Password and Secrets Management Release Notes
Release notes for password managers and secrets management tools
Products (13)
Latest Password and Secrets Management Updates
- Apr 12, 2026
- Date parsed from source:Apr 12, 2026
- First seen by Releasebot:Apr 12, 2026
1.35.6
Vaultwarden fixes MFA remember token and recovery token acceptance issues in this release.
Notes
The previous release contained an issue where Two Factor Remember Tokens and Recovery Tokens were not accepted at all.
This has been fixed now in this release.What's Changed
Fix MFA Remember by @BlackDex in #7085
Full Changelog: 1.35.5...1.35.6
Original source Report a problem - Apr 12, 2026
- Date parsed from source:Apr 12, 2026
- First seen by Releasebot:Apr 12, 2026
1.35.5
Vaultwarden releases a security-focused update with critical fixes for organization purge, cross-org access, and refresh token invalidation, plus stronger 2FA remember token handling, policy and API key login fixes, and broader cleanup for CORS, shutdown, and build stability.
Security Fixes
This release contains security fixes for the following advisories. We strongly advice to update as soon as possible.
GHSA-937x-3j8m-7w7p Unconfirmed Owner Can Purge Entire Organization Vault.
GHSA-569v-845w-g82p Cross-Org Group Binding Enables Unauthorized Read And Write Access Into Another Organization
GHSA-6j4w-g4jh-xjfx Refresh tokens not invalidated on security stamp rotation
These are private for now, pending CVE assignment.
Notes
The admin templates have changed, please update them if you override these via templates.
Two Factor Remember Tokens are now valid for max 30 days. Old tokens are invalid directly after upgrading.
What's Changed
- apply policies only to confirmed members by @stefan0xC in #6892
- Feat(config): add feature flag for Safari account switching by @DerPlayer2001 in #6891
- fix: add ForcePasswordReset to api key login by @montdidier in #6904
- Add Webauthn related origins flag to known flags. by @pasarenicu in #6900
- Add 30s cache to SSO exchange_refresh_token by @Timshel in #6866
- Add cxp-import-mobile and cxp-export-mobile: feature flags on mobile by @phoeagon in #6853
- Misc updates and fixes by @BlackDex in #6910
- Support new desktop origin on CORS by @dani-garcia in #6920
- Fix checkout action version by @dfunkt in #6921
- Fix apikey login by @BlackDex in #6922
- Fix email header base64 padding by @BlackDex in #6961
- Update Feature Flags by @BlackDex in #6981
- Update crates and GHA by @BlackDex in #6980
- Use protected CI environment by @dani-garcia in #7004
- Fix 2FA Remember to actually be 30 days by @BlackDex in #6929
- Misc Updates by @BlackDex in #7027
- Switch to attest action by @dfunkt in #7017
- Rotate refresh-tokens on sstamp reset by @BlackDex in #7031
- Misc org fixes by @BlackDex in #7032
- Fix empty string FolderId by @BlackDex in #7048
- Disable deployments for release env by @dfunkt in #7033
- Fix Send icons by @BlackDex in #7051
- prevent managers from creating collections by @stefan0xC in #6890
- Change SQLite backup to use VACUUM INTO query by @getaaron in #6989
- Handle SIGTERM and SIGQUIT shutdown signals. by @0x484558 in #7008
- Do not display unavailable 2FA options by @0x484558 in #7013
- Fix logout push identifiers and send logout before clearing devices by @qaz741wsd856 in #7047
- Fix windows build issues by @idontneedonetho in #7065
- Crate and GHA updates by @BlackDex in #7081
New Contributors
- @DerPlayer2001 made their first contribution in #6891
- @montdidier made their first contribution in #6904
- @pasarenicu made their first contribution in #6900
- @phoeagon made their first contribution in #6853
- @getaaron made their first contribution in #6989
- @0x484558 made their first contribution in #7008
- @qaz741wsd856 made their first contribution in #7047
- @idontneedonetho made their first contribution in #7065
Full Changelog: 1.35.4...1.35.5
Original source Report a problem All of your release notes in one feed
Join Releasebot and get updates from Daniel García and hundreds of other software products.
- April 2026
- No date parsed from source.
- First seen by Releasebot:Apr 7, 2026
Version 1.36.0
Proton Pass adds searchable custom fields, improved importers, B2B policy handling, and group sharing.
