Microsoft SQL Server Plugin
Rotate SQL Server passwords
Keeper has launched a new Password Rotation feature with Keeper Secrets Manager. This new capability is recommended for all password rotation use cases. The Documentation is linked below:
Password Rotation with Keeper Secrets Manager
This plugin allows rotating a user's password in Microsoft SQL Server
Prerequisites
Install pymssql
Prepare Records for Rotation
Create a Record for Rotation
Rotation supports legacy and typed records. If using typed record, a 'Login' type field is required. Additional fields may be added depending on the rotation type as well. See the instructions below.
See the Troubleshooting section for more information on legacy vs typed records
Set the record Login as username of the account to rotate
Set the Hostname and Port
Commander will use these settings to connect.
TIP: If the port is set to 1433, or the host begins with "mssql://" Commander will automatically recognize the record as Microsoft SQL credentials and will use that rotation method unless otherwise configured
Set the record Password to the match account's password
Commander will use the password to login to perform the rotation
Set the Database Name in a custom field
Create a Text type custom field labeled "cmdr:db" and fill in the name of the database to connect to.
Optional Custom Fields
Instead of using the fields above, custom fields can be added with the shown label
Label | Value | Comment |
---|---|---|
cmdr:plugin | mssql | Tells Commander to use Microsoft SQL Key rotation. This should be either set to the record, or supplied to the rotation command |
cmdr:host | Hostname of your MSSQL server | |
cmdr:rules | '# uppercase, # lowercase, # numeric, # special' (e.g. 4,6,3,8) | Password generation rules |
Record Example using Optional Fields
Rotate
To rotate MSSQL passwords, use the rotate
command in Commander. Pass the command a record title or UID (or use --match
with a regular expression to rotate several records at once)
The plugin can be supplied to the command as shown here added to a record field, or automatically assigned based on the port number (see options above). Adding the plugin type to the record makes it possible to rotate several records at once with different plugins.
Output
After rotation is completed, the new password will be stored in the Password
field of the record
Last updated