PAM Machine, Database, Directory

Record Type Details for PAM Machine, Database, and Directory

Supported Configurations for PAM Machine, Database, and Directory

When Keeper Rotation is activated on a Keeper account, Rotation record types are added to the account. Records created using these types facilitate record rotation.

The following are supported configurations for record type associated to each Device or Account type:

Resource Type	Sub-type	Record Type
Database	MySQL, MySQL Flexible	PAM Database
Database	PostgreSQL, PostgresSQL Flexible	PAM Database
Database	SQL Server	PAM Database
Database	Mongo	PAM Database
Database	MariaDB	PAM Database
Machine	Windows, macOS, Linux	PAM Machine
Machine	EC2 Instance	PAM Database
Machine	Azure VM	PAM Database
Directory	Active Directory	PAM Directory
Directory	OpenLDAP	PAM Directory

Resource Type

Sub-type

Record Type

Database

MySQL, MySQL Flexible

PAM Database

Database

PostgreSQL, PostgresSQL Flexible

PAM Database

Database

SQL Server

PAM Database

Database

Mongo

PAM Database

Database

MariaDB

PAM Database

Machine

Windows, macOS, Linux

PAM Machine

Machine

EC2 Instance

PAM Database

Machine

Azure VM

PAM Database

PAM Machine, Database, and Directory Record Fields

The following tables provides more details on each configurable field in PAM Machine, PAM Database, and PAM Directory records:

PAM Machine Resource

Field	Description	Notes
Hostname or IP Address	Address of the machine resource	Required
Port	Port to connect on. The Gateway uses this to determine connection method.	Must be a port for SSH or WinRM Keeper expects 22, 5985, 5986, or an alternative port for SSH or WinRM specified in the PAM Configuration port mapping
Login	Admin account username
Password	Password for admin account	If Port is 22, or an alternative port mapped to ssh: Private PEM key can used instead
Private PEM Key	PEM Key for ssh connection (optional)	The key take precedence if both a key and password are provided
OS	Operating System	For human reference only. Operating system is detected during rotation
SSL Verification	Verify certificate of host when connecting with SSH
Instance Name	Azure or AWS Instance Name	Not used for rotation
Instance Id	Azure or AWS Instance ID	Not used for rotation
Provider Group	Provider Group for directories hosted in Azure	Not used for rotation
Provider Region	AWS region of hosted directory	Not used for rotation

Field

Description

Notes

Hostname or IP Address

Address of the machine resource

Required

Port

Port to connect on. The Gateway uses this to determine connection method.

Must be a port for SSH or WinRM

Keeper expects 22, 5985, 5986, or an alternative port for SSH or WinRM specified in the PAM Configuration port mapping

Admin account username

Password

Password for admin account

If Port is 22, or an alternative port mapped to ssh: Private PEM key can used instead

Private PEM Key

PEM Key for ssh connection (optional)

The key take precedence if both a key and password are provided

Operating System

For human reference only. Operating system is detected during rotation

SSL Verification

Verify certificate of host when connecting with SSH

Instance Name

Azure or AWS Instance Name

Not used for rotation

Instance Id

Azure or AWS Instance ID

Not used for rotation

Provider Group

Provider Group for directories hosted in Azure

Not used for rotation

Provider Region

AWS region of hosted directory

Not used for rotation

PAM Database Resource

Field	Description	Notes
Hostname or IP Address	Address of the Database Resource	Required
Port	Port to connect on. The Gateway uses this to determine connection method.	A Port must be provided. Standard ports are: postgresql: 5432 MySQL: 3306 Maria DB: 3306 Microsoft SQL: 1433 Oracle: 1521 Mongo DB: 27017
Use SSL	Use SSL when connecting
Login	Admin account username
Password	Admin account password
Connect Database	Database to connect to (Postgres only)	Required for connecting to Postgres, MongoDB, and MS SQL Server
Database Id	Azure or AWS Resource ID	Required for AWS and Azure rotations
Database Type	Appropriate database type from supported databases.	If a non-standard port is provided, the Database Type will be used to determine connection method.
Provider Group	Azure or AWS Provider Group	Required for Azure rotations
Provider Region	Azure or AWS Provider Region	Required for AWS rotations

Field

Description

Notes

Hostname or IP Address

Address of the Database Resource

Required

Port

Port to connect on. The Gateway uses this to determine connection method.

A Port must be provided. Standard ports are: postgresql: 5432 MySQL: 3306 Maria DB: 3306 Microsoft SQL: 1433 Oracle: 1521 Mongo DB: 27017

Use SSL

Use SSL when connecting

Admin account username

Password

Admin account password

Connect Database

Database to connect to (Postgres only)

Required for connecting to Postgres, MongoDB, and MS SQL Server

Database Id

Azure or AWS Resource ID

Required for AWS and Azure rotations

Database Type

Appropriate database type from supported databases.

If a non-standard port is provided, the Database Type will be used to determine connection method.

Provider Group

Azure or AWS Provider Group

Required for Azure rotations

Provider Region

Azure or AWS Provider Region

Required for AWS rotations

PAM Directory Resource

Field	Descrpiton	Notes
Hostname or IP Address	Address of the directory resource	Required
Port	Port to connect on	Typically 389 or 636 (LDAP/LDAPS)
Use SSL	Use SSL when connecting
Login	Username of domain account with rotation privilege	Example: "administrator"
Password	Domain account password	Password is masked
Distinguished Name	Distinguished name of the domain login provided above	Example: CN=Jeff Smith,OU=Sales,DC=demo,DC=COM If left blank, defaults are attempted depending on the provider type
Directory ID	Instance ID for AD resource in Azure and AWS hosted environments	Required for Azure Active Directory and AWS Directory Service AWS Example: "d-9a423d0d3b'
Directory Type	Directory type, used for formatting of messaging	Must be Active Directory or OpenLDAP
Domain Name	domain managed by the directory	Example: some.company.com
Provider Group	Provider Group for directories hosted in Azure	Required for directories hosted in Azure
Provider Region	AWS region of hosted directory	Required for directories hosted in AWS Example: us-east-2

Field

Descrpiton

Notes

Hostname or IP Address

Address of the directory resource

Required

Port

Port to connect on

Typically 389 or 636 (LDAP/LDAPS)

Use SSL

Use SSL when connecting

Username of domain account with rotation privilege

Example: "administrator"

Password

Domain account password

Password is masked

Distinguished Name

Distinguished name of the domain login provided above

Example: CN=Jeff Smith,OU=Sales,DC=demo,DC=COM If left blank, defaults are attempted depending on the provider type

Directory ID

Instance ID for AD resource in Azure and AWS hosted environments

Required for Azure Active Directory and AWS Directory Service AWS Example: "d-9a423d0d3b'

Directory Type

Directory type, used for formatting of messaging

Must be Active Directory or OpenLDAP

Domain Name

domain managed by the directory

Example: some.company.com

Provider Group

Provider Group for directories hosted in Azure

Required for directories hosted in Azure

Provider Region

AWS region of hosted directory

Required for directories hosted in AWS Example: us-east-2

PreviousPAM User NextPAM Configuration

Last updated 11 months ago