passbolt / go-passbolt-cli Goto Github PK

View Code? Open in Web Editor NEW

58.0 5.0 14.0 338 KB

A CLI tool to interact with Passbolt, a Open source Password Manager for Teams

Home Page: https://passbolt.com

License: MIT License

Go 100.00%

cli passbolt

go-passbolt-cli's Introduction

go-passbolt-cli

A CLI tool to interact with Passbolt, an Open source Password Manager for teams.

If you want to do something more complicated: this Go Module to Interact with Passbolt from Go might intrest you.

Disclaimer: This project is community driven and not associated with Passbolt SA

Install

Via Repository (Prefered):

Use the package from your Distros Official Repository

Via Package:

Download the deb/rpm Package for your Distro and architecture from the Latest Release.
Install via your Distros Package manager like `dpkg -i`

Via Homebrew

brew install passbolt/tap/go-passbolt-cli

Via Archive:

Download and Extract the Archive for your OS and architecture from the Latest Release.

Note: tab completion and manpages will need to be installed manually.

Via Go:

go install github.com/passbolt/go-passbolt-cli@latest

Note: this will install the binary as go-passbolt-cli, also tab completion and manpages will be missing.

Getting Started

First you need to Setup basic information: the Server Address, your Private Key and your Password. You have these options:

Save it in the config file using

passbolt configure --serverAddress https://passbolt.example.org --userPassword '1234' --userPrivateKeyFile 'keys/privatekey.asc'

passbolt configure --serverAddress https://passbolt.example.org --userPassword '1234' --userPrivateKey '-----BEGIN PGP PRIVATE KEY BLOCK-----'

Setup Environment Variables
Provide the Flags manually every time

Notes:

You can set the Private Key using the flags --userPrivateKey or --userPrivateKeyFile where --userPrivateKey takes the actual private key and --userPrivateKeyFile loads the content of a file as the PrivateKey, --userPrivateKeyFile overwrites the value of --userPrivateKey.
You can also just store the serverAddress and your Private Key, if your Password is not set it will prompt you for it every time.
Passwordless PrivateKeys are unsupported
MFA settings can also be save permanently this ways

Usage

Generally the Structure of Commands is like this:

passbolt action entity [arguments]

Action is the Action you want to perform like Creating, Updating or Deleting an Entity. Entity is a Resource(Password), Folder, User or Group that you want to apply an action to.

In Passbolt a Password is usually revert to as a Resource.

To Create a Resource you can do this, it will return the ID of the newly created Resource:

passbolt create resource --name "Test Resource" --password "Strong Password"

You can then list all users:

passbolt list user

Note: you can adjust which columns should be listed using the flag --column or its short from -c, if you want multiple column then you need to specify this flag multiple times.

For sharing we will need to know how we want to share, for that there are these Permission Types:

Code	Meaning
`1`	"Read-only"
`7`	"Can update"
`15`	"Owner"
`-1`	Delete existing permission

Now that we have a Resource ID, know the ID's of other Users and about know about Permission Types, we can share the Resource with them:

passbolt share resource --id id_of_resource_to_share --type type_of_permission --user id_of_user_to_share_with

Note: you can supply the the users argument multiple times to share with multiple users

For sharing with groups the --group argument exists.

MFA

You can setup MFA also using the configuration sub command, only TOTP is supported, there are multiple modes for MFA: none, interactive-totp and noninteractive-totp.

Mode	Description
`none`	just errors if challenged for MFA.
`interactive-totp`	prompts for interactive entry of TOTP Codes.
`noninteractive-totp`	automatically generates TOTP Codes when challenged, it requires the `mfaTotpToken` flag to be set to your totp Secret, you can configure the behavior using the `mfaDelay`, `mfaRetrys` and `mfaTotpOffset` flags

Server Verification

To enable Server Verification you need to run passbolt verify once, after that the server will always be verified if the same config is used

Scripting

For Scripting we have a -j or --json flag to convert the Output for the create, get and list commands to JSON for easier Parsing in Scripts.

Note: The JSON Output does not cover Error Messages, you can detect Errors by checking if the Exitcode is not 0

Documentation

Usage for all Subcommands is here. And is also available via man passbolt

go-passbolt-cli's People

Contributors

Stargazers

Watchers

Forkers

stripthis alexf4dev unicorn-blubber chazzrobbz pimadaum stjordanis mm86133 hypertntclown boolwinkle linuxleague kskarthik rmpr pbogut froque

go-passbolt-cli's Issues

README details

Describe the bug:

The Go ecosystem moves forward, and has new installation patterns. When running the installation command from the README, an error is thrown.

To Reproduce:

Run go install github.com/passbolt/go-passbolt-cli

See

go install: version is required when current directory is not in a module
    Try 'go install github.com/passbolt/go-passbolt-cli@latest' to install the latest version

Additional context

go install github.com/passbolt/go-passbolt-cli@latest works as expected, since the last tagged release was already long time ago.

Homebrew installation?

Would it be possible to add a Homebrew (brew utility) installation option?

A new public GitHub repository needs to be created named "homebrew-tap" with a directory named "Formula".

Then the following goreleaser yaml can be added to the current .goreleaser.yml (the brews option may be outdated, not sure)

brews:
  - name: go-passbolt-cli
    tap:
      owner: passbolt
      name: homebrew-tap
    commit_author:
      name: passbolt
    folder: Formula
    homepage: https://github.com/passbolt/go-passbolt-cli
    description: A CLI tool to interact with Passbolt, an Open source Password Manager for teams.

When implemented, go-passbolt-cli can be installed issuing:

brew install passbolt/tap/go-passbolt-cli

MFA not working with APP_BASE set to something

Describe the bug:
Hello, I'm trying to access my self-hosted installation of passbolt with go-passbolt-cli and I'm always receiving the following error whatever method I set in --mfaMode

Error: Logging in: Getting CSRF Token: Error API JSON Response Status: Message: MFA authentication is required., Body: {"mfa_providers":["totp"],"providers":{"totp":"https:\/\/server.domain.com:12345\/passbolt\/mfa\/verify\/totp.json"}}

My passbolt is started with APP_BASE set to /passbolt and if I comment out APP_BASE the MFA works correctly.

