Password Rotation
Keeper password rotation capabilities with Keeper Secrets Manager
Last updated
Was this helpful?
Keeper password rotation capabilities with Keeper Secrets Manager
Last updated
Was this helpful?
KeeperPAM Password Rotation enables customers to securely and automatically rotate credentials across cloud-based and on-premises environments, including Active Directory accounts, Windows and Linux users, database passwords, Azure IAM accounts, AWS accounts, SSH keys, and more. Adhering to Keeper’s Zero Trust and Zero Knowledge security model, this feature helps organizations mitigate risks associated with weak, reused, or long-standing credentials, as well as threats such as breaches, terminations, and dark web exposure.
Comprehensive Credential Rotation: Automate rotation for machines, service accounts, and user accounts across your infrastructure and multi-cloud environments.
Flexible Scheduling: Schedule rotations to occur at any time or trigger them on demand.
Post-Rotation Actions: Perform actions like restarting services or running other applications after rotation.
Access-Based Rotation: Automatically rotate credentials once access expires.
Secure Access Control: Control and audit access to credentials through secure sharing and compliance reporting.
Detailed Audit Logs: Track all rotation events using Keeper’s Advanced Reporting and Alerts Module (ARAM).
Automation with Keeper Commander: Leverage Keeper Commander for fully automated rotation workflows.
Rotation is performed on the Keeper Gateway and controlled through the Keeper Web Vault, Desktop App or Commander CLI.
In KeeperPAM, the way Password Rotation works is as follows:
The PAM User record holds the credential that is being rotated.
The Rotation Settings of the PAM User record references a specific PAM Machine, PAM Database or PAM Directory resource. This is the target resource where the rotation is performed.
The Keeper Gateway uses the Admin Credential associated to the PAM Machine, PAM Database or PAM Directory resource to perform the rotation with native protocols.
For AWS and Azure managed resources, Keeper uses Instance Role permission of the Gateway, or specific PAM Configuration secrets to perform the rotation with APIs.