keeper_secrets_manager 17.0.3

data/examples/debug_secrets.rb

@@ -0,0 +1,84 @@
+#!/usr/bin/env ruby
+
+# Add the Ruby SDK to the load path
+require_relative '../lib/keeper_secrets_manager'
+
+# Load the SDK
+require 'json'
+
+# Your token
+TOKEN = ENV['KSM_TOKEN'] || 'US:YOUR_ONE_TIME_TOKEN_HERE'
+
+puts "=== Debugging Keeper Secrets Manager ==="
+
+begin
+  # Connect to Keeper with debug logging
+  puts "\n1. Connecting to Keeper..."
+  # Option 1: Use base64 config
+  config_base64 = ENV['KSM_CONFIG_BASE64'] || 'YOUR_BASE64_CONFIG_HERE'
+  storage_from_b64 = KeeperSecretsManager::Storage::InMemoryStorage.new(config_base64)
+  sm = KeeperSecretsManager.new(config: storage_from_b64)
+  # Alternative: Use in-memory storage
+  # storage = KeeperSecretsManager::Storage::InMemoryStorage.new
+  # sm = KeeperSecretsManager.new(token: TOKEN, config: storage)
+  # 
+  # The storage now contains the credentials, so you can reuse it:
+  # sm2 = KeeperSecretsManager.new(config: storage)  # No token needed!
+  
+  # Get all secrets with raw response
+  puts "\n2. Fetching secrets (this calls the internal method)..."
+  
+  # Let's look at what the SDK is actually doing internally
+  # Get the raw response to see what's coming from the server
+  response = sm.instance_eval do
+    fetch_and_decrypt_secrets
+  end
+  
+  puts "\n3. Response Analysis:"
+  puts "   - Total records returned: #{response[:records].length}"
+  puts "   - Total folders returned: #{response[:folders].length}"
+  puts "   - Warnings: #{response[:warnings]}"
+  
+  # Check if there are any records at all
+  if response[:records].empty?
+    puts "\n   ⚠️  No Secrets Manager-compatible records found!"
+    puts "   The warning indicates you have 4 'general' type records."
+    puts "   These are not accessible via the Secrets Manager SDK."
+  else
+    puts "\n4. Records found:"
+    response[:records].each_with_index do |record, i|
+      puts "   #{i+1}. #{record.title} (Type: #{record.type}, UID: #{record.uid})"
+    end
+  end
+  
+  # Try to get records with specific UIDs from the warning
+  puts "\n5. Attempting to fetch specific UIDs from warning..."
+  warning_uids = ['AwOCl5W2RubtkFSuL72jXg', 'bX7uYVNsujLoPjrvEFA3Rg', 'gSnSFvd_UI9CnK_5kSZ85Q', 'wIT61_GnuBIpUOPxOrgPeQ']
+  
+  warning_uids.each do |uid|
+    begin
+      records = sm.get_secrets([uid])
+      if records.any?
+        puts "   ✓ Found: #{uid}"
+      else
+        puts "   ✗ Not accessible: #{uid} (general type)"
+      end
+    rescue => e
+      puts "   ✗ Error fetching #{uid}: #{e.message}"
+    end
+  end
+  
+  puts "\n6. Summary:"
+  puts "   - Your vault contains 'general' type records"
+  puts "   - These are legacy Keeper records not designed for API access"
+  puts "   - To use Secrets Manager, create records with specific types like:"
+  puts "     • login"
+  puts "     • databaseCredentials"
+  puts "     • sshKeys"
+  puts "     • serverCredentials"
+  puts "     • etc."
+  
+rescue => e
+  puts "\nError: #{e.message}"
+  puts e.backtrace.first(5).join("\n")
+end