- Custom item fields are now searchable
- Improve importers
- Take into account B2B Policy for secure link
- Take into account B2B Policy for email alias
- Group sharing
- Apr 7, 2026
- Date parsed from source:Apr 7, 2026
- First seen by Releasebot:Apr 8, 2026
April 7 2026 1Password for Linux 8.12.10
1Password Linux improves 1PUX imports, draft recovery, and authentication prompt icons.
When you import a 1PUX file, but you don’t have the permission to create vaults in your 1Password account, only private items will be imported.
We’ve made some improvements to how 1Password can recover drafts of items.
App icons shown in SSH, CLI, and SDK authentication prompts now display more quickly.
Original source Report a problem - Apr 7, 2026
- Date parsed from source:Apr 7, 2026
- First seen by Releasebot:Apr 8, 2026
1Password Windows by 1Password
1Password for Windows 8.12.10
1Password Windows improves imports, draft recovery, and authentication prompts, while fixing passkey manager issues on external drives, a startup crash, and Windows setup prompt conflicts.
When you import a 1PUX file, but you don’t have the permission to create vaults in your 1Password account, only private items will be imported.
We’ve made some improvements to how 1Password can recover drafts of items.
App icons shown in SSH, CLI, and SDK authentication prompts now display more quickly.
We’ve fixed the size of the text shown under the “Unlock with device” option when “Use your device’s Trusted Platform Module to unlock” is turned on.
We’ve fixed an issue where you couldn’t use 1Password as your Windows passkey manager if you installed 1Password on an external drive.
We’ve fixed a crash that could occur if 1Password was set to launch when you started your PC.
We’ve fixed an issue where the prompt to set up passkey support on Windows could conflict with the prompts shown when you first set up 1Password.
Original source Report a problem - Apr 7, 2026
- Date parsed from source:Apr 7, 2026
- First seen by Releasebot:Apr 7, 2026
Admin Console 17.8.1
Keeper releases Admin Console 17.8.1 with new default Keeper Endpoint Privilege Manager policies and several bug fixes, including improved performance for large enterprises and fixes for missing buttons, inconsistent counts, and browser crashes.
Overview
Admin Console version 17.8.1 introduces new default policies for Keeper Endpoint Privilege Manager (KEPM) and includes several bug fixes.
Features
- EM-8541: Added a new set of default KEPM policies, including policies for Applications, File Operations, Network, Package Management, Process Management, Script Interpreter, Services, and User command-line activity. New enterprises will receive these policies automatically upon their first full KEPM sync.
Bug Fixes
- EM-8465: Fixed an issue where the "Turn On Now" buttons were missing from the KEPM and PAM sections for enterprises with an expired free trial.
- EM-8521: Improved performance for large enterprise environments
- EM-8536: Fixed an issue where KEPM collection counts were displaying inconsistent or fluctuating values.
- EM-8537: Fixed an issue where Keeper Endpoint Privilege Manager was causing browser crashes.
- Apr 7, 2026
- Date parsed from source:Apr 7, 2026
- First seen by Releasebot:Apr 7, 2026
1Password Browser by 1Password
1Password in the browser 8.12.10
1Password Browser adds dark mode support for the inline menu, new autofill suggestion controls, and a simpler Autofill settings layout. It also improves the menu design, hides the menu when no options remain, and fixes autosubmit issues on several sites.
The inline menu icon now supports dark mode.
We’ve added settings that let you choose which item types appear as autofill suggestions in the inline menu.
The setting to save items in the inline menu is now turned off by default.
We’ve made visual improvements the inline menu.
We’ve reorganized the Autofill settings for easier navigation.
The inline menu will now automatically hide when you’ve filtered all possible options by typing in a field.
You’ll no longer see 1Password elements when you print a web page in your browser.
We’ve fixed issues with autosubmit on app.bokio.se, auvio.rtbf.be, mahix.org, reuters.com, and teledoki.hu.
Original source Report a problem - Apr 7, 2026
- Date parsed from source:Apr 7, 2026
- First seen by Releasebot:Apr 7, 2026
1Password for Mac 8.12.10
1Password Mac improves imports, item draft recovery, prompt icon loading, and unlock behavior on clamshell MacBooks.
When you import a 1PUX file, but you don’t have the permission to create vaults in your 1Password account, only private items will be imported.
We’ve made some improvements to how 1Password can recover drafts of items.
App icons shown in SSH, CLI, and SDK authentication prompts now display more quickly.
MacBooks running in clamshell mode can now display the Mac password unlock prompt when no biometric options are available.
