RubyGems - keeper_secrets_manager - Versions diffs - 17.0.3 - Mend

keeper_secrets_manager 17.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (36) hide show

checksums.yaml +7 -0
data/.rspec +3 -0
data/.ruby-version +1 -0
data/CHANGELOG.md +49 -0
data/Gemfile +13 -0
data/LICENSE +21 -0
data/README.md +305 -0
data/Rakefile +30 -0
data/examples/basic_usage.rb +139 -0
data/examples/config_string_example.rb +99 -0
data/examples/debug_secrets.rb +84 -0
data/examples/demo_list_secrets.rb +182 -0
data/examples/download_files.rb +100 -0
data/examples/flexible_records_example.rb +94 -0
data/examples/folder_hierarchy_demo.rb +109 -0
data/examples/full_demo.rb +176 -0
data/examples/my_test_standalone.rb +176 -0
data/examples/simple_test.rb +162 -0
data/examples/storage_examples.rb +126 -0
data/lib/keeper_secrets_manager/config_keys.rb +27 -0
data/lib/keeper_secrets_manager/core.rb +1231 -0
data/lib/keeper_secrets_manager/crypto.rb +348 -0
data/lib/keeper_secrets_manager/dto/payload.rb +152 -0
data/lib/keeper_secrets_manager/dto.rb +221 -0
data/lib/keeper_secrets_manager/errors.rb +79 -0
data/lib/keeper_secrets_manager/field_types.rb +152 -0
data/lib/keeper_secrets_manager/folder_manager.rb +114 -0
data/lib/keeper_secrets_manager/keeper_globals.rb +59 -0
data/lib/keeper_secrets_manager/notation.rb +354 -0
data/lib/keeper_secrets_manager/notation_enhancements.rb +67 -0
data/lib/keeper_secrets_manager/storage.rb +254 -0
data/lib/keeper_secrets_manager/totp.rb +140 -0
data/lib/keeper_secrets_manager/utils.rb +196 -0
data/lib/keeper_secrets_manager/version.rb +3 -0
data/lib/keeper_secrets_manager.rb +38 -0
metadata +82 -0

data/examples/full_demo.rb ADDED Viewed

@@ -0,0 +1,176 @@
+#!/usr/bin/env ruby
+require 'keeper_secrets_manager'
+require 'base64'
+require 'json'
+puts "=== Keeper Secrets Manager Ruby SDK Full Demo ==="
+puts "This demonstrates all working features of the Ruby SDK"
+puts "=" * 60
+# Load configuration
+config_file = File.join(File.dirname(__FILE__), '..', 'config.base64')
+unless File.exist?(config_file)
+  puts "ERROR: config.base64 not found"
+  exit 1
+end
+config_base64 = File.read(config_file).strip
+config_json = Base64.decode64(config_base64)
+config_data = JSON.parse(config_json)
+# Initialize SDK
+storage = KeeperSecretsManager::Storage::InMemoryStorage.new(config_data)
+secrets_manager = KeeperSecretsManager.new(config: storage)
+# 1. Authentication Test
+puts "\n1. AUTHENTICATION"
+puts "   ✅ Successfully authenticated with Keeper servers"
+puts "   ✅ Using ECDSA signatures"
+puts "   ✅ AES-GCM encryption active"
+# 2. List existing records
+puts "\n2. READING RECORDS"
+records = secrets_manager.get_secrets
+puts "   Found #{records.length} Secrets Manager compatible record(s)"
+if records.any?
+  records.each_with_index do |record, i|
+    puts "\n   Record ##{i + 1}:"
+    puts "   - Title: #{record.title}"
+    puts "   - UID: #{record.uid}"
+    puts "   - Type: #{record.type}"
+  end
+end
+# 3. List folders
+puts "\n3. LISTING FOLDERS"
+folders = secrets_manager.get_folders
+puts "   Found #{folders.length} folder(s)"
+if folders.any?
