Custom and Community Plugins

Developing a custom SaaS rotation plugin for the Keeper platform

Available Custom Plugins

In addition to built-in integrations, you can use custom plugins for additional services. Keeper maintains a repository of community-contributed plugins:

GitHub Repository: discovery-and-rotation-saas-dev

Check the integrations/ folder for available plugins, which may include:

Additional cloud services
Database systems
Network equipment
Custom enterprise applications

Using Custom Plugins

To use custom plugins in your environment:

1. Set Up Plugin Directory

Configure your PAM Gateway to recognize custom plugins:

# Set the plugin directory path on your PAM Configuration record
record-update -r PAM_CONFIG_RECORD_UID "text.SaaS Plugins Dir=/path/to/plugins"

2. Deploy Plugin Files

Copy the plugin Python files to your configured directory:

# Create plugin directory
mkdir /opt/keeper/saas_plugins

# Copy plugin files from the repository
cp custom_plugin.py /opt/keeper/saas_plugins/

3. Docker Container Setup

If using Docker, mount the plugin directory:

# docker-compose.yml
services:
  keeper-gateway:
    image: keeper/gateway:preview
    volumes:
      - ./saas_plugins:/opt/keeper/saas_plugins
    environment:
      GATEWAY_CONFIG: YOUR_GATEWAY_CONFIG_UID

Update the PAM configuration to use the container path:

record-update -r PAM_CONFIG_RECORD_UID "text.SaaS Plugins Dir=/opt/keeper/saas_plugins"

4. Configure Plugin Access (If Required)

Some plugins may need access to your PAM configuration credentials (e.g., for AWS or Azure integration). Grant access by adding the plugin name to the allow list:

record-update -r PAM_CONFIG_RECORD_UID "multiline.Allow SaaS Access=Custom Plugin Name\nAnother Plugin"

Developing Custom Plugins

If you need a plugin for a service not currently available, you can develop your own using the development environment provided in the repository. The repository includes:

Development and testing tools
Example plugins and templates
API documentation
Testing framework

Visit the repository README for detailed development instructions. To contribute to the community rotation plugin directory, submit a pull request.

Best Practices

Security Considerations

Use dedicated service accounts with minimal required permissions for SaaS integrations
Regularly rotate API keys and tokens used in SaaS configurations
Test rotations in a development environment before production deployment
Monitor rotation logs for failures or authentication issues

Configuration Management

Store SaaS configurations in dedicated shared folders for better organization
Use descriptive names for configuration records (e.g., "Okta Production", "Snowflake Dev")
Document any custom field requirements for team members
Regularly review and update SaaS rotation assignments

Troubleshooting

Check Gateway logs for detailed error messages during rotations
Verify API credentials and permissions in your SaaS applications
Ensure network connectivity between Gateway and target services
Test individual SaaS configurations before associating with multiple users

Support and Resources

Built-in SaaS Types: Supported through standard Keeper support channels
Custom Plugins: Community support via GitHub repository issues
Development Questions: Refer to repository documentation and examples
Enterprise Support: Contact your Keeper representative for assistance with custom integrations

For the most up-to-date list of available plugins and integration examples, regularly check the GitHub repository.

PreviousSaaS Rotation via Commander NextService Management

Last updated 25 days ago