Static Tokens
Using the integration between Connection Manager and Vault with static field lookups

Static Tokens

Connection Manager supports configuring custom static tokens which can correspond to a specific field of a specific Keeper Vault record contained within the Shared Folder. These static tokens must be specified in either the Docker compose or directly in the guacamole configuration file, depending on the installation method of the platform. In most cases, the Dynamic Tokens are a preferable method of integration.

Simple Docker Install Method

If you installed Keeper Connection Manager using the Simple Docker Install method, you will need to modify the auto-generated Docker Compose file to define your static tokens.
As root, edit the /etc/kcm-setup/docker-compose.yml file.
Edit the "environment" section underneath the "guacamole" docker image. Insert an environmental variable called KSM_TOKEN_MAPPING that includes a multi-line definition of your custom tokens. In the example below, there are 3 custom tokens for specific fields within the Keeper vault shared folder. The token syntax is using Keeper Notation.
1
guacamole:
2
image: xxx
3
restart: unless-stopped
4
volumes:
5
- common-storage:/var/lib/guacamole
6
environment:
7
ACCEPT_EULA: "Y"
8
GUACD_HOSTNAME: "guacd"
9
MYSQL_HOSTNAME: "db"
10
MYSQL_DATABASE: "guacamole_db"
11
MYSQL_USERNAME: "guacamole_user"
12
MYSQL_PASSWORD: "xxxxxxx"
13
KSM_CONFIG: "xxxxxxx"
14
KSM_TOKEN_MAPPING: |
15
MY_CUSTOM_SECRET: keeper://cps2OgKHpFQ8Ye30L9587w/field/password
16
MY_OTHER_CUSTOM_SECRET: keeper://sS6jDVv0HoM0yGMU4OaOAw/file/linuxssoconnect.pem
17
RDP_INITIAL_PROGRAM: keeper://cps2OgKHpFQ8Ye30L9587w/custom_field/program
Copied!
Once the file changes have been saved, update the containers:
1
$ sudo ./kcm.run upgrade
Copied!

Custom Docker Install Method

Edit your docker-compose.yml file. Look for the "guacamole" docker image and the "environment" section which defines environmental variables.
Insert an environmental variable called KSM_TOKEN_MAPPING that includes a multi-line definition of your custom tokens. In the example below, there are 3 custom tokens for specific fields within the Keeper vault shared folder. The token syntax is using Keeper Notation.
1
guacamole:
2
image: xxx
3
environment:
4
ACCEPT_EULA: "Y"
5
GUACD_HOSTNAME: "guacd"
6
MYSQL_HOSTNAME: "db"
7
MYSQL_DATABASE: "guacamole_db"
8
MYSQL_USERNAME: "guacamole_user"
9
MYSQL_PASSWORD: "xxxxxxx"
10
KSM_CONFIG: "xxx"
11
KSM_TOKEN_MAPPING: |
12
MY_CUSTOM_SECRET: keeper://cps2OgKHpFQ8Ye30L9587w/field/password
13
MY_OTHER_CUSTOM_SECRET: keeper://sS6jDVv0HoM0yGMU4OaOAw/file/linuxssoconnect.pem
14
RDP_INITIAL_PROGRAM: keeper://cps2OgKHpFQ8Ye30L9587w/custom_field/program
Copied!
Once the file changes have been saved, update the containers:
1
sudo su
2
docker-compose up -d
Copied!

Advanced Linux Install Method

To configure custom tokens, add this YAML file to your guacamole configuration files: /etc/guacamole/ksm-token-mapping.yml
In this file, create the tokens that you would like to use and identify what secrets each token corresponds to using Keeper Notation.
Example mapping file:
ksm-token-mapping.yml
1
MY_CUSTOM_SECRET: keeper://cps2OgKHpFQ8Ye30L9587w/field/password
2
MY_OTHER_CUSTOM_SECRET: keeper://sS6jDVv0HoM0yGMU4OaOAw/file/linuxssoconnect.pem
3
RDP_INITIAL_PROGRAM: keeper://cps2OgKHpFQ8Ye30L9587w/custom_field/program
Copied!
Then, restart the guacamole process as you typically would.
1
$ sudo systemctl restart guacamole
Copied!

Custom Token Usage

When using custom tokens, the records can be setup in any way. Keeper notation in the mapping file can identify any specified field.
The tokens can then be used with the ${XXX} format within the Connection Manager parameters screen. A couple of examples are seen below:
Example of Custom Tokens
Example of Custom Tokens
The records must be in the shared folder that your Secrets Manager Application has access to.