Sarge

Thanks, what build is that available on? We're on 8650 and that report doesn't appear to be available via the API doco?

Hi, Is there a method to pull a list of Managed hosts (IE: Those that have a password entry managed) from the API? The current documentation only seems to show basic host information.

Hi There, We have multiple authentication domains attached to Passwordstate, some users continuously forget which domain to use for authentication, thus raising constant support issues for PEBKAC. Is it possible to use a browser cookie (or some other mechanism) to remember the default domain the user chooses after a successful login?

+1

Agreed. Notes being encrypted makes searching more difficult.

Ah beautiful, didn't know that existed Thanks!

Hi Guys, Whats the process for upgrading Passwordstate, when there are 2 * Application Servers, 2 * Self Destruct Servers, 2 * Reset portals & 1 * Gateway server? What needs to be upgraded first? 2 * Database Servers One per datacenter, Active/Cold with automatic failover. 2 * Application Servers One per datacenter, presented through load balancers to distribute traffic evenly and provide Active/Active HA services. 2 * Self Destruct Servers One per datacenter, presented through load balancers, all traffic routed to node 1, only routed to node 2 if node 1 is offline. Providing active/cold services. 2 * Reset portals. One per datacenter, presented through load balancers to distribute traffic evenly and provide Active/Active HA services. 1 * Gateway Server In primary datacenter

No, the self-destruct message data is stored in a SQLLite database on the Self-Destruct web server, Passwordstate web server pushes data to it. If you round robin to two nodes (or more), one of them will get the data (say, self-destruct server1) , while the one the user hits to access the data (self-destruct server2) won't have it. All self-destruct data needs to go to a single node, hence why an Active/Cold setup works.

Sort of, if you have the load balancers capable of doing it. Self Destruct uses its own SQL-Lite database where it stores the shared messages/credentials pushed to it by the main Passwordstate website. We have our Self Destruct web sites installed on the same web nodes as Passwordstate, bound to a seperate IP address. Our load balancers then direct all traffic for the self destruct HA URL to node 1 unless that node is offline. This way the self destruct messages are always available until the node is offline. It's HA in an Active/Cold configuration. In a disaster we still maintain our Self Destruct capabilities - we just have to re-create self destruct messages since the load balancers will instead be redirecting self destruct traffic to node 2. SQL-Lite supports replication, so hopefully in a future build there is Active/Active support for self destruct. The same Active/Cold setup can be achieved with the browser based gateway, and in theory the reset portal - but I'm still working on the reset portal HA.

This request seems akin to a "CREATOR OWNER" equivalent setting, where the user creating the list can control it - which can already be achieved with the following administrative setting "When a new Shared Password List is created, apply the following permission to the user who created the list:"

Related:

Access can be gained via Administration > Password Folders.

Agreed. I think this goes right down to the password resets as well. Install WSL on Server 2016/2019 and use the native tools for running the scripts rather than modules (IE: Posh-SSH etc)

Same for the Google Auth 2FA. The Microsoft Authenticator app supports push notifications, just needs to be implemented on Passwordstate end.