Script to retrieve Passbolt passwords for Saltstack Pillars

Go to file

Sven Seeberg 1d85bcb871 Fix Passbolt API URL		2020-02-01 22:26:26 +01:00
example	Add source	2020-02-01 19:55:31 +01:00
src/salt_passbolt	Fix Passbolt API URL	2020-02-01 22:26:26 +01:00
.gitignore	Initial commit	2020-02-01 18:50:15 +01:00
LICENSE	Initial commit	2020-02-01 18:50:15 +01:00
README.md	Fix readme function call	2020-02-01 21:44:10 +01:00
setup.py	Fix Passbolt API URL	2020-02-01 22:26:26 +01:00

README.md

About

This Python module retrieves passwords for Passbolt groups to make them available in Saltstack Pillar.

License

MIT

Setup

Clone this repo
Go to directory, run
```
python3 setup.py install
```
Create an Passbolt account for the Salt master.
Copy the private and public PGP key files to /etc/salt.

Create a /etc/salt/passbolt.ini file with the following content:

[PASSBOLT]
SERVER = https://pass.netzbegruenung.de
#SERVER_PUBLIC_KEY_FILE = <optional: server_public.asc>
USER_FINGERPRINT = [REPLACE WITH GPG KEY FINGERPRINT]
USER_PUBLIC_KEY_FILE = /etc/salt/passbolt_public.asc
USER_PRIVATE_KEY_FILE = /etc/salt/passbolt_private.asc
PASSPHRASE = [REPLACE WITH PASSBOLT USER PASSWORD]

Change file permissions:

chown salt /etc/salt/passbolt*
chmod 600 /etc/salt/passbolt*

Create Pillar sls files where required with the content, replace the group UUID. Look into the example directory. Hint: you can find the Group UUID with the network tool of the browser by clicking on a group.
```
#!py
from salt_passbolt import fetch_passbolt_passwords
fetch_passbolt_passwords("27b9abd4-af9b-4c9e-9af1-cf8cb963680c")
```
In state, reference secrets with their UUID. See the example/salt/important_secrets/files/secret.conf. Hint: you can find the secret UUID in the URL of your browser by clicking on the checkbox of a secret.
```
password={{ pillar['passbolt']['3ec2a739-8e51-4c67-89fb-4bbfe9147e17'] }}
```