Microsoft SQL Server Plugin

Rotate SQL Server passwords

Keeper has launched a new Password Rotation feature with Keeper Secrets Manager. This new capability is recommended for all password rotation use cases. The Documentation is linked below:

Password Rotation with Keeper Secrets Manager

This plugin allows rotating a user's password in Microsoft SQL Server

Prerequisites

Install pymssql

pip3 install pymssql

Prepare Records for Rotation

Create a Record for Rotation

Rotation supports legacy and typed records. If using typed record, a 'Login' type field is required. Additional fields may be added depending on the rotation type as well. See the instructions below.

See the Troubleshooting section for more information on legacy vs typed records

Set the Hostname and Port

Commander will use these settings to connect.

TIP: If the port is set to 1433, or the host begins with "mssql://" Commander will automatically recognize the record as Microsoft SQL credentials and will use that rotation method unless otherwise configured

Set the record Password to the match account's password

Commander will use the password to login to perform the rotation

Set the Database Name in a custom field

Create a Text type custom field labeled "cmdr:db" and fill in the name of the database to connect to.

Optional Custom Fields

Instead of using the fields above, custom fields can be added with the shown label

Label	Value	Comment
cmdr:plugin	mssql	Tells Commander to use Microsoft SQL Key rotation. This should be either set to the record, or supplied to the rotation command
cmdr:host		Hostname of your MSSQL server
cmdr:rules	'# uppercase, # lowercase, # numeric, # special' (e.g. 4,6,3,8)	Password generation rules

Label

Value

Comment

cmdr:plugin

mssql

Tells Commander to use Microsoft SQL Key rotation. This should be either set to the record, or supplied to the rotation command

cmdr:host

Hostname of your MSSQL server

cmdr:rules

'# uppercase, # lowercase, # numeric, # special'

(e.g. 4,6,3,8)

Password generation rules

Record Example using Optional Fields

Rotate

To rotate MSSQL passwords, use the rotate command in Commander. Pass the command a record title or UID (or use --match with a regular expression to rotate several records at once)

rotate "MSSQL Example" --plugin mssql

The plugin can be supplied to the command as shown here added to a record field, or automatically assigned based on the port number (see options above). Adding the plugin type to the record makes it possible to rotate several records at once with different plugins.