enigmatic Posted September 19, 2019 Share Posted September 19, 2019 We have multiple password lists. Lists are grouped in folders. Folders have access control enabled with different people assigned to each one. Each list can be accessed by API using per list APIKey. If we use the same APIKey then everyone who needs to have automated access to one of them has access to all of them. If we use different APIKeys for each list then we preserve per folder access, but automatic access gets more complicated since we have to juggle both Passwordlist ID and APIKey (that should be secret and can't be stored in repo - like "hey before running this, set these 5 different apikey secret variables and don't write it down or check it in") What would be nice if there was a per user APIKey that would allow access to API like "/api/passwords/${LIST_ID}?QueryAll". This way everyone could run automated scripts and have access to all the password lists that they are assigned access to in Passwordstate by setting a single UserAPIKey environment/Header variable, and let Passwordstate to handle access control. Link to comment Share on other sites More sharing options...
support Posted September 19, 2019 Share Posted September 19, 2019 Hello, Thanks for your feedback. We're not sure if you're able to use it or not, but have you considered our Windows Integrated API - this does not need any API Keys, and gives you the same level of access as when you log into Passwordstate? Regards Click Studios Link to comment Share on other sites More sharing options...
enigmatic Posted September 20, 2019 Author Share Posted September 20, 2019 That could solve it as all people involved have windows workstations, but scripts that need to fetch from passwordstate are often run remotely on linux boxes or automatically in response to some defined trigger... Would it be possible to extract some sort of auth header created by "Invoke-Restmethod -Method Get -Uri $PasswordstateUrl -UseDefaultCredentials" and reuse it on a different box (for example in curl as a request header)? Link to comment Share on other sites More sharing options...
support Posted September 20, 2019 Share Posted September 20, 2019 Hello enigmatic, Other customers have the WinAPI from Linux machines - here is the forum post discussing it - https://www.clickstudios.com.au/community/index.php?/topic/2387-can-winapi-be-used-via-a-linux-shell-script/ We hope this helps. Regards Click Studios enigmatic 1 Link to comment Share on other sites More sharing options...
enigmatic Posted September 26, 2019 Author Share Posted September 26, 2019 I think this can be used for this purpose, I will need some time to check it out. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now