Upon successful rotation of credentials on a PAM record, Keeper executes the attached Post-Rotation scripts with parameters containing information on the involved records, credentials, and user.
Parameters will be placed in a Base64 encoded JSON object and piped to the script. The following keys can be found in this JSON object:
records
fieldThe records key value is a Base64, JSON array of dictionaries. This array will include the following data:
PAM Network Configuration Data
PAM Machine, PAM Database, or PAM Directory Record Data
The PAM record type is depended on the PAM record type of the administrative credential
Additional Record Data
These are the Resource Credential(s) attached to the Post Rotation Script
User Record Data
Each dictionary object will contain:
uid
- The UID of the Vault record.
title
- The title of the Vault record.
The rest of the dictionary will contain key/value pairs of the record's data where
the key will be the label of the field.
If the field does not contain a label, the field type will be used.
If the key already exists, a number will be added to the key.
the value will be the corresponding field value
Note: The rotationScripts
field will be omitted from the data.
Since the parameters are piped to the script, the parameters will not appear on the command line.
The next section will go over how to access these parameters.
Key | Description |
---|---|
providerRecordUid
The UID of the Keeper Vault Provider record
resourceRecordUid
The UID of the Keeper Vault Resource record
userRecordUid
The UID of the Keeper Vault User record
newPassword
The new password for the User
oldPassword
The prior password for the User
user
The username for the User
records
Base64, JSON, array of record dictionaries. Additional info in the below section