Microsoft SQL Server Plugin
Rotate SQL Server passwords
Last updated
Was this helpful?
Rotate SQL Server passwords
Last updated
Was this helpful?
Keeper has also launched a zero-trust Password Rotation feature with KeeperPAM. This new capability is recommended for most password rotation use cases. The Documentation is linked below:
Commander KeeperPAM commands
This plugin allows rotating a user's password in Microsoft SQL Server
Rotation supports legacy and typed records. If using typed record, a 'Login' type field is required. Additional fields may be added depending on the rotation type as well. See the instructions below.
See the Troubleshooting section for more information on legacy vs typed records
Commander will use these settings to connect.
TIP: If the port is set to 1433, or the host begins with "mssql://" Commander will automatically recognize the record as Microsoft SQL credentials and will use that rotation method unless otherwise configured
Commander will use the password to login to perform the rotation
Create a Text type custom field labeled "cmdr:db" and fill in the name of the database to connect to.
Instead of using the fields above, custom fields can be added with the shown label
cmdr:plugin
mssql
Tells Commander to use Microsoft SQL Key rotation. This should be either set to the record, or supplied to the rotation command
cmdr:host
Hostname of your MSSQL server
cmdr:rules
'# uppercase, # lowercase, # numeric, # special'
(e.g. 4,6,3,8)
Password generation rules
To rotate MSSQL passwords, use the rotate command in Commander. Pass the command a record title or UID (or use --match with a regular expression to rotate several records at once)
The plugin can be supplied to the command as shown here added to a record field, or automatically assigned based on the port number (see options above). Adding the plugin type to the record makes it possible to rotate several records at once with different plugins.
After rotation is completed, the new password will be stored in the Password field of the record
