Record Type Details for PAM Machine, Database, and Directory
When Keeper Rotation is activated on a Keeper account, Rotation record types are added to the account. Records created using these types facilitate record rotation.
The following are supported configurations for record type associated to each Device or Account type:
The following tables provides more details on each configurable field in PAM Machine, PAM Database, and PAM Directory records:
Resource Type | Sub-type | Record Type |
---|---|---|
Field | Description | Notes |
---|---|---|
Field | Description | Notes |
---|---|---|
Field | Descrpiton | Notes |
---|---|---|
Database
MySQL, MySQL Flexible
PAM Database
Database
PostgreSQL, PostgresSQL Flexible
PAM Database
Database
SQL Server
PAM Database
Database
Mongo
PAM Database
Database
MariaDB
PAM Database
Machine
Windows, macOS, Linux
PAM Machine
Machine
EC2 Instance
PAM Database
Machine
Azure VM
PAM Database
Directory
Active Directory
PAM Directory
Directory
OpenLDAP
PAM Directory
Hostname or IP Address
Address of the machine resource
Required
Port
Port to connect on. The Gateway uses this to determine connection method.
Must be a port for SSH or WinRM
Keeper expects 22, 5985, 5986, or an alternative port for SSH or WinRM specified in the PAM Configuration port mapping
Login
Admin account username
Password
Password for admin account
If Port is 22, or an alternative port mapped to ssh: Private PEM key can used instead
Private PEM Key
PEM Key for ssh connection (optional)
The key take precedence if both a key and password are provided
OS
Operating System
For human reference only. Operating system is detected during rotation
SSL Verification
Verify certificate of host when connecting with SSH
Instance Name
Azure or AWS Instance Name
Not used for rotation
Instance Id
Azure or AWS Instance ID
Not used for rotation
Provider Group
Provider Group for directories hosted in Azure
Not used for rotation
Provider Region
AWS region of hosted directory
Not used for rotation
Hostname or IP Address
Address of the Database Resource
Required
Port
Port to connect on. The Gateway uses this to determine connection method.
A Port must be provided. Standard ports are: postgresql: 5432 MySQL: 3306 Maria DB: 3306 Microsoft SQL: 1433 Oracle: 1521 Mongo DB: 27017
Use SSL
Use SSL when connecting
Login
Admin account username
Password
Admin account password
Connect Database
Database to connect to (Postgres only)
Required for connecting to Postgres, MongoDB, and MS SQL Server
Database Id
Azure or AWS Resource ID
Required for AWS and Azure rotations
Database Type
Appropriate database type from supported databases.
If a non-standard port is provided, the Database Type will be used to determine connection method.
Provider Group
Azure or AWS Provider Group
Required for Azure rotations
Provider Region
Azure or AWS Provider Region
Required for AWS rotations
Hostname or IP Address
Address of the directory resource
Required
Port
Port to connect on
Typically 389 or 636 (LDAP/LDAPS)
Use SSL
Use SSL when connecting
Login
Username of domain account with rotation privilege
Example: "administrator"
Password
Domain account password
Password is masked
Distinguished Name
Distinguished name of the domain login provided above
Example: CN=Jeff Smith,OU=Sales,DC=demo,DC=COM If left blank, defaults are attempted depending on the provider type
Directory ID
Instance ID for AD resource in Azure and AWS hosted environments
Required for Azure Active Directory and AWS Directory Service AWS Example: "d-9a423d0d3b'
Directory Type
Directory type, used for formatting of messaging
Must be Active Directory or OpenLDAP
Domain Name
domain managed by the directory
Example: some.company.com
Provider Group
Provider Group for directories hosted in Azure
Required for directories hosted in Azure
Provider Region
AWS region of hosted directory
Required for directories hosted in AWS Example: us-east-2