search

Microsoft SQL Server Plugin

Rotate SQL Server passwords

circle-exclamation

Keeper has also launched a zero-trust Password Rotation feature with KeeperPAM. This new capability is recommended for most password rotation use cases. The Documentation is linked below:

This plugin allows rotating a user's password in Microsoft SQL Server

hashtag
Prerequisites

hashtag
Install pymssql

pip3 install pymssql

hashtag
Prepare Records for Rotation

hashtag
Create a Record for Rotation

Rotation supports legacy and typed records. If using typed record, a 'Login' type field is required. Additional fields may be added depending on the rotation type as well. See the instructions below.

circle-info

See the Troubleshooting section for more information on legacy vs typed records

Complete record example. Follow steps below to setup a record for rotation

hashtag
Set the record Login as username of the account to rotate

hashtag
Set the Hostname and Port

Commander will use these settings to connect.

circle-info

TIP: If the port is set to 1433, or the host begins with "mssql://" Commander will automatically recognize the record as Microsoft SQL credentials and will use that rotation method unless otherwise configured

hashtag
Set the record Password to the match account's password

Commander will use the password to login to perform the rotation

hashtag
Set the Database Name in a custom field

Create a Text type custom field labeled "cmdr:db" and fill in the name of the database to connect to.

hashtag

hashtag
Optional Custom Fields

Instead of using the fields above, custom fields can be added with the shown label

Label
Value
Comment

cmdr:plugin

mssql

Tells Commander to use Microsoft SQL Key rotation. This should be either set to the record, or supplied to the rotation command

cmdr:host

Hostname of your MSSQL server

cmdr:rules

'# uppercase, # lowercase, # numeric, # special'

(e.g. 4,6,3,8)

Password generation rules

hashtag
Record Example using Optional Fields

A Keeper Record that is setup for MSSQL rotation

hashtag
Rotate

To rotate MSSQL passwords, use the rotate command in Commander. Pass the command a record title or UID (or use --match with a regular expression to rotate several records at once)

circle-info

The plugin can be supplied to the command as shown here added to a record field, or automatically assigned based on the port number (see options above). Adding the plugin type to the record makes it possible to rotate several records at once with different plugins.

hashtag
Output

After rotation is completed, the new password will be stored in the Password field of the record

PreviousAzure PluginNextMySQL Plugin

Last updated

Was this helpful?