KSM CLI 1.1.3 you can now list secrets in any folder or filter records by matching a JSON Path query release notes download
I'm currently trying to use the KSM CLI now and the JSON Path query function may as well not even be there, for all the good it does. The only path that seems to return any data is '$'. If I try to specify a folder (eg: '$.certificates') I get nothing.
Additionally, it should at least be possible to enumerate the folders so we can figure out what UID we need. As it stands, the only way to get a UID is by manually going into the Vault GUI by hand and compiling a list of folders with their associated UIDs. That's just absurd.
ksm secret list command supports following options
-f, --folder <folder UID> List only records in the selected folder UID.
-r, --recursive list recursively all records in the selected folder UID including all subfolders.
-q, --query <JSONPath Query> List only records matching the JSON Path query.
-v, --show-value print matching value instead of the record title when using JSON Path query.
where -q, --query option is for the path inside the record data - ex. --query '$.fields[?(@.type=="password")].value' will list only secrets that have a value in the password field and you can use -v, --show-value to optionally print the field value instead of record title.
You can have all options active -f -r -q -v that means print record UIDs and values of all records matching the JSONPath query inside a folder (and all its sub-folders if -r present)
That explanation and example needs to be added to the documentation. For anyone new to the system, it's not at all obvious.