Example: MySQL Database
Configuring MySQL DB as a PAM Database Record
Overview
In this example, you'll learn how to configure a MySQL DB in your Keeper Vault as a PAM Database record.
Prerequisites
Prior to proceeding with this guide, make sure you have
PAM Database Record
Databases such as a MySQL DB can be configured on the PAM Database record type.
Creating a PAM Database
To create a PAM Database:
Click on Create New
Depending on your use case, click on "Rotation", "Tunnel", or "Connection"
On the prompted window:
Select "New Record"
Select the Shared Folder you want the record to be created in
Specify the Title
Select "Database" for the Target
Click "Next" and complete all of the required information.
Configure a MySQL Database on the PAM Database Record
Suppose I have a database with the hostname "db-mysql-1", the following table lists all the configurable fields and their respective values:
Title (Required)
Title of the PAM Database Record
Local MySQL Database
Hostname or IP Address (Required)
Address or RDP endpoint or Server name of the Database Resource
db-mysql-1
Port (Required)
Port to connect to the Database Resource
3306
Use SSL (Required)
Check to perform SSL verification before connecting, if your database has SSL configured
Enabled
Database ID
Azure or AWS Resource ID (if applicable)
Required if a managed AWS or Azure Database
Database Type
Appropriate database type from supported databases.
mysql
Provider Group
Azure or AWS Provider Group
Required if a managed AWS or Azure Database
Provider Region
Azure or AWS Provider Region
Required if a managed AWS or Azure Database
Configuring PAM Settings on the PAM Database
On the "PAM Settings" section of the vault record, you can configure the KeeperPAM Connection and Tunnel settings and link a PAM User credential for performing rotations and connections. Tunnels do not require a linked credential. The following table lists all the configurable fields and their respective values for the MySQL Database:
PAM Configuration
Associated PAM Configuration record which defines the environment
Required - This is the PAM configuration you created in the prerequisites
Administrative Credential Record
Linked PAM User credential used for connection and administrative operations
Required Visit this section for more details
Protocol
Native database protocol used for connecting from the Gateway to the target
Required - for this example: "MySQL"
Connection Parameters
Connection-specific protocol settings which can vary based on the protocol type
See this section for MySQL protocol settings We recommend specifying the Connection Port at a minimum. E.g. "3306" for MySQL.
Administrative Credential Record
The Admin Credential Record in the PAM Database links a user to the PAM Database record in your Keeper Vault. This linked user is used for authenticating the connection when clicking "Launch".
User Accounts are configured on the PAM User record. Visit this page for more information.
Setting a Non Admin User as the Administrative Credential Record
If you prefer not to authenticate a connection using the admin credential, you can optionally designate a regular user of the resource as the admin credential.
Sharing PAM Database Records
PAM Database records can be shared with other Keeper users within your organization. However, the recipient must be assigned to a role with the appropriate PAM enforcement policies in place to utilize KeeperPAM features.
When sharing a PAM Database record, the linked admin credentials will not be shared. For example, if the PAM Database is configured with a MySQL Database, the recipient can connect to the database without having direct access to the linked credentials.
Learn more about Sharing and Access Control
Setup Complete
The MySQL Database record is set up. The user with the ability to launch connections can now launch an interactive MySQL connection or tunnel to the target database.
