Management of KeeperPAM functionality including Discovery, Rotation, Connections and Tunneling
Overview
KeeperPAM including discovery, password rotation, PAM Configuration and Keeper Gateway configuration can be controlled and managed through Commander using the pam command and sub-commands. These commands support the Password Rotation capabilities of Keeper Secrets Manager.
pam command
command: pam
Detail: Perform KeeperPAM controls.
My Vault> pam --help
pam command [--options]
Command Description
--------- -----------------------------
gateway Manage Gateways
config Manage PAM Configurations
rotation Manage Rotations
action Execute action on the Gateway
tunnel Manage Tunnels
Sub-Command: gateway
Detail: View, create and remove Keeper Gateway services. To learn more about the Keeper Gateway click here.
My Vault> pam gateway help
pam command [--options]
Command Description
--------- ------------------
list List Gateways
new Create new Gateway
remove Remove Gateway
Sub-Command: config
Detail: View, create, edit and remove Keeper PAM Configurations. To learn more about PAM Configurations and Keeper rotation capabilities, read the Password Rotation documentation.
My Vault> pam config help
pam command [--options]
Command Description
--------- -------------------------------------------------------------
new Create new PAM Configuration
edit Edit PAM Configuration
list List available PAM Configurations associated with the Gateway
remove Remove a PAM Configuration
Sub-Command: rotation
Detail: View and create Keeper Rotation configuration for records. To learn more about PAM Configurations and Keeper rotation capabilities, read the Password Rotation documentation. For detailed command information, use the -help option.
My Vault> pam rotation help
pam command [--options]
Command Description
--------- -----------------------------------
set Set Record Rotation Configuration
list List Record Rotation Configurations
info Get Rotation Info
script Add, delete, or edit script field
new
My Vault> pam rotation set --help
usage: pam rotation set [-h] (--record RECORD_NAME | --folder FOLDER_NAME) [--config CONFIG_UID] [--resource RESOURCE_UID] [--schedulejson SCHEDULE_JSON_DATA | --schedulecron SCHEDULE_CRON_DATA | --on-demand] [--complexity PWD_COMPLEXITY]
[--enable | --disable]
options:
-h, --help show this help message and exit
--record RECORD_NAME Record UID or Name that will be rotated manually or via schedule
--folder FOLDER_NAME Folder UID or name that holds records to be rotated manually or via schedule
--config CONFIG_UID, -c CONFIG_UID
UID of the PAM Configuration.
--resource RESOURCE_UID, -rs RESOURCE_UID
UID of the resource recourd.
--schedulejson SCHEDULE_JSON_DATA, -sj SCHEDULE_JSON_DATA
Json of the scheduler. Example: -sj '{"type": "WEEKLY", "utcTime": "15:44", "weekday": "SUNDAY", "intervalCount": 1}'
--schedulecron SCHEDULE_CRON_DATA, -sc SCHEDULE_CRON_DATA
Cron tab string of the scheduler. Example: to run job daily at 5:56PM UTC enter following cron -sc "56 17 * * *"
--on-demand, -sm Schedule On Demand
--complexity PWD_COMPLEXITY, -x PWD_COMPLEXITY
Password complexity: length, upper, lower, digits, symbols. Ex. 32,5,5,5,5
--enable Enable rotation
--disable Disable rotation
list
My Vault> pam rotation list --help
usage: pam rotation list [-h] [--verbose]
optional arguments:
-h, --help show this help message and exit
--verbose, -v Verbose output
info
My Vault> pam rotation info --help
usage: dr-router-get-rotation-info-parser [-h] --record-uid RECORD_UID
optional arguments:
-h, --help show this help message and exit
--record-uid RECORD_UID, -r RECORD_UID
Record UID to rotate
script
My Vault> pam rotation script --help
pam command [--options]
Command Description
--------- ---------------------------------
list List script fields
add List Record Rotation Schedulers
edit Add, delete, or edit script field
delete Delete script field
Sub-Command: action
Detail: Discovery of privileged accounts through the Keeper Gateway
My Vault> pam action help
pam command [--options]
Command Description
------------ ----------------
gateway-info Info command
discover Discover command
rotate Rotate command
job-info View Job details
job-cancel View Job details
gateway-info
My Vault> pam action gateway-info --help
usage: dr-info-command [-h] [--gateway GATEWAY_UID] [--verbose]
optional arguments:
-h, --help show this help message and exit
--gateway GATEWAY_UID, -g GATEWAY_UID
Gateway UID
--verbose, -v Verbose Output
discover
My Vault> pam action discover --help
pam command [--options]
Command Description
--------- ----------------------------------
start Start a discovery process
status Status of discovery jobs
remove Cancel or remove of discovery jobs
process Process discovered items
get Get and save discovery results
rule Manage discovery rules
record Discovery record information
rotate
My Vault> pam action rotate --help
usage: dr-rotate-command [-h] --record-uid RECORD_UID
optional arguments:
-h, --help show this help message and exit
--record-uid RECORD_UID, -r RECORD_UID
Record UID to rotate
job-info
My Vault> pam action job-info --help
usage: pam-action-job-command [-h] [--gateway GATEWAY_UID] job_id
positional arguments:
job_id
optional arguments:
-h, --help show this help message and exit
--gateway GATEWAY_UID, -g GATEWAY_UID
Gateway UID. Needed only if there are more than one gateway running
job-cancel
My Vault> pam action job-cancel --help
usage: pam-action-job-command [-h] [--gateway GATEWAY_UID] job_id
positional arguments:
job_id
optional arguments:
-h, --help show this help message and exit
--gateway GATEWAY_UID, -g GATEWAY_UID
Gateway UID. Needed only if there are more than one gateway running
