Static Tokens
Using the integration between Connection Manager and Vault with static field lookups
Static Tokens
Connection Manager supports configuring custom static tokens which can correspond to a specific field of a specific Keeper Vault record contained within the Shared Folder. These static tokens must be specified in either the Docker compose or directly in the guacamole configuration file, depending on the installation method of the platform. In most cases, the Dynamic Tokens are a preferable method of integration.
Auto Docker Install Method
If you installed Keeper Connection Manager using the Auto Docker Install method, you will need to modify the auto-generated Docker Compose file to define your static tokens.
As root, edit the /etc/kcm-setup/docker-compose.yml
file.
Edit the "environment" section underneath the "guacamole" docker image. Insert an environmental variable called KSM_TOKEN_MAPPING
that includes a multi-line definition of your custom tokens. In the example below, there are 3 custom tokens for specific fields within the Keeper vault shared folder. The token syntax is using Keeper Notation.
Once the file changes have been saved, update the containers:
Docker Compose Install Method
Edit your docker-compose.yml
file. Look for the "guacamole" docker image and the "environment" section which defines environmental variables.
Insert an environmental variable called KSM_TOKEN_MAPPING
that includes a multi-line definition of your custom tokens. In the example below, there are 3 custom tokens for specific fields within the Keeper vault shared folder. The token syntax is using Keeper Notation.
Once the file changes have been saved, update the containers:
Custom Token Usage
When using custom tokens, the records can be setup in any way. Keeper notation in the mapping file can identify any specified field.
The tokens can then be used with the ${XXX} format within the Connection Manager parameters screen. A couple of examples are seen below:
The records must be in the shared folder that your Secrets Manager Application has access to.
Last updated