Management of KeeperPAM functionality including Password Rotation
Overview
KeeperPAM including password rotation, PAM Configuration and Keeper Gateway configuration can be controlled and managed through Commander using the pam command and sub-commands. These commands support the Password Rotation capabilities of Keeper Secrets Manager.
Detail: View, create and remove Keeper Gateway services. To learn more about the Keeper Gateway click here.
My Vault> pam gateway help
pam command [--options]
Command Description
--------- ------------------
list List Gateways
new Create new Gateway
remove Remove Gateway
Sub-Command: config
Detail: View, create, edit and remove Keeper PAM Configurations. To learn more about PAM Configurations and Keeper rotation capabilities, read the Password Rotation documentation.
My Vault> pam config help
pam command [--options]
Command Description
--------- -------------------------------------------------------------
new Create new PAM Configuration
edit Edit PAM Configuration
list List available PAM Configurations associated with the Gateway
remove Remove a PAM Configuration
Sub-Command: rotation
Detail: View and create Keeper Rotation configuration for records. To learn more about PAM Configurations and Keeper rotation capabilities, read the Password Rotation documentation. For detailed command information, use the -help option.
My Vault> pam rotation help
pam command [--options]
Command Description
--------- -----------------------------------
new Create New Record Rotation Schedule
list List Record Rotation Schedulers
info Get Rotation Info
script Add, delete, or edit script field
new
My Vault> pam rotation new --help
usage: pam rotation new [-h] --record RECORD_UID --config CONFIG_UID [--resource RESOURCE_UID] [--schedulejson SCHEDULE_JSON_DATA]
[--schedulecron SCHEDULE_CRON_DATA] [--complexity PWD_COMPLEXITY]
optional arguments:
-h, --help show this help message and exit
--record RECORD_UID, -r RECORD_UID
Record UID that will be rotated manually or via schedule
--config CONFIG_UID, -c CONFIG_UID
UID of the PAM Configuration.
--resource RESOURCE_UID, -rs RESOURCE_UID
UID of the resource recourd.
--schedulejson SCHEDULE_JSON_DATA, -sj SCHEDULE_JSON_DATA
Json of the scheduler. Example: -sj '{"type": "WEEKLY", "utcTime": "15:44", "weekday": "SUNDAY", "intervalCount": 1}'
--schedulecron SCHEDULE_CRON_DATA, -sc SCHEDULE_CRON_DATA
Cron tab string of the scheduler. Example: to run job daily at 5:56PM UTC enter following cron -sc "0 56 17 * * ?"
--complexity PWD_COMPLEXITY, -x PWD_COMPLEXITY
Password complexity: length, upper, lower, digits, symbols. Ex. 32,5,5,5,5
list
My Vault> pam rotation list --help
usage: pam rotation list [-h] [--verbose]
optional arguments:
-h, --help show this help message and exit
--verbose, -v Verbose output
info
My Vault> pam rotation info --help
usage: dr-router-get-rotation-info-parser [-h] --record-uid RECORD_UID
optional arguments:
-h, --help show this help message and exit
--record-uid RECORD_UID, -r RECORD_UID
Record UID to rotate
script
My Vault> pam rotation script --help
pam command [--options]
Command Description
--------- ---------------------------------
list List script fields
add List Record Rotation Schedulers
edit Add, delete, or edit script field
delete Delete script field
Sub-Command: action
My Vault> pam action help
pam command [--options]
Command Description
------------------- ----------------
gateway-info Info command
unreleased-discover Discover command
rotate Rotate command
job-info View Job details
job-cancel View Job details
gateway-info
My Vault> pam action gateway-info --help
usage: dr-info-command [-h] [--gateway GATEWAY_UID] [--verbose]
optional arguments:
-h, --help show this help message and exit
--gateway GATEWAY_UID, -g GATEWAY_UID
Gateway UID
--verbose, -v Verbose Output
unreleased-discover
My Vault> pam action unreleased-discover --help
usage: dr-discover-command [-h] --shared-folder SHARED_FOLDER_UID --provider-record PROVIDER_RECORD_UID
optional arguments:
-h, --help show this help message and exit
--shared-folder SHARED_FOLDER_UID, -f SHARED_FOLDER_UID
UID of the Shared Folder where results will be stored
--provider-record PROVIDER_RECORD_UID, -p PROVIDER_RECORD_UID
Provider Record UID that defines network
rotate
My Vault> pam action rotate --help
usage: dr-rotate-command [-h] --record-uid RECORD_UID
optional arguments:
-h, --help show this help message and exit
--record-uid RECORD_UID, -r RECORD_UID
Record UID to rotate
job-info
My Vault> pam action job-info --help
usage: pam-action-job-command [-h] [--gateway GATEWAY_UID] job_id
positional arguments:
job_id
optional arguments:
-h, --help show this help message and exit
--gateway GATEWAY_UID, -g GATEWAY_UID
Gateway UID. Needed only if there are more than one gateway running
job-cancel
My Vault> pam action job-cancel --help
usage: pam-action-job-command [-h] [--gateway GATEWAY_UID] job_id
positional arguments:
job_id
optional arguments:
-h, --help show this help message and exit
--gateway GATEWAY_UID, -g GATEWAY_UID
Gateway UID. Needed only if there are more than one gateway running
