Keeper Secrets Manager
Search
K

KeeperPAM Commands

Management of KeeperPAM functionality including Password Rotation

Overview

KeeperPAM including password rotation, PAM Configuration and Keeper Gateway configuration can be controlled and managed through Commander using the pam command and sub-commands. These commands support the Password Rotation capabilities of Keeper Secrets Manager.

pam command

command: pam
Detail: Perform KeeperPAM controls.
pam command [--options]
Command Description
--------- -----------------------------
gateway Manage Gateways
config Manage PAM Configurations
rotation Manage Rotations
action Execute action on the Gateway

Sub-Command: gateway

Detail: View, create and remove Keeper Gateway services. To learn more about the Keeper Gateway click here.
My Vault> pam gateway help
pam command [--options]
Command Description
--------- ------------------
list List Gateways
new Create new Gateway
remove Remove Gateway

Sub-Command: config

Detail: View, create, edit and remove Keeper PAM Configurations. To learn more about PAM Configurations and Keeper rotation capabilities, read the Password Rotation documentation.
My Vault> pam config help
pam command [--options]
Command Description
--------- -------------------------------------------------------------
new Create new PAM Configuration
edit Edit PAM Configuration
list List available PAM Configurations associated with the Gateway
remove Remove a PAM Configuration

Sub-Command: rotation

Detail: View and create Keeper Rotation configuration for records. To learn more about PAM Configurations and Keeper rotation capabilities, read the Password Rotation documentation. For detailed command information, use the -help option.
My Vault> pam rotation help
pam command [--options]
Command Description
--------- -----------------------------------
new Create New Record Rotation Schedule
list List Record Rotation Schedulers
info Get Rotation Info
script Add, delete, or edit script field

new

My Vault> pam rotation new --help
usage: pam rotation new [-h] --record RECORD_UID --config CONFIG_UID [--resource RESOURCE_UID] [--schedulejson SCHEDULE_JSON_DATA]
[--schedulecron SCHEDULE_CRON_DATA] [--complexity PWD_COMPLEXITY]
optional arguments:
-h, --help show this help message and exit
--record RECORD_UID, -r RECORD_UID
Record UID that will be rotated manually or via schedule
--config CONFIG_UID, -c CONFIG_UID
UID of the PAM Configuration.
--resource RESOURCE_UID, -rs RESOURCE_UID
UID of the resource recourd.
--schedulejson SCHEDULE_JSON_DATA, -sj SCHEDULE_JSON_DATA
Json of the scheduler. Example: -sj '{"type": "WEEKLY", "utcTime": "15:44", "weekday": "SUNDAY", "intervalCount": 1}'
--schedulecron SCHEDULE_CRON_DATA, -sc SCHEDULE_CRON_DATA
Cron tab string of the scheduler. Example: to run job daily at 5:56PM UTC enter following cron -sc "0 56 17 * * ?"
--complexity PWD_COMPLEXITY, -x PWD_COMPLEXITY
Password complexity: length, upper, lower, digits, symbols. Ex. 32,5,5,5,5

list

My Vault> pam rotation list --help
usage: pam rotation list [-h] [--verbose]
optional arguments:
-h, --help show this help message and exit
--verbose, -v Verbose output

info

My Vault> pam rotation info --help
usage: dr-router-get-rotation-info-parser [-h] --record-uid RECORD_UID
optional arguments:
-h, --help show this help message and exit
--record-uid RECORD_UID, -r RECORD_UID
Record UID to rotate

script

My Vault> pam rotation script --help
pam command [--options]
Command Description
--------- ---------------------------------
list List script fields
add List Record Rotation Schedulers
edit Add, delete, or edit script field
delete Delete script field

Sub-Command: action

My Vault> pam action help
pam command [--options]
Command Description
------------------- ----------------
gateway-info Info command
unreleased-discover Discover command
rotate Rotate command
job-info View Job details
job-cancel View Job details

gateway-info

My Vault> pam action gateway-info --help
usage: dr-info-command [-h] [--gateway GATEWAY_UID] [--verbose]
optional arguments:
-h, --help show this help message and exit
--gateway GATEWAY_UID, -g GATEWAY_UID
Gateway UID
--verbose, -v Verbose Output

unreleased-discover

My Vault> pam action unreleased-discover --help
usage: dr-discover-command [-h] --shared-folder SHARED_FOLDER_UID --provider-record PROVIDER_RECORD_UID
optional arguments:
-h, --help show this help message and exit
--shared-folder SHARED_FOLDER_UID, -f SHARED_FOLDER_UID
UID of the Shared Folder where results will be stored
--provider-record PROVIDER_RECORD_UID, -p PROVIDER_RECORD_UID
Provider Record UID that defines network

rotate

My Vault> pam action rotate --help
usage: dr-rotate-command [-h] --record-uid RECORD_UID
optional arguments:
-h, --help show this help message and exit
--record-uid RECORD_UID, -r RECORD_UID
Record UID to rotate

job-info

My Vault> pam action job-info --help
usage: pam-action-job-command [-h] [--gateway GATEWAY_UID] job_id
positional arguments:
job_id
optional arguments:
-h, --help show this help message and exit
--gateway GATEWAY_UID, -g GATEWAY_UID
Gateway UID. Needed only if there are more than one gateway running

job-cancel

My Vault> pam action job-cancel --help
usage: pam-action-job-command [-h] [--gateway GATEWAY_UID] job_id
positional arguments:
job_id
optional arguments:
-h, --help show this help message and exit
--gateway GATEWAY_UID, -g GATEWAY_UID
Gateway UID. Needed only if there are more than one gateway running
Previous
Sharing Commands
Next
Connection Commands
Last modified 1mo ago