data/examples/demo_list_secrets.rb

@@ -0,0 +1,182 @@
+#!/usr/bin/env ruby
+
+# This script demonstrates the Ruby SDK by listing all secrets in your vault
+# It uses the real config.base64 file to connect to Keeper
+
+require_relative 'lib/keeper_secrets_manager'
+require 'base64'
+require 'json'
+
+puts "=== Keeper Secrets Manager Ruby SDK Demo ==="
+puts "Connecting to Keeper and listing all secrets..."
+puts
+
+begin
+  # Load the real configuration
+  config_file = File.expand_path('config.base64', __dir__)
+  unless File.exist?(config_file)
+    puts "Error: config.base64 not found at #{config_file}"
+    exit 1
+  end
+
+  config_base64 = File.read(config_file).strip
+  config_json = Base64.decode64(config_base64)
+  config_data = JSON.parse(config_json)
+
+  # Display connection info (partial)
+  puts "Configuration loaded:"
+  puts "  Hostname: #{config_data['hostname']}"
+  puts "  Client ID: #{config_data['clientId'][0..30]}..."
+  puts "  Has appKey: #{config_data.key?('appKey')}"
+  puts "  Has privateKey: #{config_data.key?('privateKey')}"
+  puts "  Has serverPublicKeyId: #{config_data['serverPublicKeyId']}"
+  puts
+
+  # Create storage and SDK instance
+  storage = KeeperSecretsManager::Storage::InMemoryStorage.new(config_data)
+  
+  # Enable debug logging
+  require 'logger'
+  logger = Logger.new(STDOUT)
+  logger.level = Logger::DEBUG
+  
+  secrets_manager = KeeperSecretsManager.new(config: storage, logger: logger, log_level: Logger::DEBUG)
+
+  # Get all secrets
+  puts "Fetching all secrets..."
+  records = secrets_manager.get_secrets
+  
+  if records.empty?
+    puts "\nNo secrets found in the vault."
+  else
+    puts "\nFound #{records.length} secret(s):"
+    puts "-" * 80
+    
+    records.each_with_index do |record, index|
+      puts "\n#{index + 1}. #{record.title}"
+      puts "   UID: #{record.uid}"
+      puts "   Type: #{record.type}"
+      
+      # Show fields (hide sensitive values)
+      if record.fields.any?
+        puts "   Fields:"
+        record.fields.each do |field|
+          field_type = field['type']
+          field_label = field['label'] ? " (#{field['label']})" : ""
+          
+          # Show field info but mask sensitive data
+          case field_type
+          when 'login', 'email'
+            value = record.get_field_value_single(field_type)
+            puts "     - #{field_type}#{field_label}: #{value}"
+          when 'password', 'secret', 'privateKey'
+            puts "     - #{field_type}#{field_label}: [HIDDEN]"
+          when 'url'
+            values = record.get_field_value(field_type)
+            if values.length == 1
+              puts "     - #{field_type}#{field_label}: #{values.first}"
+            else
+              puts "     - #{field_type}#{field_label}: #{values.length} URLs"
+            end
+          when 'host'
+            host = record.get_field_value_single(field_type)
+            if host.is_a?(Hash)
+              puts "     - #{field_type}#{field_label}: #{host['hostName']}:#{host['port'] || '22'}"
+            end
+          when 'phone'
+            phone = record.get_field_value_single(field_type)
+            if phone.is_a?(Hash)
+              puts "     - #{field_type}#{field_label}: #{phone['number']} (#{phone['region']})"
+            end
+          when 'name'
+            name = record.get_field_value_single(field_type)
+            if name.is_a?(Hash)
+              full_name = [name['first'], name['middle'], name['last']].compact.join(' ')
+              puts "     - #{field_type}#{field_label}: #{full_name}"
+            end
+          else
+            puts "     - #{field_type}#{field_label}: [#{field['value']&.length || 0} value(s)]"
+          end
+        end
+      end
+      
+      # Show custom fields
+      if record.custom.any?
+        puts "   Custom Fields:"
+        record.custom.each do |field|
+          label = field['label'] || field['type']
+          value_count = field['value']&.length || 0
+          puts "     - #{label}: [#{value_count} value(s)]"
+        end
+      end
+      
+      # Show notes (first 50 chars)
+      if record.notes && !record.notes.empty?
+        notes_preview = record.notes[0..50]
+        notes_preview += "..." if record.notes.length > 50
+        puts "   Notes: #{notes_preview}"
+      end
+      
+      # Show file count
+      if record.files && record.files.any?
+        puts "   Files: #{record.files.length} attachment(s)"
+      end
+    end
+    
+    puts "\n" + "-" * 80
+  end
+
+  # Get folders
+  puts "\nFetching folders..."
+  folders = secrets_manager.get_folders
+  
+  if folders.empty?
+    puts "No folders found."
+  else
+    puts "Found #{folders.length} folder(s):"
+    folders.each do |folder|
+      puts "  - #{folder.name} (#{folder.uid})"
+    end
+  end
+
+  # Demonstrate notation
+  if records.any?
+    puts "\n" + "=" * 80
+    puts "Notation Examples (using first record):"
+    puts "=" * 80
+    
+    first_record = records.first
+    
+    # Try various notations
+    notations = [
+      "keeper://#{first_record.uid}/type",
+      "keeper://#{first_record.uid}/title",
+      "keeper://#{first_record.uid}/field/login"
+    ]
+    
+    notations.each do |notation|
+      begin
+        value = secrets_manager.get_notation(notation)
+        puts "#{notation}"
+        puts "  => #{value}"
+      rescue => e
+        puts "#{notation}"
+        puts "  => Error: #{e.message}"
+      end
+    end
+  end
+
+  puts "\n✅ SDK is working correctly!"
+  puts "\nCapabilities demonstrated:"
+  puts "- ✓ Connected to Keeper"
+  puts "- ✓ Retrieved all secrets"
+  puts "- ✓ Accessed field values"
+  puts "- ✓ Listed folders"
+  puts "- ✓ Notation parsing"
+
+rescue => e
+  puts "\n❌ Error: #{e.class} - #{e.message}"
+  puts "\nBacktrace:"
+  puts e.backtrace.first(5).join("\n")
+  exit 1
+end