To Reproduce:
Just start passbolt with APP_BASE environment variable set to /passbolt, for example with docker

services:
  passbolt:
    container_name: passbolt
    image: passbolt/passbolt:4.9.0-1-ce
    restart: unless-stopped
    environment:
      APP_BASE: "/passbolt"
	  [...]

Output when using --debug (you should censor this):

If I masked too much in the below output please let me know.

[go-passbolt] Request URL: https://server.domain.com:12345/passbolt/auth/login.json?api-version=v2
[go-passbolt] Raw Request: {"gpg_auth":{"keyid":"*****"}}
[go-passbolt] Raw Response: {"header":{"id":"01df63b6-8135-42c1-ad9d-3aeef933a011","status":"error","servertime":1723212746,"action":"a3c19ad2-8920-5395-86d0-8567cb34f382","message":"The authentication failed.","url":"\/passbolt\/auth\/login.json?api-version=v2","code":200},"body":null}
[go-passbolt] Got Encrypted Auth Token: -----BEGIN\+PGP\+MESSAGE-----%0A*****%0A-----END\+PGP\+MESSAGE-----%0A
[go-passbolt] Decrypted Auth Token: gpgauthv1.3.0|36|*****|gpgauthv1.3.0
[go-passbolt] Request URL: https://server.domain.com:12345/passbolt/auth/login.json?api-version=v2
[go-passbolt] Raw Request: {"gpg_auth":{"keyid":"*****","user_token_result":"gpgauthv1.3.0|36|*****|gpgauthv1.3.0"}}
[go-passbolt] Raw Response: {"header":{"id":"*****","status":"success","servertime":1723212746,"action":"a3c19ad2-8920-5395-86d0-8567cb34f382","message":"You are successfully logged in.","url":"\/passbolt\/auth\/login.json?api-version=v2","code":200},"body":{"id":"USERID","role_id":"*****","username":"*****","active":true,"deleted":false,"disabled":null,"created":"2023-12-27T14:26:58+00:00","modified":"2024-08-09T14:09:32+00:00","groups_users":[],"profile":{"id":"22095967-fdc5-4ab4-bf02-f9bc8483d24e","user_id":"USERID","first_name":"***","last_name":"***","created":"2023-12-27T14:26:58+00:00","modified":"2024-08-09T14:09:32+00:00","avatar":{"id":"83d06e59-7e14-48b6-af44-140f47dea655","profile_id":"22095967-fdc5-4ab4-bf02-f9bc8483d24e","created":"2023-12-28T08:48:48+00:00","modified":"2024-08-09T14:09:32+00:00","url":{"medium":"https:\/\/server.domain.com:12345\/passbolt\/avatars\/view\/83d06e59-7e14-48b6-af44-140f47dea655\/medium.jpg","small":"https:\/\/server.domain.com:12345\/passbolt\/avatars\/view\/83d06e59-7e14-48b6-af44-140f47dea655\/small.jpg"}}},"gpgkey":{"id":"1da1f556-a521-4356-ba8c-fcb8bebe7430","user_id":"USERID","armored_key":"-----BEGIN PGP PUBLIC KEY BLOCK-----*****-----END PGP PUBLIC KEY BLOCK-----\n","bits":3072,"uid":"NAME \u003C*****\u003E","key_id":"*****","fingerprint":"*****","type":"RSA","expires":null,"key_created":"2023-12-27T14:28:40+00:00","deleted":false,"created":"2023-12-27T14:29:38+00:00","modified":"2023-12-27T14:29:38+00:00"},"role":{"id":"*****","name":"admin","description":"Organization administrator","created":"2012-07-04T13:39:25+00:00","modified":"2012-07-04T13:39:25+00:00"},"last_logged_in":null}}
[go-passbolt] Got Cookies: [passbolt_session=aj2t0ra8of9cvdr9uqjameo1ff; Path=/passbolt/; HttpOnly; Secure; SameSite=Lax]
[go-passbolt] Request URL: https://server.domain.com:12345/passbolt/users/me.json?api-version=v2
[go-passbolt] Raw Response: {"header":{"id":"e3038eac-14c9-42ac-844a-cb04a6ce6058","status":"error","servertime":1723212746,"action":"af9aa2c6-7355-514d-a4a0-3e74de4c0fdb","message":"MFA authentication is required.","url":"\/passbolt\/mfa\/verify\/error.json","code":403},"body":{"mfa_providers":["totp"],"providers":{"totp":"https:\/\/server.domain.com:12345\/passbolt\/mfa\/verify\/totp.json"}}}
Error: Logging in: Getting CSRF Token: Error API JSON Response Status: Message: MFA authentication is required., Body: {"mfa_providers":["totp"],"providers":{"totp":"https:\/\/server.domain.com:12345\/passbolt\/mfa\/verify\/totp.json"}}

Passbolt Server Version (please complete the following information):

Edition: Community Edition
Version 4.9.0-1-ce

go-passbolt-cli Version (please complete the following information):

OS: Debian 12 bookworm
Version 0.3.1

Additional context
None

[feature] resource create totp

Create totp resource type or add totp to an existing resource

Can't install v0.3.1 via homebrew

Describe the bug:
Can't install v0.3.1 via homebrew

To Reproduce:
Open terminal, run brew install passbolt/tap/go-passbolt-cli

==> Fetching passbolt/tap/go-passbolt-cli
==> Downloading https://github.com/passbolt/go-passbolt-cli/releases/download/v0.3.1/go-passbolt-cli_0.3.1_darwin_arm64.tar.gz
curl: (22) The requested URL returned error: 404

Error: go-passbolt-cli: Failed to download resource "go-passbolt-cli"
Download failed: https://github.com/passbolt/go-passbolt-cli/releases/download/v0.3.1/go-passbolt-cli_0.3.1_darwin_arm64.tar.gz

https://app.warp.dev/block/pUqTupOZuFb8pgmOf0uT0m

Output when using --debug (you should censor this):

Passbolt Server Version (please complete the following information):

Edition: Community
Version 0.3.1

go-passbolt-cli Version (please complete the following information):

OS: macOS
Version 13.4

Additional context
I think it's more than clear.