+  puts "\n   Available folders:"
+  folders.first(5).each do |folder|
+    puts "   - #{folder.name} (#{folder.uid})"
+  end
+  puts "   ... and #{folders.length - 5} more" if folders.length > 5
+end
+# 4. Create a test record
+puts "\n4. CREATING RECORDS"
+target_folder = folders.find { |f| f.uid == 'khq76ez6vkTRj3MqUiEGRg' }
+if target_folder
+  puts "   Using folder: #{target_folder.name}"
+  test_record = {
+    'type' => 'login',
+    'title' => "Ruby SDK Demo #{Time.now.strftime('%Y-%m-%d %H:%M')}",
+    'fields' => [
+      { 'type' => 'login', 'value' => ['demo@example.com'] },
+      { 'type' => 'password', 'value' => ['DemoPass123!'] },
+      { 'type' => 'url', 'value' => ['https://example.com'] },
+      { 'type' => 'text', 'label' => 'Custom Field', 'value' => ['Custom Value'] }
+    ],
+    'notes' => "Created by Ruby SDK demo at #{Time.now}",
+    'custom' => [
+      { 'type' => 'text', 'label' => 'Environment', 'value' => ['Production'] },
+      { 'type' => 'text', 'label' => 'API Key', 'value' => ['demo-api-key-123'] }
+    ]
+  }
+  options = KeeperSecretsManager::Dto::CreateOptions.new
+  options.folder_uid = target_folder.uid
+  begin
+    record_uid = secrets_manager.create_secret(test_record, options)
+    puts "   ✅ Successfully created record: #{record_uid}"
+    # 5. Notation examples
+    puts "\n5. KEEPER NOTATION"
+    # Try with existing records
+    if records.any?
+      first_record = records.first
+      puts "   Testing with existing record: #{first_record.title}"
+      title = secrets_manager.get_notation("keeper://#{first_record.uid}/title")
+      puts "   ✅ Title via notation: #{title}"
+      type = secrets_manager.get_notation("keeper://#{first_record.uid}/type")
+      puts "   ✅ Type via notation: #{type}"
+    else
+      puts "   ⚠️  No existing records to test notation with"
+    end
+  rescue => e
+    puts "   ❌ Error creating record: #{e.message}"
+  end
+else
+  puts "   ❌ Target folder not found"
+end
+# 6. Dynamic field access
+puts "\n6. DYNAMIC FIELD ACCESS (JavaScript-style)"
+if records.any?
+  record = records.first
+  puts "   Record: #{record.title}"
+  # Try common field accessors
+  if record.respond_to?(:login)
+    puts "   ✅ record.login = #{record.login}"
+  end
+  if record.respond_to?(:password)
+    puts "   ✅ record.password = [hidden]"
+  end
+  if record.respond_to?(:url)
+    puts "   ✅ record.url = #{record.url}"
+  end
+  # Custom fields
+  puts "   ✅ Dynamic field access via method_missing"
+else
+  puts "   Creating example record to demonstrate..."
+  example = KeeperSecretsManager::Dto::KeeperRecord.new(
+    'title' => 'Example Record',
+    'fields' => [
+      { 'type' => 'login', 'value' => ['user@example.com'] },
+      { 'type' => 'password', 'value' => ['secret123'] }
+    ]
+  )
+  puts "   ✅ example.login = #{example.login}"
+  puts "   ✅ example.password = [hidden]"
+  # Set new field using set_field method
+  example.set_field('api_key', 'new-api-key-456')
+  puts "   ✅ example.get_field_value_single('api_key') = new-api-key-456 (dynamically added)"
+end
+# 7. Storage options
+puts "\n7. STORAGE OPTIONS"
+puts "   ✅ InMemoryStorage - Currently in use"
+puts "   ✅ FileStorage - Save config to disk"
+puts "   ✅ EnvironmentStorage - Use environment variables"
+# 8. Summary
+puts "\n" + "=" * 60
+puts "SUMMARY: Ruby SDK Features"
+puts "=" * 60
+puts "✅ Authentication & Encryption working correctly"
+puts "✅ Read operations fully functional"
+puts "✅ Folder listing from dedicated endpoint"
+puts "✅ Record creation working"
+puts "✅ Dynamic, JavaScript-style DTOs"
+puts "✅ Keeper notation support"
+puts "✅ Multiple storage backends"
+puts "✅ Ruby 2.7+ compatible"
+puts "\n📝 Notes:"
+puts "- Client version currently using 'mr' prefix (temporary)"
+puts "- Will change to 'mb' after registration with Keeper"
+puts "- Some folders may show decryption errors (expected for certain folder types)"
+puts "\n🎉 The Ruby SDK is ready for use!"

data/examples/my_test_standalone.rb ADDED Viewed

@@ -0,0 +1,176 @@
+#!/usr/bin/env ruby
+# First, we need to add the SDK to Ruby's load path
+sdk_path = '/Users/mustinov/Source/secrets-manager/sdk/ruby/lib'
+$LOAD_PATH.unshift(sdk_path) unless $LOAD_PATH.include?(sdk_path)
+# Now we can require the SDK
+require 'keeper_secrets_manager'
+# Your token from Keeper
+TOKEN = 'US:3cJU7J7Wea97u4BauFmT2Aeeib3jciyYnqAyNryDDvE'
+# Initialize the SDK
+puts "Initializing Keeper SDK..."
+sm = KeeperSecretsManager.new(token: TOKEN)
+# Alternative: Use in-memory storage to reuse credentials
+# storage = KeeperSecretsManager::Storage::InMemoryStorage.new
+# sm = KeeperSecretsManager.new(token: TOKEN, config: storage)
+#
+# After first use, you can connect without token:
+# sm = KeeperSecretsManager.new(config: storage)
+puts "\n=== Step 1: List All Secrets ==="
+begin
+  secrets = sm.get_secrets()
+  puts "Found #{secrets.length} secrets:"
+  secrets.each do |secret|
+    puts "  - #{secret.title} (UID: #{secret.uid})"
+  end
+rescue => e
+  puts "Error: #{e.message}"
+  puts "Make sure to replace TOKEN with your actual Keeper token!"
+  exit 1
+end
+# Save a secret UID for later tests
+if secrets.any?
+  test_secret_uid = secrets.first.uid
+  puts "\nUsing secret '#{secrets.first.title}' for testing"
+end
+puts "\n=== Step 2: Get Secret Details ==="
+if test_secret_uid
+  secret = sm.get_secrets([test_secret_uid]).first
+  puts "Title: #{secret.title}"
+  puts "Type: #{secret.type}"
+  puts "Fields:"
+  secret.fields.each do |field|
+    puts "  - #{field['type']}: #{field['value'].first rescue 'N/A'}"
+  end
+end
+puts "\n=== Step 3: Test Notation ==="
+if test_secret_uid
+  # Test notation to get password
+  notation = "keeper://#{test_secret_uid}/field/password"
+  begin
+    password = sm.get_notation(notation)
+    puts "Password via notation: [HIDDEN]"
+  rescue => e
+    puts "No password field found"
+  end
+end
+puts "\n=== Step 4: List Folders ==="
+folders = sm.get_folders()
+puts "Found #{folders.length} folders:"
+folders.each do |folder|
+  puts "  - #{folder.name} (UID: #{folder.uid})"
+end
+# Save folder UID for record creation
+if folders.any?
+  test_folder_uid = folders.first.uid
+  puts "\nWill use folder '#{folders.first.name}' for new records"
+end
+puts "\n=== Step 5: Create New Secret ==="
+if test_folder_uid
+  new_record = KeeperSecretsManager::Dto::KeeperRecord.new(
+    title: "Test Record - #{Time.now.strftime('%Y-%m-%d %H:%M')}",
+    type: 'login',
+    fields: [
+      { 'type' => 'login', 'value' => ['testuser@example.com'] },
+      { 'type' => 'password', 'value' => ['MySecurePassword123!'] },
+      { 'type' => 'url', 'value' => ['https://example.com'] }
+    ],
+    notes: 'Created by Ruby SDK test'
+  )
+  options = KeeperSecretsManager::Dto::CreateOptions.new
+  options.folder_uid = test_folder_uid
+  begin
+    new_uid = sm.create_secret(new_record, options)
+    puts "Created new secret with UID: #{new_uid}"
+    created_uid = new_uid
+  rescue => e
+    puts "Could not create record: #{e.message}"
+  end
+else
+  puts "No folders found - skipping record creation"
+end
+puts "\n=== Step 6: Update Secret ==="
+if defined?(created_uid) && created_uid
+  # Fetch the created record
+  record = sm.get_secrets([created_uid]).first
+  # Update password
+  record.set_field('password', 'UpdatedPassword456!')
+  record.notes = "Updated at #{Time.now}"
+  sm.update_secret(record)
+  puts "Updated secret successfully"
+end
+puts "\n=== Step 7: File Operations ==="
+if defined?(created_uid) && created_uid
+  # Create a test file
+  test_content = "This is a test file created at #{Time.now}"
+  File.write('test_upload.txt', test_content)
+  # Upload file
+  file_data = File.read('test_upload.txt', mode: 'rb')
+  file_uid = sm.upload_file(created_uid, 'test_upload.txt', file_data)
+  puts "Uploaded file with UID: #{file_uid}"
+  # Download file
+  downloaded = sm.download_file(file_uid)
+  puts "Downloaded file: #{downloaded['name']} (#{downloaded['size']} bytes)"
+  # Save downloaded file
+  File.write('test_download.txt', downloaded['data'], mode: 'wb')
+  puts "Saved to test_download.txt"
+  # Cleanup
+  File.delete('test_upload.txt') if File.exist?('test_upload.txt')
+  File.delete('test_download.txt') if File.exist?('test_download.txt')
+end
+puts "\n=== Step 8: Test TOTP ==="
+# Look for a record with TOTP
+totp_found = false
+secrets.each do |secret|
+  begin
+    totp_url = sm.get_notation("keeper://#{secret.uid}/field/oneTimeCode")
+    if totp_url && totp_url.start_with?('otpauth://')
+      puts "Found TOTP in '#{secret.title}'"
+      params = KeeperSecretsManager::TOTP.parse_url(totp_url)
+      code = KeeperSecretsManager::TOTP.generate_code(params['secret'])
+      puts "Current TOTP code: #{code}"
+      totp_found = true
+      break
+    end
+  rescue
+    # No TOTP in this record
+  end
+end
+puts "No TOTP fields found in any records" unless totp_found
+puts "\n=== Step 9: Cleanup ==="
+if defined?(created_uid) && created_uid
+  print "Delete test record? (y/n): "
+  response = gets.chomp.downcase
+  if response == 'y'
+    sm.delete_secret([created_uid])
+    puts "Deleted test record"
+  else
+    puts "Kept test record"
+  end
+end
+puts "\n=== Testing Complete! ==="
+puts "All basic operations tested successfully"

data/examples/simple_test.rb ADDED Viewed

@@ -0,0 +1,162 @@
+#!/usr/bin/env ruby
+# Add the Ruby SDK to the load path
+$LOAD_PATH.unshift('/Users/mustinov/Source/secrets-manager/sdk/ruby/lib')
+# Load the SDK
+require 'keeper_secrets_manager'
+require 'logger'
+# Enable debug logging
+logger = Logger.new(STDOUT)
+logger.level = Logger::DEBUG
+begin
+  # Connect to Keeper
+  puts "Connecting to Keeper..."
