Skip to content

Add secret-ids arg in Thycotic import#2145

Closed
lthievenaz-keeper wants to merge 16 commits into
Keeper-Security:releasefrom
lthievenaz-keeper:thycotic-secret-ids-arg
Closed

Add secret-ids arg in Thycotic import#2145
lthievenaz-keeper wants to merge 16 commits into
Keeper-Security:releasefrom
lthievenaz-keeper:thycotic-secret-ids-arg

Conversation

@lthievenaz-keeper

Copy link
Copy Markdown
Contributor

If user sets secret-ids, the import will:

  • Check if any of those IDs have come up in the lookup and would have been imported.
  • Import only the secret-ids list

This is useful to only import some secret IDs for testing, but also for debugging, because the /lookup API may not return all Thycotic secrets - eg if there is a security policy on them, even though they may still be fetched with the /v1/secrets API.

Usage:
String (comma separated IDs)
import --format thycotic server_name --secret-ids "123, 124,125"
Python List (strings or integers)
secret_ids=[123, 124, 125]

idimov-keeper and others added 16 commits June 6, 2026 21:04
…2130)

* Fix kcm-import --output file permissions on Windows via utils.set_file_permissions

* Fix flaky set_record_rotation body test: decrypt round-trip instead of first-byte check
…curity#2121) (Keeper-Security#2133)

* Add error handling for persistent login break in docker and strengthen keeper get lookup from shell

* Fix unit tests
…/ksm fixes (Keeper-Security#2136)

* pam: legacy-JSON DAG + drop use_per_graph_endpoints kwarg (ksm/ai_settings)

* discovery_common: revert backwards use_per_graph_endpoints comment to match upstream
…fields output (Keeper-Security#2144)

* get: mask secret-type custom fields in detail/fields output; fix awspswd import

* fix flaky body-encryption assertion in test_dag_layer_b_configure_resource
Add secret-ids arg to import command, to use for debugging Thycotic secret IDs
Pass secret-ids arg from import command to thycotic import so it can be handled in the Thycotic import
If user sets secret-ids, the import will:
- Check if any of those IDs have come up in the lookup and would have been imported.
- Import only the secret-ids set

This is useful for debugging, because the lookup API may not return all Thycotic secrets - eg if there a security policy on them, but they may still be fetched.

Usage:
String (comma separated IDs)
`import --format thycotic server_name --secret-ids "123, 124,125"`
Python List (strings or integers)
`secret_ids=[123, 124, 125]`
Fix conditional logic so import continues if no secret ids are specified
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants