Attaching Post Rotation Scripts to Records
Overview
Post Rotation scripts can be attached to any of the PAM Record Types. Depending on the PAM record the script is attached to, the script will run either on the gateway, or the remote host where rotation occurred.
The following table shows all the available PAM Records and where the attached script will execute:
Record Type | Attached Post Execution Script will execute on |
---|---|
PAM Configuration | Gateway |
PAM Machine | The Machine specified in record |
PAM Database | Gateway |
PAM Directory | Gateway |
PAM User | Gateway |
Order of Execution
Scripts will be executed in the following order:
Scripts attached to User Record types
Scripts attached to PAM Machine, PAM Database, or PAM Directory Record types
Scripts attached to PAM Network Configuration Record types
If multiple scripts are attached to a record, scripts will be executed in the order they're in on the PAM Record
Attaching Post Rotation Scripts
When creating or editing a PAM record, towards the bottom, there is a Add PAM Script button:
Clicking on Add PAM Script will allow you to:
Browse locally and choose your Rotation Script(s). [Required]
Add additional Resource Credential(s). This is to add additional records which contains the necessary credentials required to execute the attached post rotation script(s). [Optional]
Specify a custom command to executed. In the below screenshot, I attached a python script (
postRotationTest.py
) and specified the command to be used to execute the python script. [Optional]
Multiple Scripts can be attached to a record.
After successfully selecting the script(s), the record will be updated to show the attached Post Rotation scripts:
Click Save to create or update the record. Attached Post Rotation Scripts can be deleted or edited by clicking on their respective inline icons.
Last updated