• Stars
    star
    149
  • Rank 248,619 (Top 5 %)
  • Language
    JavaScript
  • License
    GNU Affero Genera...
  • Created over 8 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Command line interface for passbolt API
      ____                  __          ____
     / __ \____  _____ ____/ /_  ____  / / /_
    / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
   / ____/ /_/ (__  |__  ) /_/ / /_/ / / /_
  /_/    \__,_/____/____/_.___/\____/_/\__/

Open source password manager for teams
(c) 2021 Passbolt SA

License

Passbolt - Open source password manager for teams

(c) 2021 Passbolt SA

This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License (AGPL) as published by the Free Software Foundation version 3.

The name "Passbolt" is a registered trademark of Passbolt SA, and Passbolt SA hereby declines to grant a trademark license to "Passbolt" pursuant to the GNU Affero General Public License version 3 Section 7(e), without a separate agreement with Passbolt SA.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License along with this program. If not, see GNU Affero General Public License v3.

What is the purpose of this repository

This repository is a command line interface for passbolt API. It allows a user to interact with the passbolt server without the use of web extension.

Currently works as a read only access only.

Prerequisite

In order to use passbolt CLI you will need:

  • Gnupg v2
  • Nodejs LTS or more recent

How to get started?

Copy the repository

git clone [email protected]:passbolt/passbolt_cli.git

Move inside the new directory

cd passbolt_cli

Install npm dependencies

npm install

Make the symlink on our path point to the index.js

[sudo] npm link

Create or copy a configuration file with a user and a server config

mkdir ~/.config/passbolt
cp app/config/config.default.json ~/.config/passbolt/config.json

Open the newly created config file and set the details. You can look at the examples in the config folder.

Configuration

Domain config

You need to setup the domain baseUrl, and the associated key fingerprint You also need to make sure the server public key is in your GnuPG keyring.

If you do not know the domain public key or fingerprint you can get them like follow

$ passbolt server-key --domain=https://www.passbolt.test | gpg --import
$ passbolt server-key --fingerprint --domain=https://www.passbolt.test

User config

You will need to download your private key from the passbolt interface, for example during the backup step of the setup, or once logged on your profile workspace.

Import this key in your GnuPG keyring and get a hold of the fingerprint. Set all the information in the user section of the configuration file.

Example configuration

If you are using a default passbolt server instance with Selenium tests data installed then it will work out the box with Ada for example:

{
  "domain" : {
    "baseUrl": "http://passbolt.dev",
    "publicKey" : {
      "fingerprint" : "2FC8945833C51946E937F9FED47B0811573EE67E"
    }
  },
  "user" : {
    "firstname": "Ada",
    "lastname" : "Lovelace",
    "email" : "[email protected]",
    "privateKey" : {
      "fingerprint": "03F60E958F4CB29723ACDF761353B5B15D9B054F"
    }
  }
}

Additional settings

Some additional options are available:

Gpg trust

You can define the trust model when encrypting:

  "gpg" : {
    "trust": "always"
  }

Working with self signed certificates

By default SSL request will be refused for a connection which is not authorized with the list of supplied CAs. For testing purposes you can set rejectUnauthorized to false, to ignore issues with the certificate (authority, not matching names, etc).

Please review other options that allow finer and safer control for self signed certificate, see.

  "agentOptions": {
    "rejectUnauthorized": false
  }

Mfa preferences

It is possible to set the order of preference for MFA providers if MFA is setup and requested. With this configuration if Yubikey and TOTP providers are both enabled for the organization and the user, yubikey OTP will be used as MFA. If it is not enabled for the organization for example, it will fall back to Totp.

  "mfa": {
    "providers": ["yubikey","totp"]
  },

What commands do to you support?

Right now the basics, only authentication and read operations.

  Usage: passbolt [options] [command]


  Commands:
    auth           Authentication actions, login or logout
    get            View the OpenPGP data block of a given resource
    find           Find one or more resources
    server-key     Fetch the server public key
    users          List all users
    user           View one user details
    help [cmd]     display help for [cmd]

  Options:

    -h, --help     output usage information
    -V, --version  output the version number

Authentication

Authentication is based on GPGAuth, so it uses your private key and your passphrase if you have one.

