Post-Rotation Scripts

Overview

Post-rotation scripts are user-defined code snippets that execute after a credential is rotated. Scripts can be attached to PAM records, and will execute on either the remote machine or on the gateway.

For more information on attaching Post Rotation Scripts to PAM records, visit:

Post-Rotation Use Cases

Post-Rotation scripts empower Keeper customers to manage and automate their IT administrative processes and tasks ranging from restarting a resource to notifying relevant parties on credential updates. Here are some of the use cases made possible with Keeper Post Rotation:

• Updating Access Control Lists (ACLs)

  • After changes to a password or private key, it may be necessary to update the ACLs of files directories or servers as to not disrupt access. A post-execution script can automate this process and ensure that the procedures and/or users have the necessary permissions.

• Revoking old credentials

  • After changes to a password or private key, old credentials may need to be revoked to prevent unauthorized access. A post-execution script can automate this process by revoking the old credentials and updating the user's access permissions.

• Notifying relevant parties on updated credentials

  • Relevant parties such as IT administrators or security personnel should be notified on credentials changes. A post-execution script can automate this process by sending out notifications or alerts.

• Auditing

  • Password or private key changes should be audited for compliance and security purposes. A post-execution script can automate this process by logging the change and any associated actions, such as ACL updates or notifications.

For code snippets and examples of these use cases, visit:

Parameters

Upon successful rotation of credentials on a PAM record, Keeper executes the attached Post-Rotation scripts with parameters containing information on the involved records, credentials, and user.

For more information visit: