Overview

In this example, you'll learn how to configure a MySQL DB in your Keeper Vault as a PAM Database record.

Prerequisites

Prior to proceeding with this guide, make sure you have

PAM Database Record

Databases such as a MySQL DB can be configured on the PAM Database record type.

Creating a PAM Database

To create a PAM Database:

• Click on Create New

• Depending on your use case, click on "Rotation", "Tunnel", or "Connection"

• On the prompted window:

Configure a MySQL Database on the PAM Database Record

Suppose I have a database with the hostname "db-mysql-1", the following table lists all the configurable fields and their respective values:

Configuring PAM Settings on the PAM Database

On the "PAM Settings" section of the vault record, you can configure the KeeperPAM Connection and Tunnel settings and link a PAM User credential for performing rotations and connections. Tunnels do not require a linked credential. The following table lists all the configurable fields and their respective values for the MySQL Database:

Administrative Credential Record

The Admin Credential Record in the PAM Database links a user to the PAM Database record in your Keeper Vault. This linked user is used for authenticating the connection when clicking "Launch".

User Accounts are configured on the PAM User record. Visit this for more information.

Setting a Non Admin User as the Administrative Credential Record

If you prefer not to authenticate a connection using the admin credential, you can optionally designate a regular user of the resource as the admin credential.

Sharing PAM Database Records

PAM Database records can be shared with other Keeper users within your organization. However, the recipient must be assigned to a role with the appropriate PAM enforcement policies in place to utilize KeeperPAM features.

When sharing a PAM Database record, the linked admin credentials will not be shared. For example, if the PAM Database is configured with a MySQL Database, the recipient can connect to the database without having direct access to the linked credentials.

• Learn more about

Setup Complete

The MySQL Database record is set up. The user with the ability to launch connections can now launch an interactive MySQL connection or tunnel to the target database.

Overview

In this example, you'll learn how to configure a Microsoft SQL Server DB in your Keeper Vault as a PAM Database record.

Prerequisites

Prior to proceeding with this guide, make sure you have

PAM Database Record

Databases such as a Microsoft SQL Server DB can be configured on the PAM Database record type.

Creating a PAM Database

To create a PAM Database:

• Click on Create New

• Depending on your use case, click on "Rotation", "Tunnel", or "Connection"

• On the prompted window:

Configure a Microsoft SQL Server Database on the PAM Database Record

Suppose I have a database with the hostname "db-mssql-1", the following table lists all the configurable fields and their respective values:

Configuring PAM Settings on the PAM Database

On the "PAM Settings" section of the vault record, you can configure the KeeperPAM Connection and Tunnel settings and link a PAM User credential for performing rotations and connections. Tunnels do not require a linked credential. The following table lists all the configurable fields and their respective values for the Microsoft SQL Database:

Administrative Credential Record

The Admin Credential Record in the PAM Database links a user to the PAM Database record in your Keeper Vault. This linked user is used for authenticating the connection when clicking "Launch".

User Accounts are configured on the PAM User record. Visit this for more information.

Setting a Non Admin User as the Administrative Credential Record

If you prefer not to authenticate a connection using the admin credential, you can optionally designate a regular user of the resource as the admin credential.

Sharing PAM Database Records

PAM Database records can be shared with other Keeper users within your organization. However, the recipient must be assigned to a role with the appropriate PAM enforcement policies in place to utilize KeeperPAM features.

When sharing a PAM Database record, the linked admin credentials will not be shared. For example, if the PAM Database is configured with a Microsoft SQL Database, the recipient can connect to the database without having direct access to the linked credentials.

• Learn more about

Setup Complete

The Microsoft SQL Database record is set up. The user with the ability to launch connections can now launch an interactive SQL connection or tunnel to the target database.

Overview

In your Keeper Vault, the following assets can be configured on the PAM Database record type:

This guide will cover the PAM Database Record type in more details.

Features Available

The PAM Database resource supports the following features:

• Password rotation

• Zero-trust Connections

• TCP Tunnels

• Graphical session recording

Creating a PAM Database

Prior to creating a PAM Database, make sure you have already created a PAM Configuration. The PAM Configuration contains information of your target infrastructure while the PAM Database contains information about the target database, such as the hostname, type (MySQL, PostgreSQL, etc) and port number.

To create a PAM Database:

• Click on Create New

• Depending on your use case, click on "Rotation", "Tunnel", or "Connection"

• On the prompted window:

PAM Database Record Type Fields

The following table lists all the configurable fields on the PAM Database Record Type:

PAM Settings and Administrative Credentials

On the "PAM Settings" section of the vault record, you can configure the KeeperPAM Connection and Tunnel settings and link a PAM User credential for performing rotations and connections. Tunnels do not require a linked credential.

PAM Settings

Below is an example of a PAM Database record with Connections and Tunnels activated.

Examples

Visit the following pages to set up:

Overview

In this example, you'll learn how to configure a PostgreSQL DB in your Keeper Vault as a PAM Database record.

Prerequisites

Prior to proceeding with this guide, make sure you have

PAM Database Record

Databases such as a PostgreSQL DB can be configured on the PAM Database record type.

Creating a PAM Database

To create a PAM Database:

• Click on Create New

• Depending on your use case, click on "Rotation", "Tunnel", or "Connection"

• On the prompted window:

Configure a PostgreSQL Database on the PAM Database Record

Suppose I have a database with the hostname "db-postgres-1", the following table lists all the configurable fields and their respective values:

Configuring PAM Settings on the PAM Database

On the "PAM Settings" section of the vault record, you can configure the KeeperPAM Connection and Tunnel settings and link a PAM User credential for performing rotations and connections. Tunnels do not require a linked credential. The following table lists all the configurable fields and their respective values for the PostgreSQL Database:

Administrative Credential Record

The Admin Credential Record in the PAM Database links a user to the PAM Database record in your Keeper Vault. This linked user is used for authenticating the connection when clicking "Launch".

User Accounts are configured on the PAM User record. Visit this for more information.

Setting a Non Admin User as the Administrative Credential Record

If you prefer not to authenticate a connection using the admin credential, you can optionally designate a regular user of the resource as the admin credential.

Sharing PAM Database Records

PAM Database records can be shared with other Keeper users within your organization. However, the recipient must be assigned to a role with the appropriate PAM enforcement policies in place to utilize KeeperPAM features.

When sharing a PAM Database record, the linked admin credentials will not be shared. For example, if the PAM Database is configured with a PostgreSQL Database, the recipient can connect to the database without having direct access to the linked credentials.

• Learn more about

Setup Complete

The PostgreSQL Database record is set up. The user with the ability to launch connections can now launch an interactive PostgreSQL connection or tunnel to the target database.