Optionally you can provide your passphrase if you do not want gnupg handle the pinentry. Please note that this obviously less safe.

$ passbolt auth login --passphrase='<passphrase>'

GPGAuth Skipping, you are already logged in

You can also logout. If let say you change your user config, or want to clear your session.

$ passbolt auth logout

You can check if you are logged in or not.

$ passbolt auth check

Find a password

$ passbolt find

NAME                            USERNAME             URI                                     MODIFIED             UUID
Inkscape                        vector               https://inkscape.org/                   2016-05-15 16:04:49  17c66127-0c5e-3510-a497-2e6a105109db
Enlightenment                   efl                  https://www.enlightenment.org/          2016-05-15 16:04:49  2af40344-b330-30a8-ac26-64b2776f07e0
free software foundation europe fsfe                 https://fsfe.org/index.en.html          2016-05-15 16:04:49  31bf093f-dd27-391d-ae9d-f511ef41dd12
ftp                             user                 ftp://192.168.1.1                       2016-05-15 16:04:49  4a2f98e8-b326-3384-aa2b-c3c9a81be3f7
...

Your can select the columns you want to display using the --columns arguments. Non existing collumns will be ignored.

$ passbolt find --columns=name,uuid

Get the encrypted password

Once you know the UUID from the find you can get it as follow

$ passbolt get 664735b2-4be7-36d9-a9f8-08d42998faf8
-----BEGIN PGP MESSAGE-----
Version: GnuPG v2

hQIMA1P90Qk1JHA+ARAAmp59nJOyb4awNBo9x32Vn01ggw77571EGjnBA0gOXwQD
+mANJj9YiU9Wx8vM77WuUo8o7O5uXzf6mpo/QgK1pyoNl0nOviAYUoKdTuC2dUKG
5eS8DUb4SA/XDlOSywkRkRdwDm/BlQvfWCFPqX1kacivBa3RBR2tuojGMSw0sjAq
zUZZ5iDIMMUhvCzgALcAr84NaUfB5Tb1VLArVDadGx5/qzGFCa2Fris+mBq2dVuk
X0Jy+jmWXaob2EDjVm49rcKrMWbHDtmWKl4eAJZnGWrhsOT1PBikSXQorILLdkjD
VFCSX4a8hK6SeWO49fwC/Q8NBCx7at3zvstrie+aoQe/gMQhcHTUu64z/hBhCNww
JhxfyTdLGHq9j7jPkUPgkw135SvYpeY4Nzk70/hc7tDD0EYDlgVtTNdTiVYVliHN
GQ4qkjwIog7WQy0FQ+DaA6+WANVpVDfjODUzLwr5ef7ZkfWe0XkfG0oRSyIfui9d
gsuoTc74n61T9dTxx/Vp9uPU7nLR+mRRSuXqy/tdinI7jEN5f2i98ikX+OxU5QIv
M+xLWLKKWY+hjUcb1z36UhTi2D5TeW4GL7QEcpT/mteNw3gHPBkjECdKg8mOSXE7
li6NsKABJ+I3013ibQKL360HH22tCdlMYGPSQjOwjafy2Uiyid1w8+TAoRAwlmnS
QQFAaEJ7c2o2BO5cLIVD/rhP/zJjAV1uUQnJwe6EExpMTL9Iw38MZj+q4VjfRw2q
INNhsjl+27LCiCNmH8RNvPce
=Bbft
-----END PGP MESSAGE-----

Putting it all together

Of course you can chain and pipe things up like:

$ passbolt get $(passbolt find  | awk '/inkscape/ { print $NF }') | gpg -q --no-tty 
-q and --no-tty 

are optional and ensures that only the password is printed.

