KeeperPAMコマンド

検出、パスワードローテーション、接続、トンネル接続などのKeeperPAM機能の管理

概要

KeeperPAMでは、検出、パスワードローテーション、PAM設定、Keeper Gateway設定が可能であり、コマンダーからpamコマンドとサブコマンドを使用して制御および管理できます。これらのコマンドは、Keeperシークレットマネージャーのパスワードローテーション機能をサポートしています。

pamコマンド

コマンド: pam

詳細: KeeperPAMの制御を行います。

My Vault> pam --help
pam command [--options]

Command    Description
---------  -----------------------------
gateway    Manage Gateways
config     Manage PAM Configurations
rotation   Manage Rotations
action     Execute action on the Gateway
tunnel     Manage Tunnels

サブコマンド: gateway

詳細: Keeperゲートウェイサービスを表示、作成、削除します。Keeperゲートウェイの詳細については、こちらのページご参照ください。

My Vault> pam gateway help
pam command [--options]

Command    Description
---------  ------------------
list       List Gateways
new        Create new Gateway
remove     Remove Gateway

サブコマンド: config

詳細: Keeper PAMの設定を表示、作成、編集、削除します。PAM設定とKeeperのローテーション機能の詳細については、パスワードローテーションのページをご参照ください。

My Vault> pam config help
pam command [--options]

Command    Description
---------  -------------------------------------------------------------
new        Create new PAM Configuration
edit       Edit PAM Configuration
list       List available PAM Configurations associated with the Gateway
remove     Remove a PAM Configuration

サブコマンド: rotation

詳細: レコードのKeeperローテーションの設定を表示および作成します。PAM設定とKeeperのローテーション機能の詳細は、パスワードローテーションのページをご参照ください。コマンドの詳細については、-helpオプションをご利用ください。

My Vault> pam rotation help
pam command [--options]

Command    Description
---------  -----------------------------------
set        Set Record Rotation Configuration
list       List Record Rotation Configurations
info       Get Rotation Info
script     Add, delete, or edit script field

new

My Vault> pam rotation set --help                                                                                                                                                                                          
usage: pam rotation set [-h] (--record RECORD_NAME | --folder FOLDER_NAME) [--config CONFIG_UID] [--resource RESOURCE_UID] [--schedulejson SCHEDULE_JSON_DATA | --schedulecron SCHEDULE_CRON_DATA | --on-demand] [--complexity PWD_COMPLEXITY]
                        [--enable | --disable]

options:
  -h, --help            show this help message and exit
  --record RECORD_NAME  Record UID or Name that will be rotated manually or via schedule
  --folder FOLDER_NAME  Folder UID or name that holds records to be rotated manually or via schedule                        
  --config CONFIG_UID, -c CONFIG_UID
                        UID of the PAM Configuration.
  --resource RESOURCE_UID, -rs RESOURCE_UID
                        UID of the resource recourd.
  --schedulejson SCHEDULE_JSON_DATA, -sj SCHEDULE_JSON_DATA
                        Json of the scheduler. Example: -sj '{"type": "WEEKLY", "utcTime": "15:44", "weekday": "SUNDAY", "intervalCount": 1}'
  --schedulecron SCHEDULE_CRON_DATA, -sc SCHEDULE_CRON_DATA
                        Cron tab string of the scheduler. Example: to run job daily at 5:56PM UTC enter following cron -sc "56 17 * * *"
  --on-demand, -sm      Schedule On Demand
  --complexity PWD_COMPLEXITY, -x PWD_COMPLEXITY
                        Password complexity: length, upper, lower, digits, symbols. Ex. 32,5,5,5,5
  --enable              Enable rotation
  --disable             Disable rotation

list

My Vault> pam rotation list --help
usage: pam rotation list [-h] [--verbose]

optional arguments:
  -h、--help     show this help message and exit
  --verbose、-v  Verbose output

info

My Vault> pam rotation info --help 
usage: dr-router-get-rotation-info-parser [-h] --record-uid RECORD_UID

optional arguments:
  -h、--help            show this help message and exit
  --record-uid RECORD_UID, -r RECORD_UID
                        Record UID to rotate

script

My Vault> pam rotation script --help
pam command [--options]

Command    Description
---------  ---------------------------------
list       List script fields
add        List Record Rotation Schedulers
edit       Add, delete, or edit script field
delete     Delete script field

サブコマンド: action

詳細: Keeperゲートウェイを介して特権アカウントを検出

My Vault> pam action help
pam command [--options]

Command              Description
-------------------  ----------------
gateway-info         Info command
unreleased-discover  Discover command
rotate               Rotate command
job-info             View Job details
job-cancel           View Job details

gateway-info

My Vault> pam action gateway-info --help
usage: dr-info-command [-h] [--gateway GATEWAY_UID] [--verbose]

optional arguments:
  -h、--help            show this help message and exit
  --gateway GATEWAY_UID, -g GATEWAY_UID
                        Gateway UID
  --verbose、-v         Verbose Output

discover

My Vault> pam action discover --help
pam command [--options]

Command    Description
---------  ----------------------------------
start      Start a discovery process
status     Status of discovery jobs
remove     Cancel or remove of discovery jobs
process    Process discovered items
get        Get and save discovery results
rule       Manage discovery rules
record     Discovery record information

rotate

My Vault> pam action rotate --help
usage: dr-rotate-command [-h] --record-uid RECORD_UID

optional arguments:
  -h、--help            show this help message and exit
  --record-uid RECORD_UID, -r RECORD_UID
                        Record UID to rotate

job-info

My Vault> pam action job-info --help
usage: pam-action-job-command [-h] [--gateway GATEWAY_UID] job_id

positional arguments:
  job_id

optional arguments:
  -h、--help            show this help message and exit
  --gateway GATEWAY_UID, -g GATEWAY_UID
                        Gateway UID.Needed only if there are more than one gateway running

job-cancel

My Vault> pam action job-cancel --help
usage: pam-action-job-command [-h] [--gateway GATEWAY_UID] job_id

positional arguments:
  job_id

optional arguments:
  -h、--help            show this help message and exit
  --gateway GATEWAY_UID, -g GATEWAY_UID
                        Gateway UID.Needed only if there are more than one gateway running

最終更新