search

Example: PostgreSQL Database

Configuring PostgreSQL DB as a PAM Database Record

hashtag
Overview

In this example, you'll learn how to configure a PostgreSQL DB in your Keeper Vault as a PAM Database record.

hashtag
Prerequisites

Prior to proceeding with this guide, make sure you have

  1. Installed and configured the Keeper Gateway

  2. Set up a PAM Configuration for your target Environment

hashtag
PAM Database Record

Databases such as a PostgreSQL DB can be configured on the PAM Database record type.

hashtag
Creating a PAM Database

To create a PAM Database:

  • Click on Create New

  • Depending on your use case, click on "Rotation", "Tunnel", or "Connection"

  • On the prompted window:

    • Select "New Record"

    • Select the Shared Folder you want the record to be created in

    • Specify the Title

    • Select "Database" for the Target

  • Click "Next" and complete all of the required information.

PostgreSQL PAM Database Record

hashtag
Configure a PostgreSQL Database on the PAM Database Record

Suppose I have a database with the hostname "db-postgres-1", the following table lists all the configurable fields and their respective values:

Field
Description
Value

Title (Required)

Title of the PAM Database Record

PostgreSQL Database - postgresuser

Hostname or IP Address (Required)

Address or RDP endpoint or Server name of the Database Resource

db-postgres-1

Port (Required)

Port to connect to the PostgreSQL DB Resource

5432

Use SSL (Required)

Check to perform SSL verification before connecting, if your database has SSL configured

Enabled

Database ID

Azure or AWS Resource ID (if applicable)

Required if a managed AWS or Azure Database

Database Type

Appropriate database type from supported databases.

postgresql

Provider Group

Azure or AWS Provider Group

Required if a managed AWS or Azure Database

Provider Region

Azure or AWS Provider Region

Required if a managed AWS or Azure Database

hashtag
Configuring PAM Settings on the PAM Database

On the "PAM Settings" section of the vault record, you can configure the KeeperPAM Connection and Tunnel settings and link a PAM User credential for performing rotations and connections. Tunnels do not require a linked credential. The following table lists all the configurable fields and their respective values for the PostgreSQL Database:

Field
Description
Required

PAM Configuration

Associated PAM Configuration record which defines the environment

Required - This is the PAM configuration you created in the prerequisites

Administrative Credential Record

Linked PAM User credential used for connection and administrative operations

Required Visit this section for more details

Protocol

Native database protocol used for connecting from the Gateway to the target

Required - for this example: "PostgreSQL"

Session Recording

Options for recording sessions and typescripts

See session recording

Connection Parameters

Connection-specific protocol settings which can vary based on the protocol type

See this section for PostgreSQL protocol settings We recommend specifying the Connection Port at a minimum. E.g. "5432" for PostgreSQL.

hashtag
Administrative Credential Record

The Admin Credential Record in the PAM Database links a user to the PAM Database record in your Keeper Vault. This linked user is used for authenticating the connection when clicking "Launch".

User Accounts are configured on the PAM User record. Visit this page for more information.

Administrative Credential Record

hashtag
Setting a Non Admin User as the Administrative Credential Record

If you prefer not to authenticate a connection using the admin credential, you can optionally designate a regular user of the resource as the admin credential.

hashtag
Sharing PAM Database Records

PAM Database records can be shared with other Keeper users within your organization. However, the recipient must be assigned to a role with the appropriate PAM enforcement policies in place to utilize KeeperPAM features.

When sharing a PAM Database record, the linked admin credentials will not be shared. For example, if the PAM Database is configured with a PostgreSQL Database, the recipient can connect to the database without having direct access to the linked credentials.

Sharing a PostgreSQL Database Record

hashtag
Setup Complete

The PostgreSQL Database record is set up. The user with the ability to launch connections can now launch an interactive PostgreSQL connection or tunnel to the target database.

Launching interactive CLI session to PostgreSQL
Interactive Connection to PostgreSQL Database

PreviousExample: MySQL DatabaseNextExample: Microsoft SQL Server Database

Last updated

Was this helpful?