Running the tests

$ [sudo] npm install -g mocha
$ mocha tests

List the users

$ passbolt users

FIRST-NAME           LAST-NAME            USERNAME              FINGERPRINT                              UUID
Frances              Allen                [email protected]  98DA33350692F21BD5F83A17E8DC5617477FB14C 1c137bd7-2838-3c3d-a021-d2986d9126f5
Kathleen             Antonelli            [email protected] 14D07AFFDE916BC904F17AFB4D203642A73AE279 201b442c-d6ca-3ee6-a443-ce669ca0ec6e
Jean                 Bartik               [email protected]     8F758E3BDD8445361A8A6AD073BAC28524AA1193 7c7afd29-1b98-3c3e-ae55-adedc333fb4b
...

Your can select the columns you want to display using the --columns arguments.

$ passbolt users --columns=created,username

Find a user

$ passbolt user 1c137bd7-2838-3c3d-a021-d2986d9126f5

FIRST NAME           LAST NAME            USERNAME              FINGERPRINT                              UUID
Frances              Allen                [email protected]  98DA33350692F21BD5F83A17E8DC5617477FB14C 1c137bd7-2838-3c3d-a021-d2986d9126f5
...

More Repositories

1

passbolt_api

Passbolt Community Edition (CE) API. The JSON API for the open source password manager for teams!
PHP
4,639
star
2

passbolt_docker

Get started with Passbolt CE using docker!
Shell
877
star
3

passbolt_browser_extension

Browser extensions (Firefox, Edge & Chrome) for Passbolt the open source password manager for teams
JavaScript
231
star
4

go-passbolt-cli

A CLI tool to interact with Passbolt, a Open source Password Manager for Teams
Go
59
star
5

passbolt_help

Passbolt help has been moved to: https://github.com/passbolt/passbolt-docs
HTML
53
star
6

passbolt-windows

Windows desktop application for Passbolt, the open source password manager for teams!
JavaScript
48
star
7

charts-passbolt

Helm charts to run Passbolt on Kubernetes. No strings attached charts to run the open source password manager for teams!
Shell
43
star
8

mobile-passbolt-android

Android mobile app for Passbolt, the open source password manager for teams.
Kotlin
39
star
9

passbolt_styleguide

Passbolt styleguide, repository of the UI elements and styles for the open source password manager for teams.
JavaScript
32
star
10

mobile-passbolt-ios

iOS mobile app for Passbolt, the open source password manager for teams.
C
27
star
11

passbolt-appjs

[ARCHIVED] Passbolt javascript application for the open source password manager for teams
JavaScript
26
star
12

go-passbolt

A Go Library to interact with Passbolt, the open source password manager for teams!
Go
25
star
13

passbolt_install_scripts

Passbolt CE installation scripts
Shell
18
star
14

passbolt_slack

Slack plugin for passbolt v1
PHP
11
star
15

lab-passbolt-ansible-collection

Source repository for https://galaxy.ansible.com/anatomicjc/passbolt
Python
9
star
16

passbolt_selenium

Passbolt Selenium Tests
JavaScript
9
star
17

lab-passbolt-balena

Deploy passbolt on balena.io
Shell
7
star
18

lab-passbolt-ansible-poc

6
star
19

lab-passbolt-py

Python library for Passbolt API
Python
6
star
20

ldaps_cert_util

ldaps certificate retrieval utility
PHP
5
star
21

passbolt_api_dev_tools

Passbolt API dev tools
4
star
22

passbolt-mad

[ARCHIVED] The javascript framework of passbolt based on CanJS
JavaScript
4
star
23

passbolt_openapi_specs

Passbolt Open API specifications
HTML
4
star
24

passbolt-poc-android

Kotlin
4
star
25

lab-passbolt-admin-scripts

Useful passbolt administrator scripts
Shell
3
star
26

passbolt-dep-scripts

Shell
3
star
27

passbolt-links

HTML
3
star
28

passbolt-docs

JavaScript
3
star
29

lab-passbolt-ansible-install-playbook

Jinja
2
star
30

passbolt-selenium-api

PHP
1
star
31

passbolt_packaging

Passbolt distribution packages main repository
Shell
1
star
32

passbolt_api_php_example

Passbolt API - PHP usage example
PHP
1
star
33

passbolt-poc-ios

Objective-C
1
star