# Microsoft SQL Server Plugin
{% hint style="warning" %}
Keeper has also launched a zero-trust Password Rotation feature with KeeperPAM. This new capability is recommended for most password rotation use cases. The Documentation is linked below:
* [Password Rotation with KeeperPAM](https://docs.keeper.io/en/keeperpam/secrets-manager/password-rotation)
* Commander [KeeperPAM commands](https://docs.keeper.io/en/keeperpam/commander-cli/command-reference/keeperpam-commands)
{% endhint %}
This plugin allows rotating a user's password in Microsoft SQL Server
## Prerequisites
#### Install pymssql
```
pip3 install pymssql
```
## Prepare Records for Rotation
### Create a Record for Rotation
Rotation supports legacy and typed records. If using typed record, a 'Login' type field is required. Additional fields may be added depending on the rotation type as well. See the instructions below.
{% hint style="info" %}
See the [Troubleshooting ](https://docs.keeper.io/en/keeperpam/troubleshooting-commander-cli#typed-vs-untyped-records-v3-vs-v2)section for more information on legacy vs typed records
{% endhint %}
#### Set the record Login as username of the account to rotate
#### Set the Hostname and Port
Commander will use these settings to connect.
{% hint style="info" %}
TIP: If the port is set to 1433, or the host begins with "mssql://" Commander will automatically recognize the record as Microsoft SQL credentials and will use that rotation method unless otherwise configured
{% endhint %}
#### Set the record Password to the match account's password
Commander will use the password to login to perform the rotation
#### Set the Database Name in a custom field
Create a Text type custom field labeled "cmdr:db" and fill in the name of the database to connect to.
####
#### Optional Custom Fields
Instead of using the fields above, custom fields can be added with the shown label
| Label | Value | Comment |
| ----------- | ---------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------- |
| cmdr:plugin | mssql | Tells Commander to use Microsoft SQL Key rotation. This should be either set to the record, or supplied to the rotation command |
| cmdr:host | | Hostname of your MSSQL server |
| cmdr:rules | '# uppercase, # lowercase, # numeric, # special'
(e.g. 4,6,3,8)
| Password generation rules |
#### Record Example using Optional Fields
## Rotate
To rotate MSSQL passwords, use the `rotate` command in Commander. Pass the command a record title or UID (or use `--match` with a regular expression to rotate several records at once)
```
rotate "MSSQL Example" --plugin mssql
```
{% hint style="info" %}
The plugin can be supplied to the command as shown here added to a record field, or automatically assigned based on the port number (see options above).\
Adding the plugin type to the record makes it possible to rotate several records at once with different plugins.
{% endhint %}
#### Output
After rotation is completed, the new password will be stored in the `Password` field of the record