Faabvk
commented
2 years ago Update: Only seems to affect resources that were created in the Passbolt Web GUI.
Open Faabvk opened 2 years ago
Faabvk
commented
2 years ago Update: Only seems to affect resources that were created in the Passbolt Web GUI.
Faabvk
commented
2 years ago Yet another update: Digging deeper I found that Passbolt API teats CLI resources and WebGUI resources differently somehow. The Web GUI encrypts both the description and password into a JSON-like format as PGP message, resulting in the above output. The CLI only encrypts the password without any JSON-like formatting, giving the expected result, the password and nothing else. Web GUI-created resources show up fine in the Web GUI itself, but when fetched from the API directly, you get this weird output.
Closing this issue as it has nothing to do with Wrench and more to do with Passbolt (API) itself :)
Faabvk
commented
2 years ago Reopening:
Looked at how both Wrench and the Web UI create resources and compared the two.
I don't know if the "Web UI method" is something that was added to Passbolt later or if the Wrench contributers never caught onto it, but Pull request #29 does a good job of making Wrench usable with this "new" method.
It checks if the encrypted secret is JSON-formatted. If it is, it only returns the contents of the password field, if it isn't it returns the raw decrypted secret. Would also be nice to update the way Wrench creates resources to be compliant with how the Passbolt Web UI does it.
Sometimes resource data is improperly parsed when searching a password, leading to the description field being included in the result that gets printed to console/copied to clipboard, see output below:
Note that pw is just an alias I set for "wrench search". I can make an attempt at writing a patch but I'd rather leave it to people much more skilled than I am in a project that deals with this sensitive data :)