Script to retrieve Passbolt passwords for Saltstack Pillars
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
Seeberg Sven 20370e41dd
Fix readme numbering
8 months ago
example Add source 10 months ago
src/salt_passbolt Fix Passbolt API URL 10 months ago
.gitignore Initial commit 10 months ago
LICENSE Initial commit 10 months ago
README.md Fix readme numbering 8 months ago
setup.py Fix Passbolt API URL 10 months ago

README.md

About

This Python module retrieves passwords for Passbolt groups to make them available in Saltstack Pillar.

License

MIT

Setup

  1. Clone this repo

  2. Go to directory, run (requires python3-setuptools)

    python3 setup.py install
    
  3. Create an Passbolt account for the Salt master.

  4. Copy the private and public PGP key files to /etc/salt.

  5. Import the private key with

    gpg --import /etc/salt/passbolt_private.asc
    
  6. Create a /etc/salt/passbolt.ini file with the following content:

    [PASSBOLT]
    SERVER = https://passbolt.example.com
    #SERVER_PUBLIC_KEY_FILE = <optional: server_public.asc>
    USER_FINGERPRINT = [REPLACE WITH GPG KEY FINGERPRINT]
    USER_PUBLIC_KEY_FILE = /etc/salt/passbolt_public.asc
    USER_PRIVATE_KEY_FILE = /etc/salt/passbolt_private.asc
    PASSPHRASE = [REPLACE WITH PASSBOLT USER PASSWORD]
    
  7. Change file permissions:

    chown salt /etc/salt/passbolt*
    chmod 600 /etc/salt/passbolt*
    
  8. Create Pillar sls files where required with the content, replace the group UUID. Look into the example directory. Hint: you can find the Group UUID with the network tool of the browser by clicking on a group.

    #!py
    def run():
        from salt_passbolt import fetch_passbolt_passwords
        return fetch_passbolt_passwords("27b9abd4-af9b-4c9e-9af1-cf8cb963680c")
    
  9. In state, reference secrets with their UUID. See the example/salt/important_secrets/files/secret.conf. Hint: you can find the secret UUID in the URL of your browser by clicking on the checkbox of a secret.

    password={{ pillar['passbolt']['3ec2a739-8e51-4c67-89fb-4bbfe9147e17'] }}