David Tawater Posted August 18, 2021 Share Posted August 18, 2021 I am working on building a powershell secretmanagement plugin to enable use with the console and passwordstate. I am trying to determine what the best way of testing of the API. Many rest servers have a basic url to test. With this functionality I could then perform pipeline automation with our corporate service tools and then leave the password policies to cycle the passwords automatically instead of manual human intervention when the api keys change on a periodic basis. I thought about this as a method. Is there a better way [bool] isOnline() { # TODO: Research PasswordState api health check functionality. # Initialize result variable [bool]$Result = $false # Produces a URL like https://passwordstate.url/api/ with the command default being a single '/' # InvokeApi attaches the apikey via header. $Response = $this.InvokeApi($this.GetUri($this.Command.Default)) switch ($Response.HttpStatusCode) { {$_ -in 200,201,204} { $Result = $true } {$_ -in 400,401,403,404,500} { $Result = $false } Default { $Result = $false } } return $Result } I have also thought about using this specific method of testing more towards each single password list itself. [bool] isOnline() { # TODO: Research PasswordState api health check functionality. # Initialize result variable [bool]$Result = $false # Produces a URL like https://passwordstate.url/api/passwordlists/1 # This of course produces a noisy audit entry that i cannot omit # with PreventAuditing=true and massively fills the logs for just an # online connectivity check. # InvokeApi attaches the apikey via header. $Response = $this.InvokeApi($this.GetUri($this.Command.PasswordLists)) switch ($Response.HttpStatusCode) { {$_ -in 200,201,204} { $Result = $true } {$_ -in 400,401,403,404,500} { $Result = $false } Default { $Result = $false } } return $Result } Is there a way to call one of the api methods to only check if the api key is valid? My use case is to fully depend on password state to manage our testing, backup and operations tasks credentials to passwordstate and have password policy and periodic cycling handled within passwordstate itself. as for the cycling of the api keys we determined this could potentially fall into audit scope and we would be required to have a api key change policy implemented. as of right now we CAN do this with either method above...but the first method seems like its never going to explain if they key is valid and could cause our internal pipeline to fail needlessly. the second method could be useful but will extensively increase our auditing log data needlessly. Any help is appreciated. Link to comment Share on other sites More sharing options...
Mordecai Posted August 23, 2021 Share Posted August 23, 2021 Hi @David Tawater I am one of the people contributing to the development of the Passwordstate-Management powershell module. As far as I know, there is currently no method to perform a health check. We are using the Passwordstate-Management module in all of our pipelines. Currently, as a workaround, we are using the sarchpasswords api method with a "static" password list + password entry named "APITest". This test entry will never get deleted and we are using it to test if the API is reachable and if we are getting correct answers. But we cannot test if any API Key is correct, only the one specified for these test list. (You could als create a test entry in each list but I don't know if it's worth the effort.) When using the searchpasswords method, you can also add the PreventAuditing option. You can of course, also use another search parameter instead of the title. https://passwordstate.localdomain/api/searchpasswords/1?Title=apitest&PreventAuditing=true (or with the module) Get-PasswordStatepassword -Title apitest -PasswordListID 1 -PreventAuditing -Verbose Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now