Jump to content

Password field - reference to another password


GregSmid

Recommended Posts

Hi there, I couldn't find any forum posts on this so I figured this was a good spot for it.

 

Would it be possible to insert a reference to another password inside the password field for a site?  For example, I have a number of sites that I access using my Active Directory username and password:

 

https://site1.domain.com

https://site2.domain.com

https://servername.local

https://site3.otherdomainname.com

 

When it's time to change my AD password, I have to go through each of those entries in Passwordstate and update it.  What I would rather do is have one master site saved called 'AD Credentials' and have each of those other sites refer to the password there.

 

This would be similar to the Field Reference feature in KeePass.

 

Greg

Link to comment
Share on other sites

Hi Greg,

We're sorry, but unfortunately we do not have a feature like this. You could configure multiple Generic Fields as additional URL fields, and store them all in the one record, but that certainly doesn't sound as elegant as the KeePass option you mentioned.

 

Another option, and again not elegant, is creating a PowerShell script which is linked to the master record. When you reset the password for this field, your custom PowerShell script could take advantage of our API, and also update the other records as well.

 

Regards

Click Studios

Link to comment
Share on other sites

  • 2 months later...

Hi guys,

 

So, the time has come.  I changed my AD password today, and now it's time to update my Password entries for all the sites that use it.

 

I've been going through my Passwords and adding tagging each one in the Notes field with "ADCreds". So, I should be able to use the API to go through each password, check if it has "ADCreds" in the Notes field, and update the Password fields if it does.

 

Do you have any starter scripts that could help with that? Or do I need to start from scratch?

 

Thanks,

 

Greg

Link to comment
Share on other sites

Hi Greg,

 

We don't really have any pre-made scripts for this request. What sort of scripting language are you comfortable in using? Basically what you need to do is:

  • Use the 'Searching for passwords' method first, and search the Notes field
  • And then with the results, use the 'Updating an Existing Password'

It shouldn't be that difficult to put together. If you are using PowerShell, we might be able to create something quickly for you.

Regards
Click Studios

Link to comment
Share on other sites

Hi Greg,

 

Hope we're not too late with this reply, but we've come up with a script that should help you out going forward:)  This script will search across all Password Records for the term "ADCreds" in the Notes field, and will update the password to what you insert into the "$NewPassword" variable.  The only other 2 things you'll need to change is the $PasswordstateURL and $APIKey to reflect your own environment.  It needs to be the System Wide API key found under Administration -> System Settings -> API Keys.  Please let us know if this suits and if you have any questions about it?

 

 

 

<#
.SYNOPSIS
Search for Specific Password Records and update them to the same password

.NOTES
Requires System Wide API key, name of field to search, and search terms
#>

 

$PasswordstateURL = "https://sandbox.halox.net"
$APIKey = "8536e72c4d38afb98563b4c73ed2af37"
$NewPassword = "TestPassword3"


$FullURL = "$PasswordstateURL/api/searchpasswords/?Notes=ADCreds"
$results = Invoke-Restmethod -Method GET -Uri $FullURL -Header @{ "APIKey" = $APIKey }
$PasswordIDs = $results.PasswordID

Foreach ($PasswordRecord in $PasswordIDs)
{
    
    $jsonString = '
{
   "PasswordID":"' + $PasswordRecord + '",
   "Password":"' + $NewPassword + '"
}
'
    
    Invoke-Restmethod -Method PUT -Uri "$PasswordstateURL/api/passwords" -ContentType "application/json" -Body $jsonString -Header @{ "APIKey" = $APIKey }
    
}

 

 

Link to comment
Share on other sites

Thanks for that, definitely a very helpful start! I'm having trouble actually getting the API call to return any search results though. Running the script was just returning an error:




[{"errors":[{"message":"Not Found"},{"phrase":"You search for Password records return zero results."}]}]

So, I've been testing in a browser directly, and still get the same error.

 

I've attached a couple screenshots to show the search results working in the web GUI vs. not working in the API call.

 

I've tried a few different things in the API call but so far it always returns zero results:

  • Capital 'N' on 'Notes' vs. lower-case 'n'
  • Capitalized ADCreds vs. lower-case adcreds
  • Quotation marks around "adcreds" vs no quotation marks
  • Using https://passwordstate/api/searchpasswords/?search= with all the above combos to search all fields instead of just Notes

 

I have verified that it's at least connecting to the PasswordState API correctly... if I put the wrong APIKey in, it tells me it's the wrong key.

I feel like we're really close here.  Once I can get some search results back, I'm certain the updating part of the script will work as well.

 

Do you see anything obviously wrong in the screenshot?

 

Thanks!

