Jump to content

enigmatic

Members
  • Content Count

    3
  • Joined

  • Last visited

  1. enigmatic

    User APIKey

    I think this can be used for this purpose, I will need some time to check it out.
  2. enigmatic

    User APIKey

    That could solve it as all people involved have windows workstations, but scripts that need to fetch from passwordstate are often run remotely on linux boxes or automatically in response to some defined trigger... Would it be possible to extract some sort of auth header created by "Invoke-Restmethod -Method Get -Uri $PasswordstateUrl -UseDefaultCredentials" and reuse it on a different box (for example in curl as a request header)?
  3. enigmatic

    User APIKey

    We have multiple password lists. Lists are grouped in folders. Folders have access control enabled with different people assigned to each one. Each list can be accessed by API using per list APIKey. If we use the same APIKey then everyone who needs to have automated access to one of them has access to all of them. If we use different APIKeys for each list then we preserve per folder access, but automatic access gets more complicated since we have to juggle both Passwordlist ID and APIKey (that should be secret and can't be stored in repo - like "hey before running this, set these 5 different apikey secret variables and don't write it down or check it in") What would be nice if there was a per user APIKey that would allow access to API like "/api/passwords/${LIST_ID}?QueryAll". This way everyone could run automated scripts and have access to all the password lists that they are assigned access to in Passwordstate by setting a single UserAPIKey environment/Header variable, and let Passwordstate to handle access control.
×