Original source Report a problem - Apr 4, 2026
- Date parsed from source:Apr 4, 2026
- First seen by Releasebot:Apr 5, 2026
v1.0.0
Keeper introduces the Security Agent Kit for AI agents, letting coding assistants use Keeper Secrets Manager and Keeper Commander from the terminal to retrieve secrets, manage vaults, and run admin workflows without exposing credentials in chat or source control.
Keeper Security Agent Kit for AI Agents
Teach AI coding agents to use Keeper Secrets Manager (KSM) and Keeper Commander from the terminal: retrieve and inject secrets, manage vaults, and run enterprise admin workflows without putting credentials in chat or source control.
What you get
Plugin Use it for CLI keeper-secrets App secrets, ksm exec, templates, CI/CD ksm keeper-admin Users, teams, PAM, enterprise vault ops keeper keeper-setup Install CLIs, profiles, first-time setup BothPrerequisites
- A Keeper Security account
- KSM CLI (plugin: keeper-secrets)
- Commander CLI (plugin: keeper-admin)
- Python 3.10+
- Linux, Windows, Mac OS
The keeper-setup skill will guide you through first-time setup if you don't have the CLIs installed.
Installation
To install the Keeper Security Agent Kit, pick one path.
Claude Code Marketplace
/plugin marketplace add Keeper-Security/keeper-agent-kit /plugin install keeper-secrets@keeper-securityAny agent via Vercel Skills CLI
# Add the Keeper Security Agent Kit npx skills add Keeper-Security/keeper-agent-kitCombine with optional flags to target a specific agent or install globally:
# target agent: cursor npx skills add Keeper-Security/keeper-agent-kit -a cursor # target agent: claude-code npx skills add Keeper-Security/keeper-agent-kit -a claude-code # target agent: codex npx skills add Keeper-Security/keeper-agent-kit -a codex # global install npx skills add Keeper-Security/keeper-agent-kit -gManual installation
Clone the repo, then copy the plugin folders to your agent’s skills directory (create it if needed):
Agent Typical skills path Claude Code ~/.claude/skills/ Cursor ~/.cursor/skills/ Codex ~/.codex/skills/ GitHub Copilot ~/.github/skills/git clone https://github.com/Keeper-Security/keeper-agent-kit cd keeper-agent-kitExample manual installation for Claude Code
NOTE: You may also create this at the project level by using ./.claude/skills/ instead of ~/.claude/skills/.
mkdir -p ~/.claude/skills cp -r plugins/* /skills/* ~/.claude/skills/ ls ~/.claude/skillsRepeat for each agent you use; paths differ per product.
Usage
In the agent, try prompts like:
“Help me inject secrets from Keeper into my app” (should lean on keeper-secrets) or “How do I set up KSM?” (keeper-setup).
For more structured smoke tests, see TEST_PROMPTS.md.
Uninstall
Remove the skill directories from that agent’s skills folder, or with Vercel Skills:
npx skills remove keeper-secrets(and the other two). To remove the Keeper CLIs from your machine, follow the uninstall guidance in the KSM CLI and Commander CLI docs.
Documentation
- KSM CLI - install, profiles, commands
- Commander CLI - install, shell, admin commands
- Keeper notation - keeper:// references for secrets
- Issues & features
- Keeper Security Support
- Docs
Security
Security is a top priority. The SECURITY.md file contains information on how to report vulnerabilities.
Contributing
We welcome issues and pull requests.
- Check existing issues before filing a new one.
- For changes: fork, branch, keep edits focused; follow CONTRIBUTING.md.
- Pull requests should describe what changed and why, and note how you tested.
License
Licensed is provided in the LICENSE file.
Original source Report a problem - Apr 4, 2026
- Date parsed from source:Apr 4, 2026
- First seen by Releasebot:Apr 4, 2026
AI Agents
Keeper integrates Secrets Manager and Commander with AI coding agents like Claude Code, Cursor, Codex, and GitHub Copilot, letting teams retrieve secrets, manage vaults, and run admin workflows from the terminal while keeping credentials out of chat and source control.
Integrate Keeper Secrets Manager and Commander with AI coding agents like Claude Code, Cursor, Codex, and GitHub Copilot.
Use AI coding agents with Keeper to retrieve secrets, manage vaults, and run admin workflows from the terminal. Credentials stay out of chat and source control.
GitHub:
github.com/Keeper-Security/keeper-agent-kitOverview
Keeper supports two integration models for AI agents: skills/plugins for CLI-driven developer workflows, and MCP servers for agent orchestration platforms. This page covers the Keeper Agent Kit, a set of skills (also called plugins) that teach AI coding agents how to use Keeper's CLI tools.