+  # IMPORTANT: Replace with your own configuration
+  # You can get a one-time token from: https://keepersecurity.com/secrets-manager
+  #
+  # Option 1: Use one-time token
+  # token = 'US:YOUR_ONE_TIME_TOKEN_HERE'
+  # sm = KeeperSecretsManager.from_token(token)
+  #
+  # Option 2: Use base64 config from environment or file
+  config_base64 = ENV['KSM_CONFIG_BASE64'] || 'YOUR_BASE64_CONFIG_HERE'
+  storage_from_b64 = KeeperSecretsManager::Storage::InMemoryStorage.new(config_base64)
+  sm = KeeperSecretsManager.new(config: storage_from_b64, logger: logger)
+  # Alternative: Use in-memory storage to save credentials after first use
+  # storage = KeeperSecretsManager::Storage::InMemoryStorage.new
+  # sm = KeeperSecretsManager.new(token: TOKEN, config: storage)
+  #
+  # For subsequent connections (no token needed):
+  # sm = KeeperSecretsManager.new(config: storage)
+  # Get all secrets
+  puts "\nFetching secrets..."
+  response = sm.get_secrets(full_response: true)
+  secrets = response.records
+  # Display results
+  puts "\nFound #{secrets.length} secrets:"
+  puts "Found #{response.folders.length} folders:"
+  # Show folder structure
+  if response.folders.any?
+    puts "\nFolder structure:"
+    response.folders.each do |folder|
+      puts "  - #{folder.name} (#{folder.uid})"
+    end
+  end
+  # Show secrets with their folders and all fields
+  puts "\nShowing first 5 secrets with all fields:"
+  puts "=" * 80
+  secrets.first(500).each_with_index do |secret, i|
+    folder_info = secret.folder_uid && !secret.folder_uid.empty? ? " [in folder: #{secret.folder_uid}]" : " [in root]"
+    puts "\n#{i+1}. #{secret.title}#{folder_info}"
+    puts "   Type: #{secret.type}"
+    puts "   UID: #{secret.uid}"
+    # Show all fields
+    if secret.fields && secret.fields.any?
+      puts "   Fields:"
+      secret.fields.each do |field|
+        field_type = field['type'] || 'unknown'
+        field_label = field['label'] || field_type
+        # Get the value(s)
+        values = field['value'] || []
+        values = [values] unless values.is_a?(Array)
+        # Format based on field type
+        case field_type
+        when 'password', 'secret', 'pinCode', 'securityQuestion'
+          # Hide sensitive data
+          display_values = values.map { |v| '********' }
+        when 'privateKey'
+          # Show first/last few characters of private keys
+          display_values = values.map do |v|
+            if v && v.length > 20
+              "#{v[0..10]}...#{v[-10..-1]}"
+            else
+              v
+            end
+          end
+        when 'fileRef'
+          # Show file reference info
+          display_values = values.map { |v| "File: #{v}" }
+        else
+          # Show full value for non-sensitive fields
+          display_values = values
+        end
+        # Print field info
+        if display_values.length == 1
+          puts "     - #{field_label} (#{field_type}): #{display_values.first}"
+        elsif display_values.length > 1
+          puts "     - #{field_label} (#{field_type}):"
+          display_values.each { |v| puts "       • #{v}" }
+        else
+          puts "     - #{field_label} (#{field_type}): [empty]"
+        end
+      end
+    else
+      puts "   No fields"
+    end
+    # Show custom fields if any
+    if secret.custom && secret.custom.any?
+      puts "   Custom fields:"
+      secret.custom.each do |custom_field|
+        puts "     - #{custom_field['label']}: #{custom_field['value']}"
+      end
+    end
+    # Show files if any
+    if secret.files && secret.files.any?
+      puts "   Files:"
+      secret.files.each do |file|
+        file_name = file['title'] || file['name'] || 'unnamed'
+        file_size = file['size'] || 0
+        file_uid = file['fileUid'] || file['uid']
+        puts "     - #{file_name} (#{file_size} bytes) [UID: #{file_uid}]"
+        # Download the file if it's small (under 1MB for demo)
+        if file_size < 1_000_000 && file_uid
+          begin
+            puts "       Downloading..."
