Parameters

Overview

Upon successful rotation of credentials on a PAM record, Keeper executes the attached Post-Rotation scripts with parameters containing information on the involved records, credentials, and user.

Parameters Definition

Parameters will be placed in a Base64 encoded JSON object and piped to the script. The following keys can be found in this JSON object:

KeyDescription

providerRecordUid

The UID of the Keeper Vault Provider record

resourceRecordUid

The UID of the Keeper Vault Resource record

userRecordUid

The UID of the Keeper Vault User record

newPassword

The new password for the User

oldPassword

The prior password for the User

user

The username for the User

records

Base64, JSON, array of record dictionaries. Additional info in the below section

Additional Info on records field

The records key value is a Base64, JSON array of dictionaries. This array will include the following data:

  • PAM Network Configuration Data

  • PAM Machine, PAM Database, or PAM Directory Record Data

    • The PAM record type is depended on the PAM record type of the administrative credential

  • Additional Record Data

    • These are the Resource Credential(s) attached to the Post Rotation Script

  • User Record Data

Each dictionary object will contain:

  • uid - The UID of the Vault record.

  • title - The title of the Vault record.

  • The rest of the dictionary will contain key/value pairs of the record's data where

    • the key will be the label of the field.

      • If the field does not contain a label, the field type will be used.

      • If the key already exists, a number will be added to the key.

    • the value will be the corresponding field value

Note: The rotationScripts field will be omitted from the data.

Since the parameters are piped to the script, the parameters will not appear on the command line.

The next section will go over how to access these parameters.

Last updated