[feature] self upgrading release binary

The idea is to have similar feature to deno upgrade & bun upgrade in which the user can upgrade the existing binary using a cli flag.

This will be a useful feature for many users whose distributions which always do not ship with latest versions of the cli

I wish to work on this patch if we can agree on implementing such feature.

test with userPrivateKeyFile

Are you sure this if statement in line 100 is right ?
https://github.com/speatzle/go-passbolt-cli/blob/0449e9983cd98c7a946a901770bcc50fa50c8633/cmd/root.go#L100-L105

If no error raised and option userPrivateKeyFile isn't empty, the contents of the PrivateKeyFile is never saved in config file.

Add Keepass Export

Add a sub-command to export Passwords to a Keepass file.

This is useful for automatic Passbolt backups of a selfhosted instance which might go offline but may contain passwords needed to fix the instance.

Potential Library: https://github.com/tobischo/gokeepasslib

export to keepass with user + password + TOTP not possible

Describe the bug:
after using the new TOTP feature in passbolt the export to keepass is no longer possible

To Reproduce:

use credentials with TOTP entry
start passbolt export keepass

Output
Error: Get Resource 62, bbbbbbbb-cccc-1111-8a8a-badeaffe032 Unknown ResourceType: password-description-totp

Passbolt Server Version (please complete the following information):

Edition: PRO
Version 4.4.0

go-passbolt-cli Version (please complete the following information):

OS: linux
Version 0.2.0 via apt

Additional context

Getting error "UUID is not in the valid format xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" when trying to retrieve a resource by ID

Hello,

I am getting the error below, when trying to retrieve a resource by ID.
Do you have any idea, is this related to the Passbolt instance version (maybe we need to update it), or it's something related to the CLI tool?

Interestingly enough, the command passbolt get user --id works as expected

thanks a lot,
Marius

/ # passbolt get resource --id 30496b73-ab1e-4ee7-b63b-1b44facb8a3e Error: Getting Resource: Getting ResourceType: Checking ID format: UUID is not in the valid format xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx / #

Fix Readme go-passbolt-cli command examples

Some Examples use passbolt and some use go-passbolt-cli as the binary name.

Change all of these to passbolt since this is how the binary should be called with the Preferred Installation method.

Feature: CLI option to get the last modified date

I am using the passbolt cli to automate backups of my self-hosted instance to keepass files for offline access and disaster recovery. At this point in time, I'm not able to get the last modified date for either individual resources or the database as a whole.

This information would be helpful in preventing unnecessary duplication of data in backups.

What would be helpful is to either expose the last modification date in the resource list command, or add a new command to summarize this for me, and expose the most recent date.

[feature request] Package for nix

It would be great to have a package for Nix.

So I created one, if anyone wants to test:
NixOS/nixpkgs#304480

Add Nix as a Installation option to the Readme

Trying to use MFA, no documentation and example

Describe the bug:
My company use pro SAAS Passbolt, and since we activate MFA, cli passbolt ask for a TOTP, making it difficult to use in scripts.

To Reproduce:
Just try to automate passbolt acces via cli software

Output when using --debug (you should censor this):

Passbolt Server Version (please complete the following information):

Edition: PRO
Version unknown

go-passbolt-cli Version (please complete the following information):

OS: linux
Version v0.1.9

Additional context
I just need example on how to use it, I can write documentation around it but I need more information.

Feature: show version of go-passbolt-cli

Is it possible to add the "--version"/"-v" option, that allows the user to display the current version? This feature would enhance usability and provide users with quick access to essential information about the tool. Thanks :)

Impossible to connect

Hello,

When trying to use your script (seems great !), I've this error :

Error: Creating Client: Unable to Unlock UserPrivateKey using UserPassword: gopenpgp: key is not locked

The key is correctly inserted into the config.

Debug don't show any detailled information.

What can I do ?

Thanks,

Json Output: Respect Column Filter

Currently there is no way to exclude columns if JSON output is used.
This is a problem because on a list resource command every resource needs to be decrypted which may timeout depending on the amount of resources.

Error: no armored data found

go-passbolt-cli, Release v0.1.0 (go-passbolt-cli_0.1.0_Windows_x86_64.zip)

Hello,

I'm trying to use the go-passbolt-cli, and I'm running into the following error:

Error: Creating Client: Unable to Create Key From UserPrivateKey string: gopenpgp: error in reading key ring: openpgp: invalid argument: no armored data found

I tried passing the key as it is in the file given by passbolt when creating an account.
Could you please provide some examples of how the private key is supposed to be passed onto the cmd or the config file?

Thank you

Create Resource is completly bugged

Describe the bug:
When creating a new ressource, using:
passbolt create resource --name "delme4" --username "hi" --uri "wow.de" --password="1"

the created resource then has a JSON entry with the password itself in the password field:

? It goes even further, when updating the value then with:
passbolt update resource --id 940be140-6981-4d5a-bb7b-9cb64fe5bf7d -p "123"
This seems to work, but only until I try to pull the ressource 'delme4' with the ansible lookup plugin, which will throw an JSON Error when the resource got created over the go-passbolt-cli :

{
  - msg: An unhandled exception occurred while running the lookup plugin 'anatomicjc.passbolt.passbolt'. Error was a <class 'json.decoder.JSONDecodeError'>, original message: Expecting value: line 1 column 1 (char 0). Expecting value: line 1 column 1 (char 0)
}

Maybe something in my Setup is wrong? Everything else works as excepted (pulling/listening resources for example)

When adding a description:

To Reproduce:
Just run passbolt create resource --name "delme4" --username "hi" --uri "wow.de" --password="1"

Output when using --debug (you should censor this):