+            downloaded_file = sm.download_file(file)
+            # Save to downloads folder
+            download_dir = "downloads"
+            Dir.mkdir(download_dir) unless Dir.exist?(download_dir)
+            safe_filename = File.basename(downloaded_file['name'] || file_name)
+            file_path = File.join(download_dir, safe_filename)
+            File.binwrite(file_path, downloaded_file['data'])
+            puts "       ✅ Saved to: #{file_path}"
+          rescue => e
+            puts "       ❌ Download failed: #{e.message}"
+          end
+        elsif file_size >= 1_000_000
+          puts "       ⚠️  File too large for demo (>1MB)"
+        end
+      end
+    end
+  end
+  puts "\n" + "=" * 80
+  puts "\nTotal: #{secrets.length} secrets (showing first #{[secrets.length, 500].min})"
+  puts "\nSuccess! The Ruby SDK is working correctly."
+rescue => e
+  puts "\nError: #{e.message}"
+  puts "\nTroubleshooting:"
+  puts "1. Make sure you replaced TOKEN with your actual Keeper token"
+  puts "2. Token format should be: US:xxxxxxxxxxxxx (or EU:xxxxx for Europe)"
+  puts "3. Tokens are one-time use - get a new one if this fails"
+  puts "4. Check that the SDK path is correct: /Users/mustinov/Source/secrets-manager/sdk/ruby/lib"
+end

data/examples/storage_examples.rb ADDED Viewed

@@ -0,0 +1,126 @@
+#!/usr/bin/env ruby
+# Add the Ruby SDK to the load path
+$LOAD_PATH.unshift('/Users/mustinov/Source/secrets-manager/sdk/ruby/lib')
+require 'keeper_secrets_manager'
+require 'json'
+puts "=== Keeper Secrets Manager Storage Examples ==="
+# Your one-time token (replace with a fresh one)
+TOKEN = 'US:YOUR_ONE_TIME_TOKEN_HERE'
+puts "\n1. One-time token (no storage) - Token used every time"
+puts "=" * 50
+begin
+  # This uses the token directly and doesn't save credentials
+  sm = KeeperSecretsManager.new(token: TOKEN)
+  secrets = sm.get_secrets()
+  puts "✓ Connected and found #{secrets.length} secrets"
+rescue => e
+  puts "✗ Error: #{e.message}"
+end
+puts "\n2. In-Memory Storage - Credentials stored in memory"
+puts "=" * 50
+begin
+  # Create in-memory storage
+  storage = KeeperSecretsManager::Storage::InMemoryStorage.new
+  # First connection with token
+  puts "First connection (with token)..."
+  sm1 = KeeperSecretsManager.new(token: TOKEN, config: storage)
+  secrets1 = sm1.get_secrets()
+  puts "✓ Found #{secrets1.length} secrets"
+  # Get the config as JSON for later use
+  config_json = storage.to_json
+  puts "✓ Config saved to memory (length: #{config_json.length} chars)"
+  # Subsequent connections without token - just pass the config!
+  puts "\nSecond connection (no token needed)..."
+  new_storage = KeeperSecretsManager::Storage::InMemoryStorage.new(config_json)
+  sm2 = KeeperSecretsManager.new(config: new_storage)
+  secrets2 = sm2.get_secrets()
+  puts "✓ Found #{secrets2.length} secrets using stored credentials"
+  # Or use base64 encoded config
+  puts "\nThird connection (using base64 config)..."
+  config_base64 = Base64.strict_encode64(config_json)
+  storage_from_b64 = KeeperSecretsManager::Storage::InMemoryStorage.new(config_base64)
+  sm3 = KeeperSecretsManager.new(config: storage_from_b64)
+  secrets3 = sm3.get_secrets()
+  puts "✓ Found #{secrets3.length} secrets using base64 config"
+rescue => e
+  puts "✗ Error: #{e.message}"
+end
+puts "\n3. File Storage - Credentials saved to disk"
+puts "=" * 50
+begin
+  # Create file storage
+  config_file = 'keeper_config.json'
+  file_storage = KeeperSecretsManager::Storage::FileStorage.new(config_file)
+  # First connection with token
+  puts "First connection (with token)..."