 

Greg

 

PasswordState - Web GUI Search Results.png

PasswordState - API Search Results.png

Link to comment
Share on other sites

Hi Greg,

 

I think the issue here is that you have these passwords stored in a Private Password List - we were not aware of this when you're request came through. You cannot use the System Wide API Key to search in Private Password Lists. Instead you will need to specify the PasswordListID and the APIKey from the Private List, like the URL below:

 

https://passwordstateurl/api/searchpasswords/2080?Notes=ADCreds&APIKey=df76a2b58ec393475bc6e2d343f98ac5

 

Regards

Click Studios

Link to comment
Share on other sites

All working! For any future visitors to this thread, here's what I ended up with:

 


 <#

.SYNOPSIS

Search for Specific Password Records and update them to the same password



.NOTES

Requires Password List API Key, Password List ID, name of field to search, and search terms

#>



##########################################

#User Variables - Fill in your PS URL, the Password List ID and API Key of your Password List, the field your're searching, your search term, and your new password



$PasswordstateURL = "https://password.state.url"



$PasswordListID = "10"

#Password List ID can be found by hovering your mouse over the PW List name in the nav tree.



$APIKey = "11223344556677889900aabbccddeeff"

#Use the API key for your specific Password List. You can set it in the Password List settings on the API Key tab.



$SearchField = "Notes"



$SearchTerm = "ADCreds"



$NewPassword = "FancYNewPasw0rd!"



##########################################





$FullURL = "$PasswordstateURL/api/searchpasswords/" + $PasswordListID + "?" + $SearchField + "=" + $SearchTerm

$results = Invoke-Restmethod -Method GET -Uri $FullURL -Header @{ "APIKey" = $APIKey }

$PasswordIDs = $results.PasswordID





Foreach ($PasswordRecord in $PasswordIDs)

{

    

    $jsonString = '

{

   "PasswordID":"' + $PasswordRecord + '",

   "Password":"' + $NewPassword + '"

}

'

    

    Invoke-Restmethod -Method PUT -Uri "$PasswordstateURL/api/passwords" -ContentType "application/json" -Body $jsonString -Header @{ "APIKey" = $APIKey }

    

} 

 

Thanks again, this would have taken waaaaaay longer to figure out without your help! If you'd like to copy/move some or all of this thread over to the PowerShell Scripts area of the forums, feel free. :)

 

Greg

 

Link to comment
Share on other sites

  • 3 weeks later...

Hi guys,

 

It occurred to me that we probably don't want to encourage people to leave scripts laying around on their computers that have their AD creds and their PasswordState API key in them, just waiting for someone to steal.

 

I've changed the lines in the User Variables section to:

 

$APIKey = Read-Host -Prompt 'Enter your API Key'

$NewPassword = Read-Host -Prompt 'Enter your new AD Password'

 

This way the script will prompt them to enter their password and API key instead.

Link to comment
Share on other sites

Final version of the script!

  • User is prompted for Password List ID, API Key, and their new password
  • New password is verified
  • API Key and Passwords are not displayed on screen
  • Error checking to make sure the API calls worked
  • Information about the number of passwords that got updated and which ones is displayed at the end

<#



.SYNOPSIS



Search for Specific Password Records and update them to the same password



.NOTES



Requires Password List API Key, Password List ID, name of field to search, and search terms



.REFERENCE



This all came from https://www.clickstudios.com.au/community/index.php?/topic/1781-password-field-reference-to-another-password/ if you're interested in the history of the script.



#>



#These are the two 'hard-coded' valuses for the script - the Password List field to search, and the search term. Script could be modified to prompt the user for these instead:



$PasswordstateURL = "https://passwordstate.url"



$SearchField = "Notes"



$SearchTerm = "ADCreds"



#Get the Password List ID:



Write-Host "Enter the ID of your private password list.`nYou can find it by hovering your mouse over top of of the list name.`n"



$PasswordListID = Read-Host -Prompt 'Password List ID'



#Prompt the user for the API key for their specific Password List. They can set/find it in the Password List settings on the API Key tab:



Write-Host "`nEnter the API Key of your private password list.`nYou can set it in the Password List settings, on the API Key tab.`n"



$APIKey = Read-Host -Prompt 'Enter your API Key' -AsSecureString

$APIKey = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($APIKey))



Write-Host ""



#Prompt the user for their new AD password:



$NewPassword = Read-Host -Prompt 'Enter your new AD Password' -AsSecureString

$NewPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($NewPassword))



#Have the user verify their AD password:



$NewPasswordVerify = Read-Host -Prompt 'Confirm your new AD Password' -AsSecureString

$NewPasswordVerify = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($NewPasswordVerify))



#Validate that $NewPassword and $NewPasswordVerify are the same.  If not, exit the script:



If ($NewPassword -ne $NewPasswordVerify) {



   Write-Host "`nSorry, your passwords don't match. Please run the script again.`n"

   

   Exit

   

   }



Write-Host ""