[go-passbolt] Request URL: https://passbolt.ourcompany.com/auth/login.json?api-version=v2
[go-passbolt] Raw Request: {"gpg_auth":{"keyid":"[...]"}}
[go-passbolt] Raw Response: {"header":{"id":"9df6debe-3b81-4156-b68d-1be7dba0fd0e","status":"error","servertime":1691574912,"action":"a3c19ad2-8920-5395-86d0-8567cb34f382","message":"The authentication failed.","url":"\/auth\/login.json?api-version=v2","code":200},"body":null}
[go-passbolt] Got Encrypted Auth Token: -----BEGIN\+PGP\+MESSAGE-----%0A%0AhQGMAwpEPpj1V9HEAQv7Bh[....]jYN%0Am5TfeJjk92CP2mQ%3D%0A%3Dvdfz%0A-----END\+PGP\+MESSAGE-----%0A
[go-passbolt] Decrypted Auth Token: gpgauthv1.3.0|36|45658f[...]-d7f274b4bca5|gpgauthv1.3.0
[go-passbolt] Request URL: https://passbolt.dc-company.com/auth/login.json?api-version=v2
[go-passbolt] Raw Request: {"gpg_auth":{"keyid":"dbb7[...]e9cc94dc39","user_token_result":"gpgauthv1.3.0|36|45[...]81-d7f274b4bca5|gpgauthv1.3.0"}}
[go-passbolt] Raw Response: {"header":{"id":"ea06156e-d874-4477-bae0-8c264236313a","status":"success","servertime":1691574912,"action":"a3c19ad2-8920-5395-86d0-8567cb34f382","message":"You are successfully logged in.","url":"\/auth\/login.json?api-version=v2","code":200},"body":{"id":"1a18252c-b31d-474c-8e43-a8a35d250fcd","role_id":"65d94402-d367-46d0-baf4-398c25391402","username":"[email protected]","active":true,"deleted":false,"created":"2023-05-29T11:52:57+00:00","modified":"2023-06-10T15:24:24+00:00","groups_users":[{"id":"e95096b4-9ddc-45fc-8d78-b7576c593792","group_id":"6a7cb6cc-ca6c-4cd2-8bd2-df3bcdfe1e1b","user_id":"1a18252c-b31d-474c-8e43-a8a35d250fcd","is_admin":true,"created":"2023-05-29T12:06:56+00:00"},{"id":"1667268e-2628-48d0-8cac-630da9a0ef66","group_id":"954b664a-95fe-49a4-827e-fab39297d051","user_id":"1a18252c-b31d-474c-8e43-a8a35d250fcd","is_admin":true,"created":"2023-05-29T19:31:22+00:00"},{"id":"7305e83b-5e8d-4412-927c-3b7845bc49c4","group_id":"a112eaa0-b580-4823-ad27-a4e0cff75505","user_id":"1a18252c-b31d-474c-8e43-a8a35d250fcd","is_admin":true,"created":"2023-05-29T19:32:39+00:00"},{"id":"6f8c3e1b-85f8-44bb-ab4f-1357a25dac48","group_id":"db678cc4-0cd0-4dd8-99ce-d3474514b4f6","user_id":"1a18252c-b31d-474c-8e43-a8a35d250fcd","is_admin":true,"created":"2023-05-29T11:57:29+00:00"},{"id":"2f933714-b365-405b-bf02-9135c9f6a1be","group_id":"f777e06c-0d7f-44d6-9e29-ea728f503d48","user_id":"1a18252c-b31d-474c-8e43-a8a35d250fcd","is_admin":true,"created":"2023-05-29T19:37:30+00:00"}],"profile":{"id":"90ce11d7-260a-4e72-b33e-cef0c241b4d5","user_id":"1a18252c-b31d-474c-8e43-a8a35d250fcd","first_name":"Passbolt","last_name":"Admin","created":"2023-05-29T11:52:57+00:00","modified":"2023-06-10T15:24:24+00:00","avatar":{"id":"3790a158-2b2d-4a7f-8cce-9158d05039ce","profile_id":"90ce11d7-260a-4e72-b33e-cef0c241b4d5","created":"2023-06-10T15:24:24+00:00","modified":"2023-06-10T15:24:24+00:00","url":{"medium":"https:\/\/passbolt.dc-company.com\/avatars\/view\/3790a158-2b2d-4a7f-8cce-9158d05039ce\/medium.jpg","small":"https:\/\/passbolt.dc-company.com\/avatars\/view\/3790a158-2b2d-4a7f-8cce-9158d05039ce\/small.jpg"}}},"gpgkey":{"id":"b7f7e71e-1e82-4c60-a584-334d0bf9843f","user_id":"1a18252c-b31d-474c-8e43-a8a35d250fcd","armored_key":"-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nxsDNBGR0ksIBDACz\/vRS47tMNM5x16LOonmjPS71RoB\/xPjNg\/2Ez5[...]/f5IbgDQE+VMeavO9mFMyDT82OpNk\n6ZbtL7RnhQHdiICWjUCujMMW3gFET0ywb6QyBHU03dMEwYQL5zKYRiIo8LZr\nDyNHAePrtnc6SBh3uCQNI5b3+EKIEg==\n=QX88\n-----END PGP PUBLIC KEY BLOCK-----\n","bits":3072,"uid":"Admin Admin \[email protected]\u003E","key_id":"656046E9CC94DC39","fingerprint":"DBB7DCF20BBE2665DBE2921A656046E9CC94DC39","type":"RSA","expires":null,"key_created":"2023-05-29T11:55:46+00:00","deleted":false,"created":"2023-05-29T11:56:14+00:00","modified":"2023-05-29T11:56:14+00:00"},"role":{"id":"65d94402-d367-46d0-baf4-398c25391402","name":"admin","description":"Organization administrator","created":"2012-07-04T13:39:25+00:00","modified":"2012-07-04T13:39:25+00:00"},"last_logged_in":null}}
[go-passbolt] Got Cookies: [passbolt_session=meoprvli1sr4ltqlf52a6ake0e; Path=/; HttpOnly; Secure; SameSite=Lax]
[go-passbolt] Request URL: https://passbolt.ourcompany.com/users/me.json?api-version=v2
[go-passbolt] Raw Response: {"header":{"id":"c2ee9ceb-397f-4c84-80a5-7807dccdd62f","status":"success","servertime":1691574912,"action":"881ab948-e40f-5a72-91aa-54b442270029","message":"The operation was successful.","url":"\/users\/me.json?api-version=v2","code":200},"body":{"id":"1a18252c-b31d-474c-8e43-a8a35d250fcd","role_id":"65d94402-d367-46d0-baf4-398c25391402","username":"[email protected]","active":true,"deleted":false,"created":"2023-05-29T11:52:57+00:00","modified":"2023-06-10T15:24:24+00:00","groups_users":[{"id":"e95096b4-9ddc-45fc-8d78-b7576c593792","group_id":"6a7cb6cc-ca6c-4cd2-8bd2-df3bcdfe1e1b","user_id":"1a18252c[...]a8a35d250fcd","is_admin":true,"created":"2023-05-29T12:06:56+00:00"},{"id":"1667268e-2628-48d0-8cac-630da9a0ef66","group_id":"954b664a-95fe-49a4-827e-fab39297d051","user_id":"1a18252c-b31d-474c-8e43-a8a35d250fcd","is_admin":true,"created":"2023-05-29T19:31:22+00:00"},{"id":"7305e83b-5e8d-4412-927c-3b7845bc49c4","group_id":"a112eaa0-b580-4823-ad27-a4e0cff75505","user_id":"1a18252c-b31d-474c-8e43-a8a35d250fcd","is_admin":true,"created":"2023-05-29T19:32:39+00:00"},{"id":"6f8c3e1b-85f8-44bb-ab4f-1357a25dac48","group_id":"db678cc4-0cd0-4dd8-99ce-d3474514b4f6","user_id":"1a18252c-b31d-474c-8e43-a8a35d250fcd","is_admin":true,"created":"2023-05-29T11:57:29+00:00"},{"id":"2f933714-b365-405b-bf02-9135c9f6a1be","group_id":"f777e06c-0d7f-44d6-9e29-ea728f503d48","user_id":"1a18252c-b31d-474c-8e43-a8a35d250fcd","is_admin":true,"created":"2023-05-29T19:37:30+00:00"}],"profile":{"id":"90ce11d7-260a-4e72-b33e-cef0c241b4d5","user_id":"1a18252c-b31d-474c-8e43-a8a35d250fcd","first_name":"Passbolt","last_name":"Admin","created":"2023-05-29T11:52:57+00:00","modified":"2023-06-10T15:24:24+00:00","avatar":{"id":"3790a158-2b2d-4a7f-8cce-9158d05039ce","profile_id":"90ce11d7-260a-4e72-b33e-cef0c241b4d5","created":"2023-06-10T15:24:24+00:00","modified":"2023-06-10T15:24:24+00:00","url":{"medium":"https:\/\/passbolt.dc-company.com\/avatars\/view\/3790a158-2b2d-4a7f-8cce-9158d05039ce\/medium.jpg","small":"https:\/\/passbolt.dc-company.com\/avatars\/view\/3790a158-2b2d-4a7f-8cce-9158d05039ce\/small.jpg"}}},"gpgkey":{"id":"b7f7e71e-1e82-4c60-a584-334d0bf9843f","user_id":"1a18252c-b31d-474c-8e43-a8a35d250fcd","armored_key":"-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nxsDNBGR0ksIBDACz\/vRS47tMNM5x16LOonmjPS71RoB[...]UCujMMW3gFET0ywb6QyBHU03dMEwYQL5zKYRiIo8LZr\nDyNHAePrtnc6SBh3uCQNI5b3+EKIEg==\n=QX88\n-----END