# Custom and Community Plugins ### Available Custom Plugins In addition to built-in integrations, you can use custom plugins for additional services. Keeper maintains a repository of community-contributed plugins: **GitHub Repository:** [discovery-and-rotation-saas-dev](https://github.com/Keeper-Security/discovery-and-rotation-saas-dev) Check the `integrations/` folder for available plugins, which may include: * Additional cloud services * Database systems * Network equipment * Custom enterprise applications ## Using Custom Plugins To use custom plugins in your environment: ### **1. Set Up Plugin Directory** Configure your PAM Gateway to recognize custom plugins: ```bash # Set the plugin directory path on your PAM Configuration record record-update -r PAM_CONFIG_RECORD_UID "text.SaaS Plugins Dir=/path/to/plugins" ``` ### **2. Deploy Plugin Files** Copy the plugin Python files to your configured directory: ```bash # Create plugin directory mkdir /opt/keeper/saas_plugins # Copy plugin files from the repository cp custom_plugin.py /opt/keeper/saas_plugins/ ``` ### **3. Docker Container Setup** If using Docker, mount the plugin directory: ```yaml # docker-compose.yml services: keeper-gateway: image: keeper/gateway:preview volumes: - ./saas_plugins:/opt/keeper/saas_plugins environment: GATEWAY_CONFIG: YOUR_GATEWAY_CONFIG_UID ``` Update the PAM configuration to use the container path: ```bash record-update -r PAM_CONFIG_RECORD_UID "text.SaaS Plugins Dir=/opt/keeper/saas_plugins" ``` ### **4. Configure Plugin Access (If Required)** Some plugins may need access to your PAM configuration credentials (e.g., for AWS or Azure integration). Grant access by adding the plugin name to the allow list: ```bash record-update -r PAM_CONFIG_RECORD_UID "multiline.Allow SaaS Access=Custom Plugin Name\nAnother Plugin" ``` *** ## Developing Custom Plugins If you need a plugin for a service not currently available, you can develop your own using the development environment provided in the repository. The repository includes: * Development and testing tools * Example plugins and templates * API documentation * Testing framework Visit the [repository README](https://github.com/Keeper-Security/discovery-and-rotation-saas-dev) for detailed development instructions. To contribute to the community rotation plugin directory, submit a pull request. ### Best Practices #### Security Considerations * Use dedicated service accounts with minimal required permissions for SaaS integrations * Regularly rotate API keys and tokens used in SaaS configurations * Test rotations in a development environment before production deployment * Monitor rotation logs for failures or authentication issues #### Configuration Management * Store SaaS configurations in dedicated shared folders for better organization * Use descriptive names for configuration records (e.g., "Okta Production", "Snowflake Dev") * Document any custom field requirements for team members * Regularly review and update SaaS rotation assignments #### Troubleshooting * Check Gateway logs for detailed error messages during rotations * Verify API credentials and permissions in your SaaS applications * Ensure network connectivity between Gateway and target services * Test individual SaaS configurations before associating with multiple users ### Support and Resources * **Built-in SaaS Types:** Supported through standard Keeper support channels * **Custom Plugins:** Community support via GitHub repository issues * **Development Questions:** Refer to repository documentation and examples * **Enterprise Support:** Contact your Keeper representative for assistance with custom integrations For the most up-to-date list of available plugins and integration examples, regularly check the [GitHub repository](https://github.com/Keeper-Security/discovery-and-rotation-saas-dev). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.keeper.io/keeperpam/privileged-access-manager/password-rotation/rotation-use-cases/saas-plugins/custom-and-community-plugins.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.