Closed symcbean closed 4 years ago
nuxsmin
commented
4 years ago Hello, sorry for the late reply, I've been so busy....
Unfortunately this feature is not available through the API, since it would be security risk, because API does not provide enough security (ie. 2FA, login, etc) for some actions.
I think that major providers don't have this feature either.
Regards
symcbean
commented
4 years ago Thanks for getting back to me.
I thought I should reply to clarify matters somewhat. For me, a static authentication is the biggest security risk here.
I think that major providers don't have this feature either.
Up until recently I was a CyberArk administrator - chained secret rotation underpins a whole lot of functionality in that.
On Fri, 8 May 2020 at 07:09, RubénD notifications@github.com wrote:
Hello, sorry for the late reply, I've been so busy....
Unfortunately this feature is not available through the API, since it would be security risk, because API does not provide enough security (ie. 2FA, login, etc) for some actions.
I think that major providers don't have this feature either.
Regards
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/nuxsmin/sysPass/issues/1538#issuecomment-625650784, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAEGJENCZQ3KZKF67EU6PD3RQOOYZANCNFSM4MBLH6WQ .
-- -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GCM d s+:+ a+ C+++(---)$ UL+++ P+(--) L+++ E--- W+++ N++ w-- PS++(+++()) t+ 5+ X R- tv-- b++ DI++ D e+++ h---- ------END GEEK CODE BLOCK------
nuxsmin
commented
4 years ago Sure, but talking about sysPass, what about these auth factors that aren't present in API?. You may think this a small application, and every feature takes a lot of time to get released, so API based key rotation would need to implement these auth factors to get a decent and "guaranteed" security
How can a client change its own auth token via the API?
(I want to use syspass to avoid having passwords scattered around my hosts and in their backups - changing the authentication token for a service account minimizes the exposure).