PGP PUBLIC KEY BLOCK-----\n","bits":3072,"uid":"Admin Admin \[email protected]\u003E","key_id":"656046E9CC94DC39","fingerprint":"DBB7DCF20BBE2665DBE2921A656046E9CC94DC39","type":"RSA","expires":null,"key_created":"2023-05-29T11:55:46+00:00","deleted":false,"created":"2023-05-29T11:56:14+00:00","modified":"2023-05-29T11:56:14+00:00"},"role":{"id":"65d94402-d367-46d0-baf4-398c25391402","name":"admin","description":"Organization administrator","created":"2012-07-04T13:39:25+00:00","modified":"2012-07-04T13:39:25+00:00"},"is_mfa_enabled":false,"last_logged_in":null}}
[go-passbolt] Request URL: https://passbolt.ourcompany.com/resource-types.json?api-version=v2
[go-passbolt] Raw Response: {"header":{"id":"60588a92-cdbb-4ceb-8bbc-9740a5de34ac","status":"success","servertime":1691574912,"action":"e2aa01a9-84ec-55f8-aaed-24ee23259339","message":"The operation was successful.","url":"\/resource-types.json?api-version=v2","code":200},"body":[{"id":"a28a04cd-6f53-518a-967c-9963bf9cec51","slug":"password-and-description","name":"Password with description","description":"A resource with the password and the description encrypted.","definition":{"resource":{"type":"object","required":["name"],"properties":{"name":{"type":"string","maxLength":255},"username":{"anyOf":[{"type":"string","maxLength":255},{"type":"null"}]},"uri":{"anyOf":[{"type":"string","maxLength":1024},{"type":"null"}]}}},"secret":{"type":"object","required":["password"],"properties":{"password":{"type":"string","maxLength":4096},"description":{"anyOf":[{"type":"string","maxLength":10000},{"type":"null"}]}}}},"created":"2023-05-29T11:52:56+00:00","modified":"2023-05-29T11:52:56+00:00"},{"id":"669f8c64-242a-59fb-92fc-81f660975fd3","slug":"password-string","name":"Simple password","description":"The original passbolt resource type, where the secret is a non empty string.","definition":{"resource":{"type":"object","required":["name"],"properties":{"name":{"type":"string","maxLength":255},"username":{"anyOf":[{"type":"string","maxLength":255},{"type":"null"}]},"uri":{"anyOf":[{"type":"string","maxLength":1024},{"type":"null"}]},"description":{"anyOf":[{"type":"string","maxLength":10000},{"type":"null"}]}}},"secret":{"type":"string","maxLength":4096}},"created":"2023-05-29T11:52:56+00:00","modified":"2023-05-29T11:52:56+00:00"}]}
[go-passbolt] Request URL: https://passbolt.ourcompany.com/resources.json?api-version=v2
[go-passbolt] Raw Request: {"name":"delme5","uri":"wow.de","username":"hi","resource_type_id":"669f8c6[...]60975fd3","resource_type":{},"secrets":[{"data":"-----BEGIN PGP MESSAGE-----\nVersion: GopenPGP 2.5.0\nComment: https://gopenpgp.org\n\nwcDMA[...]----END PGP MESSAGE-----"}]}
[go-passbolt] Raw Response: {"header":{"id":"23084[...]85681034b","status":"success","servertime":1691574912,"action":"ad8bbc35-6435-538e-b1a7-80b87bcedb6a","message":"The resource has been added successfully.","url":"\/resources.json?api-version=v2","code":200},"body":{"id":"612589e4-6a0b-467d-a85a-d0cdaa5ed7d3","name":"delme5","username":"hi","uri":"wow.de","description":null,"deleted":false,"created":"2023-08-09T09:55:12+00:00","modified":"2023-08-09T09:55:12+00:00","created_by":"1a18252c-b31d-474c-8e43-a8a35d250fcd","modified_by":"1a18252c-b31d-474c-8e43-a8a35d250fcd","resource_type_id":"669f8c64-242a-59fb-92fc-81f660975fd3","favorite":null,"modifier":{"id":"1a18252c-b31d-474c-8e43-a8a35d250fcd","role_id":"65d94402-d367-46d0-baf4-398c25391402","username":"[email protected]","active":true,"deleted":false,"created":"2023-05-29T11:52:57+00:00","modified":"2023-06-10T15:24:24+00:00","last_logged_in":null},"creator":{"id":"1a18252c-b31d-474c-8e43-a8a35d250fcd","role_id":"65d94402-d367-46d0-baf4-398c25391402","username":"[email protected]","active":true,"deleted":false,"created":"2023-05-29T11:52:57+00:00","modified":"2023-06-10T15:24:24+00:00","last_logged_in":null},"secrets":[{"id":"cfde93d6-04c4-4ee0-acc7-cf1872edab0d","user_id":"1a18252c-b31d-474c-8e43-a8a35d250fcd","resource_id":"612589e4-6a0b-467d-a85a-d0cdaa5ed7d3","data":"-----BEGIN PGP MESSAGE-----\nVersion: GopenPGP 2.5.0\nComment: https:\/\/gopenpgp.org\n\nwcDMAwpEPpj1V9HEAQv+NilqfkhWP2WziAx8+sXQMKKe8oVedkfjSajjeeUK2FkH\nwlu5RFUA+N2yEpHEYejuaYNkrXWxbK861[...]vYVwipehgtFbMdtfdBqmnagNtnwova5M1dXFhXsmbMtIZ9hwbwR5IbIErXTB\nj771zXx236MfGjIbChuN98uypsRBXa9O7oc8azMD4ZHDD1HLN2v6EBfMv63vWW1Y\nRbmnRlHGioaw8EPT\/FBFKrrJcO4TN3\/KWNwyfyANmc6izhBJ+xRrgZXTTb4iCQsX\nVDl2xGxmZkj+1Y79xk9mJ4sWpH1QCMbiVMhtyVpvAqK7zCJ\/lo\/NQN+bhkUUCz0N\nwD7HcwhueoM=\n=VGuF\n-----END PGP MESSAGE-----","created":"2023-08-09T09:55:12+00:00","modified":"2023-08-09T09:55:12+00:00"}],"permission":{"id":"a74a4816-612c-419e-bc48-29142cb438b4","aco":"Resource","aco_foreign_key":"612589e4-6a0b-467d-a85a-d0cdaa5ed7d3","aro":"User","aro_foreign_key":"1a18252c-b31d-474c-8e43-a8a35d250fcd","type":15,"created":"2023-08-09T09:55:12+00:00","modified":"2023-08-09T09:55:12+00:00"},"folder_parent_id":null,"personal":true}}
ResourceID: 612589e4-6a0b-467d-a85a-d0cdaa5ed7d3
[go-passbolt] Request URL: https://passbolt.ourcompany.com/auth/logout.json?api-version=v2
[go-passbolt] Raw Response: {"header":{"id":"55ce4ab6-bcd9-4b87-a98f-8f2c249f6036","status":"success","servertime":1691574912,"action":"19f9a792-3495-597b-bc94-dff1bc3e3967","message":"You are successfully logged out.","url":"\/auth\/logout.json?api-version=v2","code":200},"body":null}