data/examples/download_files.rb

@@ -0,0 +1,100 @@
+#!/usr/bin/env ruby
+
+# Add the Ruby SDK to the load path
+$LOAD_PATH.unshift('/Users/mustinov/Source/secrets-manager/sdk/ruby/lib')
+
+# Load the SDK
+require 'keeper_secrets_manager'
+require 'fileutils'
+
+# Helper method to sanitize filename
+def sanitize_filename(filename)
+  # Remove or replace invalid characters
+  filename.gsub(/[<>:"|?*\/\\]/, '_').strip
+end
+
+begin
+  # Connect to Keeper
+  puts "Connecting to Keeper..."
+  # IMPORTANT: Replace with your own configuration
+  # Option 1: Use one-time token
+  # token = 'US:YOUR_ONE_TIME_TOKEN_HERE'
+  # sm = KeeperSecretsManager.from_token(token)
+  #
+  # Option 2: Use base64 config
+  config_base64 = ENV['KSM_CONFIG_BASE64'] || 'YOUR_BASE64_CONFIG_HERE'
+  storage_from_b64 = KeeperSecretsManager::Storage::InMemoryStorage.new(config_base64)
+  sm = KeeperSecretsManager.new(config: storage_from_b64)
+
+  # Get all secrets
+  puts "\nFetching secrets..."
+  response = sm.get_secrets(full_response: true)
+  secrets = response.records
+
+  # Find secrets with files
+  secrets_with_files = secrets.select { |s| s.files && s.files.any? }
+  
+  if secrets_with_files.empty?
+    puts "\nNo secrets with files found."
+    exit
+  end
+
+  puts "\nFound #{secrets_with_files.length} secrets with files:"
+  
+  # Create downloads directory
+  download_dir = "downloads"
+  FileUtils.mkdir_p(download_dir)
+  
+  total_files = 0
+  downloaded_files = 0
+  failed_files = 0
+  
+  secrets_with_files.each do |secret|
+    puts "\n📁 #{secret.title} (#{secret.files.length} files)"
+    
+    secret.files.each do |file|
+      total_files += 1
+      file_name = file['title'] || file['name'] || 'unnamed'
+      file_size = file['size'] || 0
+      file_uid = file['fileUid'] || file['uid']
+      
+      print "   - #{file_name} (#{file_size} bytes) ... "
+      
+      if file_uid
+        begin
+          # Download the file (pass the whole file object)
+          downloaded_file = sm.download_file(file)
+          
+          # Create subdirectory for the secret
+          secret_dir = File.join(download_dir, sanitize_filename(secret.title))
+          FileUtils.mkdir_p(secret_dir)
+          
+          # Save the file (sanitize the filename to remove path components)
+          safe_filename = File.basename(downloaded_file['name'] || file_name)
+          file_path = File.join(secret_dir, safe_filename)
+          File.binwrite(file_path, downloaded_file['data'])
+          
+          downloaded_files += 1
+          puts "✅ Saved"
+        rescue => e
+          failed_files += 1
+          puts "❌ Failed: #{e.message}"
+        end
+      else
+        failed_files += 1
+        puts "❌ No file UID"
+      end
+    end
+  end
+  
+  puts "\n" + "=" * 60
+  puts "Download Summary:"
+  puts "  Total files: #{total_files}"
+  puts "  ✅ Downloaded: #{downloaded_files}"
+  puts "  ❌ Failed: #{failed_files}"
+  puts "\nFiles saved to: #{File.expand_path(download_dir)}/"
+  
+rescue => e
+  puts "\nError: #{e.message}"
+  puts e.backtrace
+end

