Advanced
Advanced features of the Keeper Vault integration
Config Parameter Protection
The Keeper Vault can be utilized to protect and store configuration secrets that would normally be hard-coded into the guacamole.properties
or Docker Compose file.
Auto Docker Install Method
If you installed Keeper Connection Manager using the Auto Docker Install method, configuration secrets are protected in the auto-generated Docker Compose file.
As root, edit the /etc/kcm-setup/docker-compose.yml
file.
For each configuration secret that you want to protect, you can replace the entry with a direct lookup in the Keeper vault. A good example of this is replacing the hard-coded MySQL database password with a vault record.
BEFORE:
AFTER:
The token syntax is using Keeper Notation. The name of the parameter must follow the format of *_KSM_SECRET
. In this example, the MySQL database password is pulled directly from a Keeper record in the Shared Folder.
The value of each *_KSM_SECRET
variable should be the Keeper notation of the secret that should be used to pull the necessary configuration value. For example, if SOME_VARIABLE_KSM_SECRET
were set to valid Keeper notation, then the value of the Guacamole property normally associated with SOME_VARIABLE
will be pulled from that secret in KSM.
Once the file changes have been saved, update the containers:
Docker Compose Install Method
Edit your docker-compose.yml
file.
For each configuration secret that you want to protect, you can replace the entry with a direct lookup in the Keeper vault. A good example of this is replacing the hard-coded MySQL database password with a vault record:
The token syntax is using Keeper Notation. In this example, the MySQL database password is pulled directly from a Keeper record in the Shared Folder as seen below:
The value of each *_KSM_SECRET
variable should be the Keeper notation of the secret that should be used to pull the necessary configuration value. For example, if SOME_VARIABLE_KSM_SECRET
were set to valid Keeper notation, then the value of the Guacamole property normally associated with SOME_VARIABLE
will be pulled from that secret in KSM.
Once the file changes have been saved, update the containers:
Other configuration options
In docker installations, the parameter ADDITIONAL_GUACAMOLE_PROPERTIES_KSM
can be used to move parameters from the guacamole.properties file into guacamole.properties.ksm.
Last updated