Passbolt Server Version (please complete the following information):

Edition: Community
Version 4.1.2

go-passbolt-cli Version (please complete the following information):

OS: Ubuntu 20
Version 0.2.0

[feature] Get resource TOTP code (somewhat implemented)

The feature:
I would like to be able to generate TOTP code for resource from the cli.

Work done so far:
In order to make it work the go-passbolt would have to be updated. I did that in this commit: pbogut/go-passbolt@e8b14eb
Then this repo has to be updated to use generated code. I've done it here: pbogut@02607cc

My change works, and code is displayed when getting resource. Note that I did it just for myself as a proof of concept.

Things up for discussion:

Is this something that would be merged if pull request was made here and in go-passbolt repo?
Should go-passbolt return code, or should it return secret so go-passbolt-cli can generate code?
Is it ok to return it when it's available, or should it be only returned via flag?
Does any other repo depend on go-passbolt and would have to be updated as well?

Export keepass could also export folder hierarchy

Describe the bug:
passbolt export keepass works well, it's a very useful feature.

But the generated kdbx database contains all passwords under the root, without the original folder hierarchy. It's actually not really a big problem; but if it were possible to retrieve the folder hierarchy too, it would be nice.

Passbolt Server Version (please complete the following information):

Edition: Cloud
Version 4.8.0-1

go-passbolt-cli Version (please complete the following information):

OS: Debian
Version 0.3.1

Configuration File Location?

When configure is first run

Example:
passbolt configure --serverAddress https://passbolt.example.org --userPassword '1234' --userPrivateKeyFile 'keys/privatekey.asc'

Where is the local configuration file stored?

MFA is not working when Server default Language is not English

Hello,

we are using a self hostet passbolt instance with MFA TOTP activated.

