Skip to content

Release#2165

Merged
sk-keeper merged 18 commits into
masterfrom
release
Jun 23, 2026
Merged

Release#2165
sk-keeper merged 18 commits into
masterfrom
release

Conversation

@sk-keeper

Copy link
Copy Markdown
Collaborator

No description provided.

lthievenaz-keeper and others added 14 commits June 12, 2026 20:36
* Add support for port mapping

If connection has empty port, it will default to the ports defined in this file (can be customized for custom default ports)
Also added new parameter allow-file-uploads for RBI

* Support empty user/ports and other improvements

If a KCM connection has no user, the export will log the record for future process.
If a KCM connection has no port, it will default to the port mapping defined in KCM_mappings.json
Fixed a duplication issue of SFTP parameters caused by a reference error.
Set the autodocker docker-file location as default
Reworked how logged records are displayed on output file.
* Add secret-ids argument for thycotic import

Add secret-ids arg to import command, to use for debugging Thycotic secret IDs

* Pass secret-ids arg from import command to thycotic import

Pass secret-ids arg from import command to thycotic import so it can be handled in the Thycotic import

* Add handling for secret-ids arg in Thycotic import

If user sets secret-ids, the import will:
- Check if any of those IDs have come up in the lookup and would have been imported.
- Import only the secret-ids set

This is useful for debugging, because the lookup API may not return all Thycotic secrets - eg if there a security policy on them, but they may still be fetched.

Usage:
String (comma separated IDs)
`import --format thycotic server_name --secret-ids "123, 124,125"`
Python List (strings or integers)
`secret_ids=[123, 124, 125]`

* Correct secret_ids check

Fix conditional logic so import continues if no secret ids are specified

---------

Co-authored-by: lthievenaz-keeper <lthievenaz@keepersecurity.com>
…, rename Supershell Drive folder labels, and standardize list record_category

Fixed nsf-share-folder and nsf-share-record expiration updates, enforced a
one-minute minimum on NSF and classic share commands, standardized list/search
record_category to lowercase classic/nested, and renamed Supershell Drive
folder labels to Nested Shared Folder (Shared) and (NonShared).
* Fix SQL injection in MSSQL password rotation and reject unsafe --password input

* allow / and . in login regex
KeeperApp and krouter require configurationUid on set_record_rotation; include PAM config UID, matching revision for existing rotation rows, and an explicit empty resourceUid so IAM semantics are not overridden by stale cache data.

Co-authored-by: Cursor <cursoragent@cursor.com>
* Add --online filter to pam gateway list with gateway totals.

Co-authored-by: Cursor <cursoragent@cursor.com>

* Add -o short option for pam gateway list --online.

Co-authored-by: Cursor <cursoragent@cursor.com>

---------

Co-authored-by: Cursor <cursoragent@cursor.com>
* Add secret-ids argument for thycotic import

Add secret-ids arg to import command, to use for debugging Thycotic secret IDs

* Pass secret-ids arg from import command to thycotic import

Pass secret-ids arg from import command to thycotic import so it can be handled in the Thycotic import

* Add handling for secret-ids arg in Thycotic import

If user sets secret-ids, the import will:
- Check if any of those IDs have come up in the lookup and would have been imported.
- Import only the secret-ids set

This is useful for debugging, because the lookup API may not return all Thycotic secrets - eg if there a security policy on them, but they may still be fetched.

Usage:
String (comma separated IDs)
`import --format thycotic server_name --secret-ids "123, 124,125"`
Python List (strings or integers)
`secret_ids=[123, 124, 125]`
…#2160)

* Add pam connection ai command for KeeperAI settings on PAM resources.

Implements show, set/unset, and remove with sparse DAG merges, configure_resource meta bootstrap, GSE_DELETION removal, and CLI warnings for duplicate or mirrored options.

Co-authored-by: Cursor <cursoragent@cursor.com>

* Extend pam connection ai to pamRemoteBrowser records.

Co-authored-by: Cursor <cursoragent@cursor.com>

---------

Co-authored-by: Cursor <cursoragent@cursor.com>
Adds --enabled/-e and --session-terminate/-st for resource-level aiEnabled and aiSessionTerminate. Routes on/off/default default resets through legacy DAG write because krouter mergeJson does not remove keys omitted from Layer-B payloads.

Co-authored-by: Cursor <cursoragent@cursor.com>
Comment thread keepercommander/commands/pam_import/keeper_ai_settings.py Dismissed
Comment thread keepercommander/commands/pam_import/keeper_ai_settings.py Dismissed
Comment thread keepercommander/commands/pam_import/keeper_ai_settings.py Dismissed
Comment thread keepercommander/commands/pam_import/keeper_ai_settings.py Dismissed
Comment thread keepercommander/commands/tunnel_and_connections.py Dismissed
Comment thread keepercommander/importer/thycotic/thycotic.py Dismissed
Comment thread keepercommander/importer/thycotic/thycotic.py Dismissed
Comment thread keepercommander/plugins/commands.py Dismissed
sk-keeper and others added 4 commits June 22, 2026 14:56
* Add vault-style passphrase generation with CLI overrides and validation

Introduce KeeperPassphraseGenerator using the bundled EFF word list and
wire it into generate --passphrase and :passphrase on record-add,
record-update, and nsf-record commands. Honor enterprise passphrase-* policy
fields with CLI/ overrides for word count, separator, capitals, and digit.

Add Vault-aligned passphrase validation in PasswordComplexityEnforcer so
passphrases that meet passphrase policy pass record commands without --force,
even when random password rules (upper-min, digit-min) would reject them.
Includes unit tests for generation, enforcement, and existing NSF coverage.

* Fix passphrase separator handling and document allowed separator characters

* Made capitals + digit on the first word as default

* addressed review comment
…lse parameters;

reject unknown  algorithms, trailing commas, and invalid separators instead of
silently falling back. Block record-add/update on  errors even with --force.
Comment thread keepercommander/commands/record_edit.py Dismissed
Comment thread keepercommander/generator.py Dismissed
Comment thread keepercommander/generator.py Dismissed
Comment thread keepercommander/generator.py Dismissed
@sk-keeper sk-keeper merged commit 8372b86 into master Jun 23, 2026
5 of 6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

7 participants