At the beginning and end of every recorded terminal session, CoTerm displays a link to view the session in Datadog. You can also view all recorded terminal sessions.
CoTerm records terminal sessions that you can play back and review in Datadog. For your security, sensitive data (such as passwords and API keys) are automatically redacted. Any processes launched in the terminal session are recorded as events.
To configure CoTerm to automatically record all future invocations of a particular command, create a shim:
ddcoterm shim create datadog-agent
After you create a shim, restart your terminal or source your profile. (For example, run source ~/.bashrc.) If you are using a shell other than Bash or Zsh, add path/to/.ddcoterm/overrides to your PATH manually.
To prevent the accidental execution of designated terminal commands, you can configure CoTerm to act as a linter. For more control, you can use CoTerm with Datadog Case Management to require approval for designated commands.
When you try to execute a designated command (for example, kubectl scale), CoTerm can display warnings and prompt you for confirmation.
Create a shim for your command: ddcoterm shim create kubectl
Configure a linting rule in your .ddcoterm/config.yaml file. For details on how to configure linting in CoTerm, see CoTerm Configuration Rules.
.ddcoterm/config.yaml
process_config:commands:- command:"kubectl"lints:- | if has_arg("scale") and flags.context == nil then
return string.format("No kubectl context specified (effective context: '%s'). It is recommended to always explicitly specify the context when running `kubectl scale`.", k8s_context)
end
With this configuration, CoTerm intercepts any kubectl scale command without a --context flag.
For even more dangerous commands, CoTerm can require explicit approval by another team member (through Case Management) before running the command.
Create a shim for your command: ddcoterm shim create kubectl
Configure requiring approval in your .ddcoterm/config.yaml file. For details, see CoTerm Configuration Rules.
.ddcoterm/config.yaml
process_config:commands:- command:"kubectl"rules:# Record and require approval for all executions of `kubectl scale` in a production context- rule:| local applicable = has_arg("scale") and k8s_context:match("prod")
local user_message = "Proceed with caution. This command may disrupt your Kubernetes cluster setup."
local approver_message = "Ensure that the user has documented a rollback plan before approving."
return applicable, user_message, approver_messageactions:["record","logs","process_info","approval"]
With this configuration, when you run a kubectl scale --context prod command, CoTerm creates an approval request in Case Management. If you opt to associate the approval request with an active incident, other incident responders are automatically added as approvers. After this request is approved, your command executes.