When i issue ~/go/bin/go-passbolt-cli command with different options set i always get the following error

Error: Logging in: Getting CSRF Token: Error API JSON Response Status: Message: MFA-Authentifizierung ist erforderlich., Body: {"mfa_providers":["totp"],"providers":{"totp":"https:\/\/#########\/mfa\/verify\/totp.json"}}

The following commands i've tried
with non interactive

~/go/bin/go-passbolt-cli list folder --serverAddress https://######### --userPrivateKeyFile ~/.config/passbolt/my_private_passbolt.key --mfaMode noninteractive-totp --totpToken ############################################

with interactive mode, but i get no prompt for totp

~/go/bin/go-passbolt-cli list folder --serverAddress https://######### --userPrivateKeyFile ~/.config/passbolt/my_private_passbolt.key --mfaMode interactive-totp

Below is the output if i set the --debug flag. I needed to mask some stuff. sorry for that

Loading Private Key from File: /home/####/.config/passbolt/my_private_passbolt.key
Enter Password:
[go-passbolt] Request URL: https://#########/auth/login.json?api-version=v2
[go-passbolt] Raw Request: {"gpg_auth":{"keyid":"9a84f0a95d89e6f648677a9ef09ee4c10122aa27"}}
[go-passbolt] Raw Response: {"header":{"id":"1fb367da-30cf-4612-8ae9-2ff8ad62893c","status":"error","servertime":1649318386,"action":"a3c19ad2-8920-5395-86d0-8567cb34f382","message":"The authentication failed.","url":"\/auth\/login.json?api-version=v2","code":200},"body":null}
[go-passbolt] Got Encrypted Auth Token: -----BEGIN\+PGP\+MESSAGE-----####MASKED####-----END\+PGP\+MESSAGE-----%0A
[go-passbolt] Decrypted Auth Token: gpgauthv1.3.0|36|9f2aa6d2-0677-4f98-aae0-52e51126c37b|gpgauthv1.3.0
[go-passbolt] Request URL: https://#########/auth/login.json?api-version=v2
[go-passbolt] Raw Request: {"gpg_auth":{"keyid":"9a84f0a95d89e6f648677a9ef09ee4c10122aa27","user_token_result":"gpgauthv1.3.0|36|9f2aa6d2-0677-4f98-aae0-52e51126c37b|gpgauthv1.3.0"}}
[go-passbolt] Raw Response: {"header":{"id":"c29daf78-d5dc-4651-9770-24e860ee15c9","status":"success","servertime":1649318386,"action":"a3c19ad2-8920-5395-86d0-8567cb34f382","message":"Sie sind erfolgreich angemeldet.","url":"\/auth\/login.json?api-version=v2","code":200},"body":{"id":"b022137f-cb59-448b-8652-a8ec454b46c6","role_id":"113e7b9f-2932-44de-8e0e-6d51526bf7e3","username":"###MASKED###","active":true,"deleted":false,"created":"2018-11-26T16:38:54+00:00","modified":"2018-11-29T08:57:19+00:00","groups_users":[{"id":"52a77434-d538-463f-a130-0d84575518d5","group_id":"3e195d2c-25d0-49a1-b792-923b3bd7b350","user_id":"b022137f-cb59-448b-8652-a8ec454b46c6","is_admin":true,"created":"2018-11-29T11:11:50+00:00"},{"id":"9ef332f0-9ad9-4d0e-8ed5-8deb41a89c56","group_id":"a1c05340-7d5c-4ff5-9024-1534bfaf8d1a","user_id":"b022137f-cb59-448b-8652-a8ec454b46c6","is_admin":true,"created":"2018-11-29T09:36:12+00:00"}],"profile":{"id":"d7890c19-22c2-478c-bbd8-fd11c475f5b2","user_id":"b022137f-cb59-448b-8652-a8ec454b46c6","first_name":"#####","last_name":"#####","created":"2018-11-26T16:38:54+00:00","modified":"2018-11-26T17:48:27+00:00","avatar":{"url":{"medium":"https:\/\/#########\/img\/avatar\/user_medium.png","small":"https:\/\/#########\/img\/avatar\/user.png"}}},"gpgkey":{"id":"6e7ff95c-57ab-44cd-85f8-d44fd9e3133b","user_id":"b022137f-cb59-448b-8652-a8ec454b46c6","armored_key":"-----BEGIN PGP PUBLIC KEY BLOCK-----\r\nVersion: OpenPGP.js v4.2.0\r\nComment: https:\/\/openpgpjs.org\r\n\r\nxsBNBFv\/qc0BCADIFZbHhHIVR4MPwlFegy85EyyobrzLez2U9tY2MeeLXuHe\r\nMg\/zbv0jJhHMga6MrEGkJSNgofeyZGq4NZd0PT72QhtViOtIjykIUij+Idol\r\nLK6B+TXzkfRQv9OV2HF+RVi01F8y2IDzm8+EUA4zWO3uw2jor9WgwkbbEmFu\r\nGBoyVfz\/6kDLTbF\/jCUlIM1ousXBr2xs94S4JjxDSMdxr+Yz4GdzmtvrzBu8\r\nOcnHhXZkFYoe83TkYDVqRSdlYwzQiIZhp0j2Hxy45bVpLYNKCU6lwWAnuJ0V\r\ne6CaD91e0\/4rnj5leJQ19++F9gfdEIyBLh4LpxhhRZ0+ThSeWcBs321xABEB\r\nAAHNIyJNaWNoYWVsIEdyYcOfIiA8Z3Jhc3NAZGlvbmVyYS5jb20+wsB1BBAB\r\nCAAfBQJb\/6nNBgsJBwgDAgQVCAoCAxYCAQIZAQIbAwIeAQAKCRDwnuTBASKq\r\nJ\/kgB\/9mW2Y1QEg1KHg88nUzi+zgTepy4aXjJwI1SRk7PHEuW0V1AjfJfp5J\r\nBK\/8d+DmbIUvB74JGrW+9GH4jZjEiO0ZDhyXk8g0B8y\/dhiO6IVJmxixpAIr\r\nj\/aD\/SK4lF7w277kGmCqYeR8sZV6rw9OV7b2TiuNoCv928lP6oT9pqGiLdFP\r\nWowsYWS6qT2y2ZqR9Mg6tZzlIdgsMnuLmGSiWQHtxSDjbnoh1GXZfWfOYmCa\r\nMpls3uQIBjYihO4nMH2KOFbPBJv2JmEFDivXAjmafNYxt48N7Rv\/jRvbJAnG\r\n1otBq1uJTmn91enE0DZcyhZmIdBFvPxlNGJ75sl2lAVkPFz3zsBNBFv\/qc0B\r\nCAD3h4Ww0VNqBljPlLkv7+WvJEh66igSOpIMKpfpTCqI9k\/bOIPSzOraCYTy\r\n06sz44iwCRu89+RPjvOEuv0RAkyIGZsRQfz5k\/SRZVnIvJrmSyP7Ao+BDv2K\r\n6rdm91ZFB\/iVjHDdMVDiCob+FPVi0FTCfVklCN\/VCoYdQ4D1GlPOo3e0Ir8r\r\nlIBmvSy+D9mbdYvQ8w8StEuLfdHpUtzvfBXxe2QC9z8iYdEnT6qgQNuNhT1Z\r\nwsq3VXD90r9Bxsdrf4W94mHBdCoP4RerXfbIc+pOMYIy\/0jqRo0WIE0b44Eg\r\nAAYyWbMl+g5O1fGIOkmh08wa6UZpI8O24rAtTSoNQ4LXABEBAAHCwF8EGAEI\r\nAAkFAlv\/qc0CGwwACgkQ8J7kwQEiqieaswf\/TmuDoBkdfyiERVJehkNbsAT0\r\nO4AKB1xpoCCOmh19aQtGBYgI28oj95+Md8YocxUCqccvkhYZ00r4xLUCzSaS\r\nnShFvZbB7YXt3QbJcwmT8D8PaB+dXbzoZMEVfl3frD4wZGdsx9Yivq6s3r33\r\nTwzOD2kAmOs5v6I1mGZ5kzgElYJbeYpKR\/FR\/gqexnXYGv+eZ++M6oGDpqRO\r\nS3T2eR+SqJZpZDiwyj6IKzGaHua+s1bbHYrFUp5Y8W9a5X8B79av1xqfEif7\r\nW+\/wm92XdBWdftjOcXUvurZVXAQoUzjz5qEfmrr9\/VxCi8HAiObnZFnM0S0T\r\nsFg3RAqwADvR2hCbog==\r\n=jEY\/\r\n-----END PGP PUBLIC KEY BLOCK-----\r\n","bits":2048,"uid":"\u0022#####\u0022 \u003C#####\u003E","key_id":"F09EE4C10122AA27","fingerprint":"9A84F0A95D89E6F648677A9EF09EE4C10122AA27","type":"RSA","expires":null,"key_created":"2018-11-29T08:56:45+00:00","deleted":false,"created":"2018-11-29T08:57:19+00:00","modified":"2018-11-29T08:57:19+00:00"},"role":{"id":"113e7b9f-2932-44de-8e0e-6d51526bf7e3","name":"admin","description":"Organization administrator","created":"2012-07-04T13:39:25+00:00","modified":"2012-07-04T13:39:25+00:00"},"is_mfa_enabled":true,"last_logged_in":null}}
[go-passbolt] Got Cookies: [passbolt_session=pijiqu1fj8sa24pjt01gv9t71t; Path=/; HttpOnly; Secure; SameSite=Lax]
[go-passbolt] Request URL: https://#########/users/me.json?api-version=v2
[go-passbolt] Raw Response: {"header":{"id":"e47de27e-f5f5-43fa-a209-74c364a09805","status":"error","servertime":1649318386,"action":"af9aa2c6-7355-514d-a4a0-3e74de4c0fdb","message":"MFA-Authentifizierung ist erforderlich.","url":"\/mfa\/verify\/error.json","code":403},"body":{"mfa_providers":["totp"],"providers":{"totp":"https:\/\/#########\/mfa\/verify\/totp.json"}}}
Error: Logging in: Getting CSRF Token: Error API JSON Response Status: Message: MFA-Authentifizierung ist erforderlich., Body: {"mfa_providers":["totp"],"providers":{"totp":"https:\/\/#########\/mfa\/verify\/totp.json"}}

