Passwordstate API - Allow creation of password lists without system wide api key

[Mordecai]

hi @support

 

for some of our automation use cases, we need the ability to dynamically create password lists. But we don't want to make the System Wide API Key generally known to so many people for this.

 

Can you integrate a way to allow password lists to be created without System Wide API Keys? e.g. by using an API Key on an existing folder?

So you would only have to create a folder for the colleagues, assign an API Key on this folder and with this API Key the employees can create as many password lists in this folder only as they want.

Thanks,
René

 

[Sarge]

On 10/20/2023 at 1:55 AM, Mordecai said:

But we don't want to make the System Wide API Key generally known to so many people for this.

What we do is run the script as a service account (Passwordstate automatically updates the password every XX days); with the Sys Wide API key being a user environment variable in the service account context.

 

the script sets and API variable to that of the environment variable. Doesn’t get captured in logging, doesn’t get committed to Git. 
no one knows the key except security administrator(s) with the required security role, no one can see the key without knowing the service account password.