After installation, your agent can:
- Retrieve and inject secrets with ksm (Keeper Secrets Manager CLI)
- Manage vaults, users, teams, and PAM resources with keeper (Commander CLI)
- Set up both CLIs from scratch if they aren't installed yet
Credentials never appear in chat or get committed to source control. The KSM CLI and Commander CLI resolve secrets at runtime. All access is subject to the same RBAC policies and audit logging as any other Keeper integration.
For the MCP-based approach see MCP for AI Agents (Docker).
What's Included
The Agent Kit contains three skills:
Skill What it does CLI used keeper-secrets App secrets, ksm exec, templates, CI/CD injection ksm keeper-admin Users, teams, PAM, enterprise vault operations keeper keeper-setup Install CLIs, configure profiles, first-time setup BothPrerequisites
You'll need:
- A Keeper Security account (Business or Enterprise)
- Python 3.10 or later
- macOS, Linux, or Windows
The KSM CLI and Commander CLI can be installed manually, or you can let the keeper-setup skill walk your agent through first-time setup.
Installation
Choose the guide that matches your setup:
Method Best for Guide Claude Plugin Marketplace Claude users Install with Claude Skills CLI (npx skills) Cursor, Codex, Copilot, and multi-agent setups Install with Skills CLI Manual (git clone) Air-gapped environments, custom agent setups Install ManuallyAll three methods install the same skills. Pick whichever fits your workflow.
Supported Agents
Agent Plugin Marketplace Skills CLI Manual Claude Code ✅ ✅ ✅ Cursor ✅ ✅ ✅ Codex — ✅ ✅ GitHub Copilot — ✅ ✅ VS Code (Copilot Chat) — ✅ ✅ Other agents — ✅ (auto-detect) ✅Quick Start
After installing, use your agent as usual. Skills activate based on context.
Inject a secret into your environment:
"Help me inject my database credentials from Keeper into my app's .env file"
The agent uses keeper-secrets to run ksm exec and pull the secret in without showing it in chat.
Set up KSM for the first time:
"I need to configure Keeper Secrets Manager on this machine"
The agent uses keeper-setup to walk you through CLI installation, profile creation, and token setup.
Look up a user in your Keeper enterprise:
"List all users on the Engineering team in Keeper"
The agent uses keeper-admin to run the right Commander command.
For more examples, see our sample Test Prompts in the repo.
How It Works
Skills are markdown files (SKILL.md) that tell your AI agent how to use a CLI tool. They're not executable code. Each skill documents commands, flags, and error-handling patterns. When you ask a question, the agent reads the relevant skill and builds the right CLI commands from it.
Security model:
The agent runs CLI commands on your local machine using your authenticated session. Secrets are resolved by the KSM and Commander CLIs at runtime, not pasted into chat. Standard Keeper RBAC policies and audit logging apply.Skills vs. MCP
Keeper supports two ways to connect AI agents. You can use both in the same environment.
What it is Agent Kit (Skills/Plugins) MCP Server (Connector) Markdown files that teach agents to use Keeper CLIs A running Model Context Protocol server How it connects Agent reads skills, runs CLI commands locally Agent connects to an MCP server process Best for Developer workflows, CI/CD, DevOps, local use Agent orchestration platforms, hosted environments Auth model Your existing KSM/Commander CLI sessions KSM one-time access tokens Additional Information This page MCP (Docker)Troubleshooting
Agent doesn't pick up the skill
Check that the skill files landed in the correct directory for your agent. Restart your agent session after installing. In Claude Code, run /plugin and check the Installed tab.
ksm or keeper command not found
The CLI tools need to be installed separately. Ask your agent "Help me install KSM CLI" and the keeper-setup skill will handle the rest.
Permission denied when running CLI commands
Make sure your KSM profile or Commander session has the right permissions. Keeper's RBAC policies apply to all CLI access. Talk to your Keeper admin if you need additional role assignments.
Skills installed globally but not loading in a project
Some agents prioritize project-level skills over global ones. If a project has its own skills directory, global skills may be hidden. Check with npx skills list or /plugin in Claude Code.
Resources
GitHub:
Keeper-Security/keeper-agent-kitKSM CLI Docs:
Secrets Manager CLICommander CLI Docs:
Commander OverviewKeeper Notation:
keeper:// URI referencesIssues & Features:
GitHub IssuesSupport:
Original source Report a problem
keepersecurity.com/support