data/examples/flexible_records_example.rb

@@ -0,0 +1,94 @@
+#!/usr/bin/env ruby
+
+require_relative '../lib/keeper_secrets_manager'
+
+# Example showing flexible record creation in multiple ways
+
+# Method 1: Direct hash-based creation (JavaScript-style)
+record1 = KeeperSecretsManager::Dto::KeeperRecord.new(
+  title: 'My Login',
+  type: 'login',
+  fields: [
+    { 'type' => 'login', 'value' => ['my_username'] },
+    { 'type' => 'password', 'value' => ['my_password'] },
+    { 'type' => 'url', 'value' => ['https://example.com'] },
+    { 
+      'type' => 'host', 
+      'value' => [{ 'hostName' => '192.168.1.1', 'port' => '8080' }],
+      'label' => 'Custom Host'
+    }
+  ],
+  custom: [
+    {
+      'type' => 'phone',
+      'value' => [{ 'region' => 'US', 'number' => '555-1234' }],
+      'label' => 'Work Phone'
+    }
+  ],
+  notes: 'Example login record'
+)
+
+# Method 2: Using field helpers (optional convenience)
+record2 = KeeperSecretsManager::Dto::KeeperRecord.new(
+  title: 'My Server',
+  type: 'sshKeys'
+)
+
+# Add fields dynamically
+record2.set_field('login', 'root')
+record2.set_field('sshKey', { 
+  'privateKey' => '-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----',
+  'publicKey' => 'ssh-rsa AAAAB3...'
+})
+
+# Method 3: Using dynamic accessors (Ruby magic)
+record3 = KeeperSecretsManager::Dto::KeeperRecord.new(
+  title: 'Dynamic Record',
+  type: 'login'
+)
+
+# These create fields dynamically!
+record3.login = 'john_doe'
+record3.password = 'secure_pass123'
+record3.url = 'https://myapp.com'
+
+# Method 4: Mixing approaches
+record4 = KeeperSecretsManager::Dto::KeeperRecord.new(
+  title: 'Payment Info',
+  type: 'bankCard'
+)
+
+# Use helper for complex field
+card_field = KeeperSecretsManager::FieldTypes::Helpers.payment_card(
+  number: '4111111111111111',
+  expiration_date: '12/25',
+  security_code: '123',
+  cardholder_name: 'John Doe'
+)
+
+# Add to record
+record4.fields << card_field.to_h
+
+# Add custom field with any structure
+record4.set_field('customData', {
+  'someKey' => 'someValue',
+  'nested' => {
+    'data' => 'structure'
+  }
+}, 'My Custom Data', true)  # true = custom field
+
+# Access field values
+puts "Login: #{record1.get_field_value_single('login')}"
+puts "Password field: #{record1.get_field('password')}"
+puts "All custom fields: #{record1.custom}"
+
+# Dynamic accessor
+puts "URL from record3: #{record3.url}"
+
+# Access complex field values
+host_field = record1.get_field_value_single('host')
+puts "Host: #{host_field['hostName']}:#{host_field['port']}" if host_field
+
+# Convert to hash for API
+puts "\nRecord as hash for API:"
+puts record1.to_h.to_json

data/examples/folder_hierarchy_demo.rb

@@ -0,0 +1,109 @@
+#!/usr/bin/env ruby
+
+require_relative '../lib/keeper_secrets_manager'
+
+# This example demonstrates folder hierarchy functionality in the Ruby SDK
+
+begin
+  # Initialize client (assumes KSM_CONFIG environment variable is set)
+  client = KeeperSecretsManager.new
+  
+  puts "=== Folder Hierarchy Demo ==="
+  puts ""
+  
+  # Get all folders
+  folders = client.get_folders
+  puts "Found #{folders.length} folders"
+  puts ""
+  
+  # Get folder manager for advanced operations
+  fm = client.folder_manager
+  
+  # Build and display folder tree
+  puts "Folder Tree Structure:"
+  puts "-" * 40
+  fm.print_tree
+  puts ""
+  
+  # Demonstrate path retrieval
+  if folders.any?
+    first_folder = folders.first
+    path = client.get_folder_path(first_folder.uid)
+    puts "Path to '#{first_folder.name}': #{path}"
+    
+    # Show ancestors
+    ancestors = fm.get_ancestors(first_folder.uid)
+    if ancestors.any?
+      puts "Ancestors of '#{first_folder.name}':"
+      ancestors.each { |a| puts "  - #{a.name}" }
+    else
+      puts "No ancestors (root folder or orphan)"
+    end
+    
+    # Show descendants
+    descendants = fm.get_descendants(first_folder.uid)
+    if descendants.any?
+      puts "Descendants of '#{first_folder.name}':"
+      descendants.each { |d| puts "  - #{d.name}" }
+    else
+      puts "No descendants (leaf folder)"
+    end
+  end
+  
+  puts ""
+  
+  # Find folder by name
+  puts "Searching for folders:"
+  puts "-" * 40
+  
+  # Example: Find a folder named "Personal"
+  personal = client.find_folder_by_name("Personal")
+  if personal
+    puts "Found folder 'Personal' with UID: #{personal.uid}"
+    puts "Path: #{client.get_folder_path(personal.uid)}"
+  else
+    puts "No folder named 'Personal' found"
+  end
+  
+  # Get all records organized by folder
+  puts ""
+  puts "Records by Folder:"
+  puts "-" * 40
+  
+  response = client.get_secrets
+  
+  # Group records by folder
+  records_by_folder = {}
+  root_records = []
+  
+  response.records.each do |record|
+    if record.folder_uid && !record.folder_uid.empty?
+      records_by_folder[record.folder_uid] ||= []
+      records_by_folder[record.folder_uid] << record
+    else
+      root_records << record
+    end
+  end
+  
+  # Display root records
+  if root_records.any?
+    puts "Root Records (no folder):"
+    root_records.each { |r| puts "  - #{r.title}" }
+    puts ""
+  end
+  
+  # Display records in each folder
+  folders.each do |folder|
+    folder_records = records_by_folder[folder.uid]
+    if folder_records && folder_records.any?
+      path = client.get_folder_path(folder.uid)
+      puts "Records in '#{path}':"
+      folder_records.each { |r| puts "  - #{r.title}" }
+      puts ""
+    end
+  end
+  
+rescue => e
+  puts "Error: #{e.message}"
+  puts e.backtrace.first(5).join("\n")
+end