+  sm1 = KeeperSecretsManager.new(token: TOKEN, config: file_storage)
+  secrets1 = sm1.get_secrets()
+  puts "✓ Found #{secrets1.length} secrets"
+  puts "✓ Credentials saved to #{config_file}"
+  # Later, in a different script/session
+  puts "\nSimulating new session..."
+  file_storage2 = KeeperSecretsManager::Storage::FileStorage.new(config_file)
+  sm2 = KeeperSecretsManager.new(config: file_storage2)
+  secrets2 = sm2.get_secrets()
+  puts "✓ Found #{secrets2.length} secrets using saved credentials"
+  # Clean up
+  File.delete(config_file) if File.exist?(config_file)
+  puts "✓ Cleaned up config file"
+rescue => e
+  puts "✗ Error: #{e.message}"
+end
+puts "\n4. Pre-populated Storage - Manual configuration"
+puts "=" * 50
+begin
+  # You can manually populate storage with known values
+  manual_storage = KeeperSecretsManager::Storage::InMemoryStorage.new
+  # These would come from your secure configuration
+  manual_storage.save_string('hostname', 'keepersecurity.com')
+  manual_storage.save_string('clientId', 'YOUR_CLIENT_ID')
+  manual_storage.save_bytes('appKey', Base64.decode64('YOUR_APP_KEY_BASE64'))
+  manual_storage.save_bytes('privateKey', Base64.decode64('YOUR_PRIVATE_KEY_BASE64'))
+  # ... other required keys
+  # Connect using pre-configured storage
+  # sm = KeeperSecretsManager.new(config: manual_storage)
+  puts "✓ Manual storage example (commented out - needs real credentials)"
+rescue => e
+  puts "✗ Error: #{e.message}"
+end
+puts "\n5. Environment Variable Storage"
+puts "=" * 50
+puts "You can also load from environment variables:"
+puts <<-EOF
+  # Set environment variable with base64 config
+  export KSM_CONFIG="eyJjbGllbnRJZCI6Ii4uLiJ9..."
+  # SDK will automatically use it
+  sm = KeeperSecretsManager.new()
+EOF
+puts "\nKey Points:"
+puts "- One-time tokens can only be used once"
+puts "- In-memory storage is lost when program exits"
+puts "- File storage persists credentials between runs"
+puts "- Always protect stored credentials appropriately"
+puts "- Use file permissions to secure config files"

data/lib/keeper_secrets_manager/config_keys.rb ADDED Viewed

@@ -0,0 +1,27 @@
+module KeeperSecretsManager
+  module ConfigKeys
+    # Configuration key constants (matching other SDKs)
+    KEY_URL                     = 'url'.freeze
+    KEY_CLIENT_ID               = 'clientId'.freeze
+    KEY_CLIENT_KEY              = 'clientKey'.freeze
+    KEY_HOSTNAME                = 'hostname'.freeze
+    KEY_SERVER_PUBLIC_KEY_ID    = 'serverPublicKeyId'.freeze
+    KEY_PRIVATE_KEY             = 'privateKey'.freeze
+    KEY_APP_KEY                 = 'appKey'.freeze
+    KEY_OWNER_PUBLIC_KEY        = 'appOwnerPublicKey'.freeze
+    KEY_APP_UID                 = 'appUid'.freeze
+    # All valid keys
+    ALL_KEYS = [
+      KEY_URL,
+      KEY_CLIENT_ID,
+      KEY_CLIENT_KEY,
+      KEY_HOSTNAME,
+      KEY_SERVER_PUBLIC_KEY_ID,
+      KEY_PRIVATE_KEY,
+      KEY_APP_KEY,
+      KEY_OWNER_PUBLIC_KEY,
+      KEY_APP_UID
+    ].freeze
+  end
+end