PostgreSQL

Advanced configuration of PostgreSQL / Redshift connection type

Overview

The PostgreSQL implementation in Keeper Connection Manager utilizes the PostgreSQL client library as well as an internal terminal library which renders the user interface. Guacamole's PostgreSQL support emulates a terminal on the server side, and draws the screen of this terminal remotely on the client.

This document is intended to cover all supported parameters, grouped in the same way they are grouped within the web interface. The field headings which would appear in the web interface are provided for each parameter, along with each parameter's internal name and a thorough description of the behavior and legal values for that parameter.

Keeper Secrets Manager parameters

Network parameters

PostgreSQL connections are established over TCP to a specific port and a specific hostname or IP address. The hostname/address must be specified for all PostgreSQL connections, but you only need to specify a port if you are not using the standard port (5432).

Authentication parameters

Keeper Connection manager supports PostgreSQL authentication through username and password parameters. Both fields are required to establish a connection.

Database parameters

The default database can be specified when establishing the connection. You can also disable the ability to perform CSV import and export of data.

Display settings

Guacamole's PostgreSQL support provides a display, but not in the same sense as a remote desktop protocol like VNC or RDP. The display is a terminal emulator, and thus provides options for configuring the font used and its size.

If selecting a different font for a PostgreSQL connection, the chosen font must be installed on the server running guacd. It is the server that will handle rendering of characters to the terminal display, not the client.

Custom color schemes

Custom color schemes may be provided for the terminal emulator used by PostgreSQL connections. Custom schemes mimic the format used by Xterm and consist of a semicolon-separated series of name-value pairs. Each name-value pair is separated by a colon and assigns a value to a color in the terminal emulator palette.

For example, to use blue text on white background by default, and change the red color to a purple shade, you would specify:

foreground: rgb:00/00/ff;
background: rgb:ff/ff/ff;
color9: rgb:80/00/80

Legal color names are:

  • "foreground" - the default foreground color.

  • "background" - the default background color.

  • "colorN" - the color at index N within the Xterm 256-color palette. For example, "color9" refers to the color at palette index 9, normally red.

Legal color values are:

  • "rgb:RR/GG/BB" - a color in RGB format, with each component in hexadecimal. For example, "rgb:ff/00/00" specifies the color red. Each hexadecimal component may be one to four digits, but the effective values are always zero-extended or truncated to two digits; for example, "rgb:f/8/0", "rgb:f0/80/00", and "rgb:f0f/808/00f" all refer to the same effective color.

  • "colorN" - the color currently assigned to index N within the Xterm 256-color palette. For example, "color9" specifies the color currently assigned to palette index 9. Note that the current color value is used rather than a reference to that color. If the referenced color is changed later in the color scheme configuration, that new color value will not be reflected in this assignment.

  • "NAME" - the color with human-readable name "NAME", where "NAME" is one of the standard color names supported by X11. These names generally correspond to the names standardized by the W3C for CSS.

Clipboard parameters

Guacamole provides bidirectional access to the clipboard by default for PostgreSQL connections. This behavior can be overridden on a per-connection basis, restricting access to the clipboard.

Text session recording (typescripts)

The full, raw text content of PostgreSQL sessions, including timing information, can be recorded automatically to a specified directory. This recording, also known as a "typescript", will be written to two files within the directory specified: one file contains the raw text data, and the other contains timing information. Where "NAME" is the value provided for the typescript name, these files will be named "NAME" and "NAME.timing" respectively.

This format is compatible with the format used by the standard UNIX script command, and can be replayed using scriptreplay (if installed). For example, to replay a typescript called "NAME", you would run:

$ scriptreplay NAME.timing NAME

Screen recording parameters

PostgreSQL sessions can be recorded graphically. These recordings take the form of Guacamole protocol dumps and are recorded automatically to a specified directory. Recordings can be subsequently played back using the Glyptodon Enterprise Session Recording Player application hosted at player.glyptodon.com (or using a local deployment of this application).

The player is a static web application, using only JavaScript to play back provided recordings. This functionality is implemented strictly locally; the recordings are not uploaded to a remote service for processing. If you would prefer to use your own deployment of this application, or would like to investigate the source, the full source of the Glyptodon Enterprise Session Recording Player can be found on GitHub, along with instructions for local deployment: https://github.com/glyptodon/glyptodon-enterprise-player

The latest version of Keeper Connection Manager supports on-screen playback of recorded sessions. See the Session Recording documentation page.

Last updated