Jump to content

Azkabahn

Members
  • Content Count

    153
  • Joined

  • Last visited

  • Days Won

    2

Everything posted by Azkabahn

  1. When you are adding Webhook in slack, user can choose where to post messages. It can be a direct message to a specific user, but not really makes sense. One webook cannot post to multiple channels or multiple users. So best practice is to have a dedicated alert/notification channel. In terms of the content, it could be the same as in email templates (i assume) already.
  2. mostly we use this https://slack.com/apps/A0F7XDUAZ-incoming-webhooks It's very simple, you add this to your Slack workspace, you get API key which in turn put in the third-party app. Of course, that third-party must support sending notifications or whatever is needed to slack.
  3. Hello, have you added this request into backlog?
  4. Hi, yes I am aware of that. My request was that this would be done via the Administration panel. I would like to have an option to select several password lists and run the scan.
  5. Hi, would you consider adding additional functionality to Self Destruct Message as selecting a different email template? Currently, there is only one available "Self Destruct Message Email", it would be great if you could have a few different email templates for that.
  6. I had a similar idea as well. Unfortunately, it doesn't work in our case since self destruct is places in DMZ zone and will be used to send out URLs outside organization. While the main PasswordState is placed in infra segment with no access to outside. Another question, I haven't had time to test it, but what if we simply use round-robin dns technique? Would PasswordState understand and return the message content?
  7. Hi, I will use this topic instead of creating a new. I hope it fits under this topic. In the administration area, it is possible to run a global report against haveibeenpwned database. The problem I face is that currently, I have 22167 password records in the database. When I click on that report, the whole PasswordState application crashes and gives 503 error. Perhaps an idea for future release to introduce batching or an option for the administrator to pre-select password lists? The latter would be more suitable as in our case you usually want to get a report on specific password lists that are managed by specific people.
  8. Hi, i was wondering is it possible to run Self Destruct in HA mode? The documentation only points out a possible issue with running PasswordState in HA. I have deployed a totally separate windows server in DMZ where I run Self Destruct.
  9. Hi, yes, it works on linux/mac if your machines are joined into AD
  10. +1 we use PasswordState as part of our CI/CD pipeline, so this would be nice to have feature as well
  11. Hi, i think it's time to address one issue that I have been facing and some of the employees internally started to point out the same "issue". I hope this is a small feature request... It is quite common to paste the passwordstate URL to a specific password list or password record via various communication tools. The issue is that after you open the URL it doesn't and you end up in the password list, you have no idea what is the actual path or where it is in the navigation tab. It would great if in the navigation tab the user would be able to see where it landed in the navigation. For example, if have a deep structure of folders and many password lists underneath it takes some time to figure I out where exactly I am in the structure. I hope that makes sense
  12. Great, I forgot about that thread. So it looks that it is needed by community
  13. Hi, yes I did and this is exactly why i would like to request to have such thing as to generate destruct URLs via API I am not talking about actually sending the email, but rather as the first version just to be able to generate valid URLs.
  14. Hi, i would like to ask/propose to introduce new API endpoint for generating self destruct messages. Would it be something possible? We have a business case where such functionality would be implemented internally to our client services to automatically send sensitive information via such messages and also credentials from PasswordState. For API it would be enough to send post request ("Automatically self-destruct this message if not viewed in" and "Allow the self-destruct message to be viewed" - required values)and get a response of self destruct message URL. In our case, if someone would like to send credentials from PasswordState we can build aggregation with existing API endpoints and tie together with this newly requested API endpoint. Best case scenario would be to include optional fields in this new API endpoint where you could specify password record ID value
  15. I would like to get a copy of this as well
  16. Hi, i would not say that you can use WinApi only from windows machines. We are using WinApi from Linux machines for quite some time and it works fine as simple as this: curl --ntlm -u "user:pass" "https://passwordstate_url/winapi/passwords/XX"
  17. Sorry, I was not aware of the newest changes. I have just upgraded to the very latest version Is there a reason why it was decided to split message creation into 3 steps? instead of having it in one window? Another worth mentioning point, is the display of the message when the receiver gets it. The only differentiation between system text and the actual message body is the indentation. Perhaps the actual message body could be more visually expressed/visible?
  18. Hi, I see the concern behind this. How about making it an optional thing that can be enabled? Or maybe you could re-make a little bit the message creation workflow in the UI? Instead of having 3 steps, make it everything into one unified window and also add a button that copies the link to the clipboard.
  19. @SGauvin i think it's easier to put a proper health checks on your backend and then visualize in Grafana or any other similar systems. Next step would be to add alerting based on triggers. Also - put a dynamic DNS load balancer in front so you could easily switch between primary instance and HA. We have built all of it and we do PasswordState upgrades with 0 downtime.
×
×
  • Create New...