secrets-manager icon indicating copy to clipboard operation
secrets-manager copied to clipboard
verified publisher icon Keeper-Security

Missing Documentation or Functionality

Open tiwarishrijan opened this issue 1 year ago • 4 comments

I am unable to find any method where i can retrieve meta information about my secret in regards to who created it, when it was last modified etc. Do we have this functionality already in SDK or any alternative method i can use to retrieve ?

tiwarishrijan avatar Jul 30 '24 12:07 tiwarishrijan

For that you should use Commander Python or .NET SDKs, not Secrets Manager which was mainly designed to be a light weight SDK to work with record data only.

https://docs.keeper.io/secrets-manager/commander-cli/overview

idimov-keeper avatar Jul 30 '24 15:07 idimov-keeper

I maybe wrong but commander CLI need user login capability? Is there is a better way ? I will assume secret manager should expose its metadata as well so that i can use single construct.

Another problem with commander is the permission : Grant Commander SDK permissions to access Keeper by navigating to Admin Console -> Admin -> Roles -> [Select User's Role] -> Enforcement Policies -> Platform Restrictions -> Click on 'Enable' check box next to Commander SDK. Also note that if user has more than two roles assigned then the most restrictive policy from all the roles will be applied.

tiwarishrijan avatar Aug 06 '24 12:08 tiwarishrijan

I maybe wrong but commander CLI need user login capability?

In Commander you can configure Persistent login and use it in your automation scripts.

will assume secret manager should expose its metadata as well so that i can use single construct.

At this time we have no plans to expose any metadata via KSM, but I'll note that for our product team to consider it.

Another problem with commander is the permission : Grant Commander SDK permissions to access Keeper by navigating to Admin Console -> Admin -> Roles -> [Select User's Role] -> Enforcement Policies -> Platform Restrictions -> Click on 'Enable' check box next to Commander SDK. Also note that if user has more than two roles assigned then the most restrictive policy from all the roles will be applied.

Can you elaborate why that is a problem?

maksimu avatar Aug 06 '24 15:08 maksimu

In Commander you can configure Persistent login and use it in your automation scripts.

Please put a bit more context to it, so that users understand the difference of those products. I would like to see an official statement about the API endpoint performance KSM vs Commander. I tested to replace KSM with Commander persistent login. For me it seems like the Commander API endpoint is throttled really bad. Maybe to force better sales for KSM :-)

flybyray avatar Oct 15 '24 22:10 flybyray

For me it seems like the Commander API endpoint is throttled really bad. Maybe to force better sales for KSM :-)

Not really true, the Commanger uses the same APIs as our other clients, like Web Vault, Androing, and iOS clients. And those APIs require human interaction for device approval, where as KSM APIs were designed for Machine to Machine using One Time Token or Configuration authentication method.

And because KSM APIs designed for machines, they are more light weight and have more forgiving throttling than the once that Commander uses.

maksimu avatar Sep 15 '25 18:09 maksimu

We have answered the original question in this Github Issue. Closing for now. Feel free to reopen it if you are having any other questions.

maksimu avatar Sep 15 '25 19:09 maksimu