Post-Rotation Scripts
Perform privileged automation tasks with Post-Rotation scripts and password rotation
Overview
Post-rotation scripts (PAM Scripts) are user-defined software programs that can perform privileged automation tasks. Scripts can be attached to any PAM resource records in the vault. Depending on the PAM record the script is attached to, the script will execute either on the Keeper Gateway, or the remote host where password rotation occurred.
The following table shows all the available PAM Records and where the attached script will execute:
PAM Configuration
Gateway
PAM Machine
The Machine specified in the record
PAM Database
Gateway
PAM Directory
Gateway
PAM User
Gateway
Order of Execution
Scripts will be executed in the following order:
Scripts attached to a PAM User Record type
Scripts attached to a PAM Machine, PAM Database, or PAM Directory Record type
Scripts attached to a PAM Configuration Record type
If multiple scripts are attached to a record, scripts will be executed in the order they appear on the PAM Record.
Common Use Cases
Here are some of the use cases made possible with Keeper Post-Rotation Scripts:
Updating dependent services or applications
Updating credentials for scheduled tasks
Revoking access to a resource
Sending notifications to team members
Propagating the password change to other systems
Any other custom privilege automation task
Documentation included
Attaching scripts to Keeper vault records
Last updated