Fabian Näf

Hi Folke
 
My final solution (workaround) in this case was to update the guide directly in the database, below some snippets from my Powershell script.
I have to say, that this is very dangerous and can lead to a corrupt database if you're doing something wrong! So be very careful with this!!
 
$global:PasswordstateSystemWideAPIKey = ''; Import-Module SQLPS -DisableNameChecking Push-Location cd SQLSERVER:\SQL\localhost\DEFAULT\Databases\passwordstate Function UpdateGuideOfPasswordstatePasswordlistOrFolder() { Param ( [Parameter(Mandatory=$True,ValueFromPipeline=$False,ValueFromPipelinebyPropertyName=$False)] [String]$Id, [Parameter(Mandatory=$False,ValueFromPipeline=$False,ValueFromPipelinebyPropertyName=$False)] [String]$Guide ) Begin { $Guide = ConvertTextToHtml -text $Guide } Process { $Header = @{ APIKey = $global:PasswordstateSystemWideAPIKey } try { $query = $("UPDATE PasswordLists SET Guide = '" + $Guide + "' WHERE PasswordListID = " + $ID) Invoke-Sqlcmd -Query $query } catch { Write-Host $_ -ForegroundColor Red Write-Host $_.GetType() -ForegroundColor Red Write-Host $_.Exception -ForegroundColor Red throw $_.Exception } } End { Write-Output ($result | Where-Object { $_.TreePath -eq $Tree }).PasswordListID } } Function ConvertTextToHtml() { Param ( [Parameter(Mandatory=$True,ValueFromPipeline=$False,ValueFromPipelinebyPropertyName=$False)] [String]$text ) Begin { } Process { $html = $($text -replace "\n", "<br>") } End { Write-Output $html } } $dummyGuide = @" This Is A Test Guide Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. "@ UpdateGuideOfPasswordstatePasswordlistOrFolder -Id 123456789 -Guide $dummyGuide Pop-Location Best regards,
 
Fabian

Hi All
 
Our company just went live with Passwordstate a week a go. We migrated loads of credentials and a big tree structur from our previous password manager solution to Passwordstate. After we went live, we realized, that we forgot to migrate some certain fields from the old password manager solution from the tree (which should be migrated to folder and passwordliste in Passwordstate).
Currently Passwordstate has no REST method to modify (or delete) folders or passwordlists. So the only option which left was to inject the missing date directly into the database, which is kind of ugly, even though it went well.
 
Therefore I'd like to raise this feature request for modify and delete REST methods for the win and anonymous REST API.
 
Best regards,
 
Fabian

To make the app server work you have to pin its certificate through the main Passwordstate service, which currently seems to use the certificate itself. I'm using Let's Encrypt for my certificates, so that means every few months I have to clear the pin, re-query for the new cert and tell all users to re-pair their apps. And even if you use "real" certs that have a validity period of a couple years, once that expires you'll have exactly the same problem.
 
I propose that instead of generating some form of hash of the certificate, Passwordstate should use the SPKI fingerprint instead. As far as I know this is dependent on the private key, so as long as that doesn't change the output will be the same. This is how HTTP Public Key Pinning works as well, as to not to break all clients that have already cached the previous pin when the cert rotates. Many Let's Encrypt clients (or ACME in general) can be told to reuse an existing private key.

You can also save your credentials in a variable ($credVariabke = Get-Credentials) and pass this to the Invoke-Rest Powershell command. So I assume, there could be a way.
I also can imagine, that you could pass your credential to a REST-call header from another system (e.g. bash script) to authenticate, but I'm not familiar with bash scripts.