Beyond the required fields above, named fields can be used:
folder_path
title
hostname
type
username
password
user_path
SF/AD
AD
dc.com
pamDirectory
SF/Users
Admin
admin
pwd123
AD
These are fields which either apply to all objects (e.g. title) or apply automatically to specific objects (e.g. password will only apply to pamUsers).
Notes:
The type column will default to pamMachine for rows that include a hostname, and pamUser for rows that include a username and user_path.
The folder_path column only applies to the pam project extend command, and will be ignored for pam project import. See more on the subject here.
Advanced Fields
Finally, fields that apply to a resource or user object can be set with the rs and usr prefixes respectively.
With this process, an additional JSON file would be used to define the project settings, your pamDirectory record, and the default fields for your pamMachine records. The CSV would then create all resources using the pamMachine template, and all users using the pamUser template from the JSON file.
In our example, we will create a file name import_template.json, with the following content:
From the above template, replace every field labelled XXX with static information. Fields labelled xxx will be replaced by the script from the CSV data.
Your CSV would then only exclude the pamDirectory resource and user, but include any other resource and user. Default fields from the template can be overridden by columns of the CSV.
hostname
username
user_path
password
DESKTOP-001
Domain Admin
Example AD
pwd123
Local Admin
DESKTOP-001
pwd123
Run the Conversion
Download the script here and save it to a local directory.
To simplify the command to run, you can have the following files in this directory:
servers_to_import.csv
import_template.json (only needed if you want to convert from a CSV and JSON)
To run the conversion with the CSV file exclusively:
To run the conversion with both a CSV and JSON template files:
The script supports the following arguments if you want to specify the file paths or output:
--input-file: path to the CSV file.
--template-file: path to the JSON template file.
--output-file: path to the JSON output.
By default, the script will create a file called pam_import.json in the same directory which contains all of the resources to be imported into Keeper.
{
"project": "XXX:Example Project",
"shared_folder_users": {
"manage_users": true,
"manage_records": true,
"can_edit": true,
"can_share": true
},
"shared_folder_resources": {
"manage_users": true,
"manage_records": true,
"can_edit": true,
"can_share": true
},
"pam_configuration": {
"environment": "local",
"connections": "on",
"rotation": "on",
"graphical_session_recording": "on"
},
"pam_data": {
"resources": [
{
"_comment1": "Every key that starts with '_' is a comment and can be ignored or deleted",
"_comment2": "Every value that starts with uppercase 'XXX:' must be replaced with actual value (removed if not required)",
"_comment3": "Every value that starts with lowercase 'xxx:' is just a placeholder - can be replaced with anything but must be present",
"type": "pamDirectory",
"title": "XXX:Example AD",
"directory_type": "XXX:active_directory|ldap",
"host": "XXX:demo.local",
"port": "XXX:636",
"use_ssl": true,
"domain_name": "XXX:demo.local",
"pam_settings": {
"options": {
"rotation": "on",
"connections": "on",
"tunneling": "on",
"graphical_session_recording": "on"
},
"connection": {
"protocol": "rdp",
"port": "XXX:3389",
"security": "XXX:any",
"ignore_server_cert": true,
"_comment_administrative_credentials": "Must match the unique title of one of the users below",
"administrative_credentials": "XXX:DomainAdmin"
}
},
"users": [
{
"type": "pamUser",
"_comment_title": "Must match administrative_credentials above if this is the admin user",
"title": "XXX:DomainAdmin",
"_comment_login_password": "Must provide valid credentials but delete sensitive data/json after import",
"login": "XXX:[email protected]",
"password": "XXX:P4ssw0rd_123",
"rotation_settings": {
"rotation": "general",
"enabled": "on",
"schedule": {
"type": "on-demand"
}
}
}
]
},
{
"_comment4": "While pamDirectory section above is static, the pamMachine section below is dynamicly generated",
"_comment5": "One pamMachine with one pamUser will be generated per each line from the CSV file",
"_comment6": "Only one pamMachine is needed and it will be used as a template for all CSV rows",
"_comment7": "Please do NOT edit lines with xxx: in them - these are placeholders",
"_comment8": "Any other line that don't contain xxx: can be altered/added/deleted in the template",
"_comment9": "CSV Format: server_name,username,password",
"type": "pamMachine",
"_comment_title_and_host": "server value from CSV",
"title": "xxx:server1",
"host": "xxx:server1",
"port": "5986",
"ssl_verification": true,
"operating_system": "Windows",
"pam_settings": {
"options": {
"rotation": "on",
"connections": "on",
"tunneling": "on",
"graphical_session_recording": "on"
},
"connection": {
"protocol": "rdp",
"port": "3389",
"security": "any",
"ignore_server_cert": true,
"_comment_administrative_credentials": "Format: pamDirectory#title.pamDirectory#administrative_credentials - exact match needed",
"administrative_credentials": "XXX:Project1 AD.DomainAdmin"
}
},
"users": [
{
"type": "pamUser",
"_comment_title": "username value from CSV or server-username if --prefix-names option is used",
"title": "xxx:admin",
"_comment_login": "username value from CSV",
"login": "xxx:Administrator",
"_comment_password": "password value from CSV",
"password": "xxx:P4ssw0rd_123",
"rotation_settings": {
"rotation": "general",
"enabled": "on",
"schedule": {
"type": "on-demand"
}
}
}
]
}
]
}
}
