Jump to content

Azkabahn

Members
  • Content Count

    142
  • Joined

  • Last visited

  • Days Won

    2

Everything posted by Azkabahn

  1. Hi, i would like to ask/propose to introduce new API endpoint for generating self destruct messages. Would it be something possible? We have a business case where such functionality would be implemented internally to our client services to automatically send sensitive information via such messages and also credentials from PasswordState. For API it would be enough to send post request ("Automatically self-destruct this message if not viewed in" and "Allow the self-destruct message to be viewed" - required values)and get a response of self destruct message URL. In our case, if someone would like to send credentials from PasswordState we can build aggregation with existing API endpoints and tie together with this newly requested API endpoint. Best case scenario would be to include optional fields in this new API endpoint where you could specify password record ID value
  2. Hi, i think it's time to address one issue that I have been facing and some of the employees internally started to point out the same "issue". I hope this is a small feature request... It is quite common to paste the passwordstate URL to a specific password list or password record via various communication tools. The issue is that after you open the URL it doesn't and you end up in the password list, you have no idea what is the actual path or where it is in the navigation tab. It would great if in the navigation tab the user would be able to see where it landed in the navigation. For example, if have a deep structure of folders and many password lists underneath it takes some time to figure I out where exactly I am in the structure. I hope that makes sense
  3. Azkabahn

    Personal API Key

    Hi, yes, it works on linux/mac if your machines are joined into AD
  4. Azkabahn

    Linking Passwords in the API

    +1 we use PasswordState as part of our CI/CD pipeline, so this would be nice to have feature as well
  5. Hi, I am having some hard time understanding the password reset scripts procedure. The instructions are doesn't go too much into details. As to try this, I have setup a demo dummy host machine. I will try to list all the info into bullet points, so here it is: I have created a private password list. With all the necessary options checked according to the manual. List contains a password of the host machine (windows). Machine has only one account - administrator In the "Privileged Account Credentials" section I have created a new credential with the same name as above and the same password. If I run "Password Validation Scripts" it goes fine. The problem occurs when I try to run "Reset Windows Password" script. I get the following error: Error = Failed to reset the local password for account 'administrator' on Host '172.22.12.201'.Error = [172.22.12.201] Connecting to remote server 172.22.12.201 failed with the following error message : The WinRM client cannot process the request. Default authentication may be used with an IP address under the following conditions: the transport is HTTPS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated even adding the passwordstate IP address to the remote host machine I still get the same error. Maybe I am missing something? The idea behind this is to add around 20 machines and execute the password changing script in order to change form default one into something more random.
  6. Azkabahn

    Proposal for new API endpoint

    Great, I forgot about that thread. So it looks that it is needed by community
  7. Azkabahn

    Proposal for new API endpoint

    Hi, yes I did and this is exactly why i would like to request to have such thing as to generate destruct URLs via API I am not talking about actually sending the email, but rather as the first version just to be able to generate valid URLs.
  8. Azkabahn

    Security architectural diagram

    I would like to get a copy of this as well
  9. Azkabahn

    Can WinAPI be used via a Linux shell script?

    Hi, i would not say that you can use WinApi only from windows machines. We are using WinApi from Linux machines for quite some time and it works fine as simple as this: curl --ntlm -u "user:pass" "https://passwordstate_url/winapi/passwords/XX"
  10. Hi, just recently deployed a separate instance of Self Destruct Message. Our plan is to push this feature to client support dep. Currently, the majority of people use whatever other online tools for sending self destruct messages. I see a good use case for having an internal tool like that. I see a lot of things that can be improved, but I would like to highlight one of them - perhaps you could add an option to craft a message within the browser extension? After creation, the URL gets copied to the clipboard and then you simply paste the URL to whatever communication channel you are on.
  11. Sorry, I was not aware of the newest changes. I have just upgraded to the very latest version Is there a reason why it was decided to split message creation into 3 steps? instead of having it in one window? Another worth mentioning point, is the display of the message when the receiver gets it. The only differentiation between system text and the actual message body is the indentation. Perhaps the actual message body could be more visually expressed/visible?
  12. Hi, I see the concern behind this. How about making it an optional thing that can be enabled? Or maybe you could re-make a little bit the message creation workflow in the UI? Instead of having 3 steps, make it everything into one unified window and also add a button that copies the link to the clipboard.
  13. @SGauvin i think it's easier to put a proper health checks on your backend and then visualize in Grafana or any other similar systems. Next step would be to add alerting based on triggers. Also - put a dynamic DNS load balancer in front so you could easily switch between primary instance and HA. We have built all of it and we do PasswordState upgrades with 0 downtime.
  14. Azkabahn

    New Permissions Report requested

    +1 Also it is difficult to understand the situation where a user is duplicated many times when you look at the permission list. For example: User A has modify permissions for Record A User A has view permissions for Record B I will have the same user displayed 3 times: 2 for above permissions, 1 record under the guest column. Perhaps it would be possible to separate such views? One for password list level, second for individual records?
  15. Azkabahn

    Password viewed emails to list admins only?

    +1 from me as well
  16. Azkabahn

    ELK and PasswordState

    Hi, i would like to start this thread to get some insights if any of the other customers are using external syslog server to ship the logs from PasswordState. I am using ELK stack. Currently i am trying to create custom filters in Kibana to filter out the logs from PasswordState. I have the question, does the PasswordState always include "Passwordstate" value in the logs that are being sent to syslog server? host:X.X.X.X @timestamp:September 12th 2017, 17:17:29.728 @version:1 message:<110>2017-09-12 16:15:52 X.X.X.X Passwordstate: Failed 'Forms Based' login attempt for UserID 'n.lastname' from the IP Address 'X.X.X.X'. Client IP Address = X.X.X.X _id:AV_aAXYurEipAt82YaPZ _type:logs _index:%{type}-2017.11.20 _score: - Feature Request - it would be great to have support for TCP ports
  17. Azkabahn

    External user access

    I will put my +1 as well. We get into similar situations where it's better to use PasswordState to expose temporary login info to outsources than some other external tool.
  18. Azkabahn

    Report: Password lists (and/or folders?) without admins

    Hi, used this SQL query for several times. I would put +1 for this feature to have it in the reporting. I would improve with the additional column indicating the number of records in the password list.
  19. Hi, I would like to propose to split auditing table in the backend into two tables. Not sure if other customers complain or have a huge load on PasswordState, but I tend to see that such feature would be beneficial. We have a lot of integration with CI/CD (Continuous integration / continuous delivery) tools via API and WinAPI. I am aware of the flag (PreventAuditing) that can be appended to the API calls in order not to leave traces in the audit log. I must say this should not be an option at all it's very complicated to do forensics or analyze if someone scraped all the password list with such flag. This leaves to another point. By having regular logs and API logs in one table, it reflects on UI performance. Also, what is the point for a regular user to see in the "recent activity grid" logs about API calls? Probably none, a user just want to have a glimpse into what's going on. Knowledge and understanding of what is API, in general, indicates that a person has a technical background. This means he/she will know where or how to find audit logs regarding API.
  20. Azkabahn

    Multible Tabs

    Hi, so now it is possible to enable multiple tabs? I cannot seem to find it. I have V8.4 (Build 8411)
×