Quick Start: Sandbox

Quickly and easily get started with a pre-configured PAM setup in your vault

Quick Start Wizard

To learn some KeeperPAM basics, we have created a wizard that is integrated into the Vault. If you select the Docker install method, this wizard will create all the necessary vault records, configurations and a customized Docker Compose file for quickly standing up a sandbox environment in less than 3 minutes.

1

Activate KeeperPAM

  • Login to the Admin Console in your region:

Region
URL

US

https://keepersecurity.com/console

EU

https://keepersecurity.eu/console

AU

https://keepersecurity.com.au/console

JP

https://keepersecurity.jp/console

GOV

https://govcloud.keepersecurity.us/console

  • Under Admin > Roles, create a new role for PAM or modify an existing role

  • Go to Enforcement Policies and open the "Privilege Access Manager" section.

  • Enable all the PAM enforcement policies

  • Ensure you are assigned to this role

2

Run the New Gateway Wizard

  • Login to the Keeper Vault. If the policies are active, you'll see a Secrets Manager tab on the left side.

  • Click on Create New > Gateway

  • Enter a name for the project, such as "My Infrastructure Demo"

  • Select Docker for the gateway

  • Select "Create with example records"

  • Click Next

  • After the wizard is finished, immediately download the provided docker-compose.yml and docker-seccomp.json files.

3

Run the Docker Environment

  • Set up a VM which supports Docker. It can be a Linux instance or Windows running Docker Desktop. The instance can exist anywhere, even on your local computer.

  • If necessary, Install Docker per the Docker installation instructions.

  • Transfer the Docker Compose and Seccomp files from Step 2 to the VM.

  • Run docker compose up -d from the folder where the files are saved.

    • You may need to use a dash, e.g. docker-compose up -d depending on the VM

4

Test some PAM features

  • You can now instantly connect to any of the resources by clicking "Launch" from the record detail view.

  • The MySQL account, SSH password and SSH key can be rotated by clicking "Rotate" from the record detail within the Users folder.

  • Note: Remote Browser Isolation won't work on some ARM processors

Records Created

The wizard will create the following in your vault:

  • A folder containing Resources and Users in separate shared folders

  • A MySQL database

  • A Linux machine with VNC connection to the desktop UI

  • A Linux machine with SSH connection using an SSH Key

  • A Linux machine with SSH connection using a password

  • A Linux machine with RDP connection to the desktop UI

  • A Remote Browser Isolation session to bing.com

  • A Secrets Manager Application and PAM Configuration with all PAM features enabled

  • A Keeper Gateway ready to initialize

Quick Start Video

We've created a helpful Keeper 101 video to set up your sandbox environment:

Screenshots

Below are screenshots of the Quick Start Wizard from start to finish.

Create a Gateway
Creating the New Project and Gateway
Building the Gateway
Gateway Created with Sample Records
Download the Docker Compose and Seccomp Files
Docker running the Gateway and Sandbox Infrastructure
SSH Machine Example
Launching a Connection
Connecting to a Linux machine with SSH
Connecting to a virtual Linux machine over VNC
Connecting to a web application
PreviousSetup StepsNextGetting Started

Last updated

Was this helpful?