PostgreSQL Plugin
Rotate PostrgreSQL database passwords with Commander
Keeper has launched a new Password Rotation feature with Keeper Secrets Manager. This new capability is recommended for all password rotation use cases. The Documentation is linked below:
This plugin allows rotating a user's password in PostgreSQL Server
pip3 install psycopg2-binary
Rotation supports legacy and typed records. If using typed record, a 'Login' type field is required. Additional fields may be added depending on the rotation type as well. See the instructions below.
Populate the 'Login' field of the Keeper record with the PostgreSQL login name
Commander will use the login and password to login to the MySQL account
If using an untyped record, the host and port can be set to custom fields. See below.
TIP: If no rotation plugin is specified, Commander will use the port number or host prefix to guess which rotation to use. Port 5432, or a hostname that begins with "postgresql://" will use PostgreSQL rotation
Add a custom field to the record labeled "cmdr:db" and fill the field with the name of the database to use.
These fields can be added to affect the rotation
Label | Value | Comment |
|---|---|---|
cmdr:plugin | postgresql | (Optional) Tells Commander to use PostgreSQL rotation. This should be either set to the record, or supplied to the rotation command |
cmdr:host | | Hostname of your PostgreSQL server. Legacy records require this custom field, typed records can use the hostname and port fields. |
cmdr:rules | # uppercase, # lowercase, # numeric, # special' (e.g. 4,6,3,8) | (Optional) Password generation rules |
cmdr:port | | (Optional) MySQL port. 3306 assumed if omitted |
Custom Field Name | Custom Field Value |
connect:xxx:env:PGPASSWORD | ${password} |
connect:xxx | psql --host=${cmdr:host} --port=${cmdr:port} --username=${login} --dbname=${cmdr:db} --no-password |
Here's a screenshot of the Keeper Vault record for this use case:
A Keeper Record setup for connection
Last modified 4mo ago