Add secret-ids arg in Thycotic import#2145
Closed
lthievenaz-keeper wants to merge 16 commits into
Closed
Conversation
…2130) * Fix kcm-import --output file permissions on Windows via utils.set_file_permissions * Fix flaky set_record_rotation body test: decrypt round-trip instead of first-byte check
…curity#2121) (Keeper-Security#2133) * Add error handling for persistent login break in docker and strengthen keeper get lookup from shell * Fix unit tests
…/ksm fixes (Keeper-Security#2136) * pam: legacy-JSON DAG + drop use_per_graph_endpoints kwarg (ksm/ai_settings) * discovery_common: revert backwards use_per_graph_endpoints comment to match upstream
…) + validate generated KSM config (Keeper-Security#2141)
…fields output (Keeper-Security#2144) * get: mask secret-type custom fields in detail/fields output; fix awspswd import * fix flaky body-encryption assertion in test_dag_layer_b_configure_resource
Add secret-ids arg to import command, to use for debugging Thycotic secret IDs
Pass secret-ids arg from import command to thycotic import so it can be handled in the Thycotic import
If user sets secret-ids, the import will: - Check if any of those IDs have come up in the lookup and would have been imported. - Import only the secret-ids set This is useful for debugging, because the lookup API may not return all Thycotic secrets - eg if there a security policy on them, but they may still be fetched. Usage: String (comma separated IDs) `import --format thycotic server_name --secret-ids "123, 124,125"` Python List (strings or integers) `secret_ids=[123, 124, 125]`
Fix conditional logic so import continues if no secret ids are specified
sk-keeper
force-pushed
the
release
branch
2 times, most recently
from
June 13, 2026 02:41
b11acff to
c6ec45e
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
If user sets secret-ids, the import will:
This is useful to only import some secret IDs for testing, but also for debugging, because the /lookup API may not return all Thycotic secrets - eg if there is a security policy on them, even though they may still be fetched with the /v1/secrets API.
Usage:
String (comma separated IDs)
import --format thycotic server_name --secret-ids "123, 124,125"Python List (strings or integers)
secret_ids=[123, 124, 125]