Jump to content

User APIKey


enigmatic

Recommended Posts

We have multiple password lists.

Lists are grouped in folders.

Folders have access control enabled with different people assigned to each one.

Each list can be accessed by API using per list APIKey.

 

If we use the same APIKey then everyone who needs to have automated access to one of them has access to all of them.

If we use different APIKeys for each list then we preserve per folder access, but automatic access gets more complicated since we have to juggle both Passwordlist ID and APIKey (that should be secret and can't be stored in repo - like "hey before running this, set these 5 different apikey secret variables and don't write it down or check it in")

 

What would be nice if there was a per user APIKey that would allow access to API like "/api/passwords/${LIST_ID}?QueryAll".

This way everyone could run automated scripts and have access to all the password lists that they are assigned access to in Passwordstate by setting a single UserAPIKey environment/Header variable, and let Passwordstate to handle access control.

Link to comment
Share on other sites

Hello,

Thanks for your feedback. We're not sure if you're able to use it or not, but have you considered our Windows Integrated API - this does not need any API Keys, and gives you the same level of access as when you log into Passwordstate?

Regards

Click Studios

Link to comment
Share on other sites

That could solve it as all people involved have windows workstations, but scripts that need to fetch from passwordstate are often run remotely on linux boxes or automatically in response to some defined trigger...

Would it be possible to extract  some sort of auth header created by "Invoke-Restmethod -Method Get -Uri $PasswordstateUrl -UseDefaultCredentials" and reuse it on a different box (for example in curl as a request header)?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...