#Combine the variables into the URL to use for the API call:



$FullURL = "$PasswordstateURL/api/searchpasswords/" + $PasswordListID + "?" + $SearchField + "=" + $SearchTerm



#Create an array $SearchResults and fill it with all the password entries:



$SearchResults = Invoke-Restmethod -Method GET -Uri $FullURL -Header @{ "APIKey" = $APIKey }



#Create an array $PasswordIDs and fill it with all the Password IDs:



$PasswordIDs = $SearchResults.PasswordID



$PasswordTitles = $SearchResults.Title



$PasswordURLs = $SearchResults.URL



$PasswordCounter = 0



#Go through all the Password IDs and attempt to update them with the new password:



Foreach ($PasswordRecord in $PasswordIDs){



   #Gather the ID of the password to be updated along with the value for the new password:

   

   $jsonString = '{"PasswordID":"' + $PasswordRecord + '", "Password":"' + $NewPassword + '"}'

   

   #Clear the $Error catcher variable:

   

   $Error.Clear()

   

   #Attempt to send the API the password info gathered above:

   

   Try {

   

      Invoke-Restmethod -Method PUT -Uri "$PasswordstateURL/api/passwords" -ContentType "application/json" -Body $jsonString -Header @{ "APIKey" = $APIKey }

	  

	  }

	  

	#If the password update call throws an error, show it to the user and exit the script:

	

	Catch {

	

	   Write-Host "Uh oh, was at least one error! The API said:`n`n$Error`n`nNumber of passwords updated: $PasswordCounter"

	   

	   Write-Host "`nIf any passwords got updated, you should check your passwords and make sure they are what they should be.`n"

	   

	   Exit

	   

	   }



	#If the password update succeeded, increment the counter and clear the screen so the password isn't visible:   

   

   $PasswordCounter = $PasswordCounter + 1

   

   cls



   }



#Give the user some info about the passwords that got updated:

   

Write-Host "`n$PasswordCounter passswords updated!`n"



$x = 0



While ($x -lt $PasswordCounter)

{

   Write-Host "$($PasswordTitles[$x]) --- $($PasswordURLs[$x])"

   $x++

}



#Goodbye!



Exit

 

Link to comment
Share on other sites

  • 3 months later...
  • 1 year later...
On 9/14/2016 at 1:38 AM, support said:

Hi Greg,

 

We'll need to consider your request in a future release - maybe we could extend the feature where you can copy and link passwords, but allow you to have unique values on certain fields, instead of exact copies.

 

Regards

Click Studios

 

Hi, sorry to respond to this old post but are there any updates on that feature?

Is it planned?


I'm desperately trying to have the same password linked to multiple URLs (ILO Interfaces in that case) and I don't realy want to create multiple entries with the same password.

It would be awesome if you could create one entry and have somehow multiple URLs linked to it which are recognised by the browser add on.

 

I understand that you can create custom fields on a password list, would that work?

But I don't want to have every entry in that list to show multiple URL fields, only the ILO specific entry.

Creating a list just to add one entry seems a bit unneccesary, doesn't it?
Also you can only create 10 additional fields, which is not enough.

 

Is there a way to achieve this?

 

any help is much appreciated 

thanks

Link to comment
Share on other sites

Hello bsom,

Unfortunately we have not looked into this further, due to the amount of other requests we have - and this would require a reasonably large redesign to support this.

If you're wanting to use our browser extensions for logging into sites, then it will require separate password records for this, and the generic fields won't help unfortunately.

 

11 hours ago, bsom said:

Creating a list just to add one entry seems a bit unneccesary, doesn't it?

For the comment above, you can store all web site logins in the one Password List - you don't need to create different ones. Sorry If I've misunderstood what you mean here.

And again sorry, it is only possibly to have 10 generic fields - with 19 fields in total, we expecting this to be more than enough to store password credentials :(

Regards

Click Studios

Link to comment
Share on other sites

Ok, thanks for the quick response

 

7 hours ago, support said:

If you're wanting to use our browser extensions for logging into sites, then it will require separate password records for this, and the generic fields won't help unfortunately.

 Oh...

so even IF I'd create more URL fields on one entry the browser ext would not recognise them?

 

7 hours ago, support said:

For the comment above, you can store all web site logins in the one Password List - you don't need to create different ones. Sorry If I've misunderstood what you mean here.

Yea, no, I got that, we do have one list for all of them

 

7 hours ago, support said:

And again sorry, it is only possibly to have 10 generic fields - with 19 fields in total, we expecting this to be more than enough to store password credentials :(

It's totaly enough usually, it just would've come in handy if the "multiple URL, one password" thingy I was trying, would've worked

 

Anyway, I'll adapt to it

 

thanks

regards

Link to comment
Share on other sites

  • 1 year later...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...