Get specific field

Describe the bug:

When trying to access a secret encrypted in a multi-line description field, it is only printed in a single line together with the other fields.

To Reproduce:

Run go-passbolt-cli get resource --id <uuid>
Find the multi-line field concatenated into a single line string

go-passbolt-cli Version:

OS: linux
Version v0.1.7

Additional context

This is probably solved by #7.

"tls: failed to verify certificate: x509: certificate signed by unknown authority"

Describe the bug:
When serveraddress is set to a self-signed or local CA certificate website, passbolt refuse to connect to it.

It should allow to add our server's or local CA's certificate, or at least to allow to connect to unverifiable sites.

To Reproduce:
Use a self-signed cert on the webserver hosting Passbolt.

Output when using --debug (you should censor this):

Error: Logging in: Doing Stage 1 Request: Doing Request: Request: Post "https://passbolt.example.com/auth/login.json?api-version=v2": tls: failed to verify certificate: x509: certificate signed by unknown authority

Passbolt Server Version (please complete the following information):

Edition: Community
Version 4.8.0-1

go-passbolt-cli Version (please complete the following information):

OS: Debian
Version 0.3.1

share resource throws error

the following cmd:

passbolt.exe share resource --id --type 7 --group

Throws that error:

Error: required flag(s) "type" not set

The command worked for a long time. Today it throwed this error.

ID is correct and group id is also correct.

JSON format

Hi !

thanks for this awesome tool ! Do you plan to propose json format as output ? It will be easier to parse.

Thanks 😽

passbolt / go-passbolt-cli Goto Github PK

go-passbolt-cli's Introduction

go-passbolt-cli

Install

Via Repository (Prefered):

Via Package:

Via Homebrew

Via Archive:

Via Go:

Getting Started

Usage

MFA

Server Verification

Scripting

Documentation

go-passbolt-cli's People

Contributors

Stargazers

Watchers

Forkers

go-passbolt-cli's Issues

Output when using --debug (you should censor this):

Additional context

Recommend Projects

Recommend Topics

Recommend Org

Jobs