Jump to content

Azkabahn

Members
  • Content Count

    150
  • Joined

  • Last visited

  • Days Won

    2

Everything posted by Azkabahn

  1. Azkabahn

    Slack Notifications?

    +1 for slack webhook
  2. Hi, i would like to ask/propose to introduce new API endpoint for generating self destruct messages. Would it be something possible? We have a business case where such functionality would be implemented internally to our client services to automatically send sensitive information via such messages and also credentials from PasswordState. For API it would be enough to send post request ("Automatically self-destruct this message if not viewed in" and "Allow the self-destruct message to be viewed" - required values)and get a response of self destruct message URL. In our case, if someone would like to send credentials from PasswordState we can build aggregation with existing API endpoints and tie together with this newly requested API endpoint. Best case scenario would be to include optional fields in this new API endpoint where you could specify password record ID value
  3. Hi, would you consider adding additional functionality to Self Destruct Message as selecting a different email template? Currently, there is only one available "Self Destruct Message Email", it would be great if you could have a few different email templates for that.
  4. Azkabahn

    Proposal for new API endpoint

    Hello, have you added this request into backlog?
  5. Azkabahn

    Self Destruct Message Email Template

    any update on this?
  6. Azkabahn

    haveibeenpwned report

    Hi, yes I am aware of that. My request was that this would be done via the Administration panel. I would like to have an option to select several password lists and run the scan.
  7. Hi, i was wondering is it possible to run Self Destruct in HA mode? The documentation only points out a possible issue with running PasswordState in HA. I have deployed a totally separate windows server in DMZ where I run Self Destruct.
  8. Azkabahn

    Self Destruct in High Availability

    I had a similar idea as well. Unfortunately, it doesn't work in our case since self destruct is places in DMZ zone and will be used to send out URLs outside organization. While the main PasswordState is placed in infra segment with no access to outside. Another question, I haven't had time to test it, but what if we simply use round-robin dns technique? Would PasswordState understand and return the message content?
  9. Azkabahn

    haveibeenpwned report

    Hi, I will use this topic instead of creating a new. I hope it fits under this topic. In the administration area, it is possible to run a global report against haveibeenpwned database. The problem I face is that currently, I have 22167 password records in the database. When I click on that report, the whole PasswordState application crashes and gives 503 error. Perhaps an idea for future release to introduce batching or an option for the administrator to pre-select password lists? The latter would be more suitable as in our case you usually want to get a report on specific password lists that are managed by specific people.
  10. Hi, i think it's time to address one issue that I have been facing and some of the employees internally started to point out the same "issue". I hope this is a small feature request... It is quite common to paste the passwordstate URL to a specific password list or password record via various communication tools. The issue is that after you open the URL it doesn't and you end up in the password list, you have no idea what is the actual path or where it is in the navigation tab. It would great if in the navigation tab the user would be able to see where it landed in the navigation. For example, if have a deep structure of folders and many password lists underneath it takes some time to figure I out where exactly I am in the structure. I hope that makes sense
  11. Azkabahn

    Personal API Key

    Hi, yes, it works on linux/mac if your machines are joined into AD
  12. Azkabahn

    Linking Passwords in the API

    +1 we use PasswordState as part of our CI/CD pipeline, so this would be nice to have feature as well
  13. Hi, I am having some hard time understanding the password reset scripts procedure. The instructions are doesn't go too much into details. As to try this, I have setup a demo dummy host machine. I will try to list all the info into bullet points, so here it is: I have created a private password list. With all the necessary options checked according to the manual. List contains a password of the host machine (windows). Machine has only one account - administrator In the "Privileged Account Credentials" section I have created a new credential with the same name as above and the same password. If I run "Password Validation Scripts" it goes fine. The problem occurs when I try to run "Reset Windows Password" script. I get the following error: Error = Failed to reset the local password for account 'administrator' on Host '172.22.12.201'.Error = [172.22.12.201] Connecting to remote server 172.22.12.201 failed with the following error message : The WinRM client cannot process the request. Default authentication may be used with an IP address under the following conditions: the transport is HTTPS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated even adding the passwordstate IP address to the remote host machine I still get the same error. Maybe I am missing something? The idea behind this is to add around 20 machines and execute the password changing script in order to change form default one into something more random.
  14. Azkabahn

    Proposal for new API endpoint

    Great, I forgot about that thread. So it looks that it is needed by community
  15. Azkabahn

    Proposal for new API endpoint

    Hi, yes I did and this is exactly why i would like to request to have such thing as to generate destruct URLs via API I am not talking about actually sending the email, but rather as the first version just to be able to generate valid URLs.
  16. Azkabahn

    Security architectural diagram

    I would like to get a copy of this as well
  17. Azkabahn

    Can WinAPI be used via a Linux shell script?

    Hi, i would not say that you can use WinApi only from windows machines. We are using WinApi from Linux machines for quite some time and it works fine as simple as this: curl --ntlm -u "user:pass" "https://passwordstate_url/winapi/passwords/XX"
  18. Hi, just recently deployed a separate instance of Self Destruct Message. Our plan is to push this feature to client support dep. Currently, the majority of people use whatever other online tools for sending self destruct messages. I see a good use case for having an internal tool like that. I see a lot of things that can be improved, but I would like to highlight one of them - perhaps you could add an option to craft a message within the browser extension? After creation, the URL gets copied to the clipboard and then you simply paste the URL to whatever communication channel you are on.
  19. Sorry, I was not aware of the newest changes. I have just upgraded to the very latest version Is there a reason why it was decided to split message creation into 3 steps? instead of having it in one window? Another worth mentioning point, is the display of the message when the receiver gets it. The only differentiation between system text and the actual message body is the indentation. Perhaps the actual message body could be more visually expressed/visible?
  20. Hi, I see the concern behind this. How about making it an optional thing that can be enabled? Or maybe you could re-make a little bit the message creation workflow in the UI? Instead of having 3 steps, make it everything into one unified window and also add a button that copies the link to the clipboard.
  21. @SGauvin i think it's easier to put a proper health checks on your backend and then visualize in Grafana or any other similar systems. Next step would be to add alerting based on triggers. Also - put a dynamic DNS load balancer in front so you could easily switch between primary instance and HA. We have built all of it and we do PasswordState upgrades with 0 downtime.
×