Parameters
Overview
Upon successful rotation of credentials on a PAM record, Keeper executes the attached Post-Rotation scripts with parameters containing information on the involved records, credentials, and user.
Parameters Definition
Parameters will be placed in a Base64 encoded JSON object and piped to the script. The following keys can be found in this JSON object:
Key | Description |
---|---|
| The UID of the Keeper Vault Provider record |
| The UID of the Keeper Vault Resource record |
| The UID of the Keeper Vault User record |
| The new password for the User |
| The prior password for the User |
| The username for the User |
| Base64, JSON, array of record dictionaries. Additional info in the below section |
Additional Info on records
field
records
fieldThe records key value is a Base64, JSON array of dictionaries. This array will include the following data:
PAM Network Configuration Data
PAM Machine, PAM Database, or PAM Directory Record Data
The PAM record type is depended on the PAM record type of the administrative credential
Additional Record Data
These are the Resource Credential(s) attached to the Post Rotation Script
User Record Data
Each dictionary object will contain:
uid
- The UID of the Vault record.title
- The title of the Vault record.The rest of the dictionary will contain key/value pairs of the record's data where
the key will be the label of the field.
If the field does not contain a label, the field type will be used.
If the key already exists, a number will be added to the key.
the value will be the corresponding field value
Note: The rotationScripts
field will be omitted from the data.
Since the parameters are piped to the script, the parameters will not appear on the command line.
The next section will go over how to access these parameters.
Last updated