Jump to content

TTumbler

Members
  • Content count

    8
  • Joined

  • Last visited

  1. TTumbler

    Search for passsword using passwordlist api key

    Thank you, that would help a lot. In case it is useful here is more context around the problem we are trying to solve that leads us to need this. We need a way to programatically reference the same "logical" password from different security contexts which do not use active directory. Using a unique password list per security context gives us an API key for the password list that restricts access to only those passwords needed by a specific application. These passwords are copy and linked into these lists so that they are logically the same password being accessed accross many difference sets of applications. Unfortunately because the password ID changes each time it is copy and linked we cannot use the password ID as the stable unique identifier of a logical password as we don't want to have to change the code that accesses the password for each application but want to use the same code for all applications that access that same logical password with only one changing identifier of the security context (the api key). The method we have come up with to do that is to store a unique GUID in GenericField10 and then use the searchpasswords api to pull the appropriate password. If a given security context (say like a windows user account which we also use in some places) has permissoins to multiple lists where the passwords are we end up getting multiple results back from the api but given that they are all logically the same we select the first result and drop the rest. If you make the change so that we don't have to specify a password list id then that would let us move forward with this work around and be able to reliably identify the same logical password and access that same logical password via the same api call only changing the API key, regardless of the various difference security contexts that might need it. I would rather have a stable unique ID for a password that could be used with the passwords api to pull one instance of the same logical password regardless of where it is stored in the system as long as the security context I am connecting with (api key) has access to the logical password somehow. If we could access the passwordstate API using locally created passwordstate user accounts that could then be granted password level permissions that would also help or if we could have API keys that we could grant access to passwords in arbitrary locations (like what is possible for an AD user for instance) that would also help. Hopefully this provides more context around what we are doing and why this is needed. If there is a better way to accomplish I would be happy to learn. If we could use windows accounts for everything that would also help alleviate this but in our context one of our growing use cases is accessing passwordstate from docker containers running linux and we have not found a way to use the windows authentication API from a linux container. Even if we could we would rather not have to have an AD user created that could possibly be used as an attack vector for other aspects of our environment when what we really need is just a unique security context within passwordstate which if we had to use a user to get, would be better done by a passwordstate only user instead of an AD user.
  2. $PasswordstateUrl = 'https://passwordstate/api/searchpasswords?GenericField10=ValueToSearchFor' Invoke-Restmethod -Method GET -Uri $PasswordstateUrl -Header @{ "APIKey" = "PasswordListSpecificAPIKeyHere" } When using the searchpasswords api with a passwordlist api key I get: Invoke-Restmethod : [{"errors":[{"message":"No Authorization"},{"phrase":"An error has occurred trying to validate the API Key as specified in the 'System Settings' section of Passwordstate. Please check the API Key value has been specified, and is correct."}]}] I would have expected that I could perform a search but only get back those items that matched my search criteria within the password list that corresponds to the API key. Is searching with a password list api key not supported?
  3. We currently link passwords across multiple lists to allow for different security groups accessing different lists. With that said, enabling automatic password resets is something we want to get configured for many of our passwords; many of these being shared/linked into multiple lists. Currently, once you copy/link an entry to another password list, the options for "enabled for Resets" is grayed out. Is there a process that I'm missing that will allow this feature on linked entries? Is it on the radar somewhere for the future? V8.1 Build 8114
  4. Fantastic, I didn't realize that was there. For anyone else trying to accomplish this: To bulk move/cop/copy link passwords use Administration > Password Lists To bulk delete password lists and folders you use Administration > Password Folders though this is limited to one hierarchy at a time so if what you want to delete are password lists at the leaf of several trees heirarchies but without deleting the whole hierarchy it looks like you have to do that one at a time.
  5. The above was posted by us, not sure if linking to our account affects this in any way.
×