Python SDK for passbolt API https://help.passbolt.com/api
This project is a community driven and is not associated with Passbolt S.A.
Passbolt is the registered trademark of Passbolt S.A.
pip install git+https://github.com/daniel-lynch/py-passbolt
or
git clone https://github.com/daniel-lynch/py-passbolt.git
cd passbolt
python3 setup.py install
-
Login:
To login you will need a private key with the associated passphrase and the URI to your passbolt instance. Then just call the passbolt class with those variables.
from passbolt.passbolt import passbolt key = open("passbolt_private.asc", "r").read() passphrase = open("passphrase", "r").read().replace('\n', '') Passbolt = passbolt(key, passphrase, "https://passbolt.example.com")
or you will need the fingerprint of your private key store in gpg-agent and the URI to your passbolt instance. Then just call the passbolt class with those variables.
from passbolt.passbolt import passbolt Passbolt = passbolt(apiurl= "https://passbolt.example.com",fingerprint="BD51086546F2B05FE3207570848AD92005EABC")
and if you use a custom ca, you can specify a custom TLS CA certificate bundle :
from passbolt.passbolt import passbolt Passbolt = passbolt(apiurl= "https://passbolt.example.com",fingerprint="BD51086546F2B05FE3207570848AD92005EABC", verify="/etc/ipa/ca.crt")
-
Create a password:
To create a password you will need the following:
- Resource name - Password - Username (optional) - Uri (optional) - Description (optional) - Encrypt Description (optional, defaults True)
print( Passbolt.createpassword( "Resource name", "Password", "Username", "Uri", "Description" ) ) print( Passbolt.createpassword( "testlib", "FakePasswordHere", "dlynch", "ssh://", "This is a description" ) )
-
Get a password:
Get password accepts:
Name: Accepted inputs: - String - List - Dict Username(optional) - To be used when Name is a string or list Accepted inputs: - String Dict format: {"Resource name": "Username"} Ex. {"tunes01.lynch.local": "dlynch"}
Returns a list of password objects with the following attributes:
name username password uri resourceid created created_by creator deleted description favorite modified modified_by modifier permission resource_type_id folder_parent_id
passwords = Passbolt.getpassword("tunes01.datayard.local", "datayard") passwords = Passbolt.getpassword(["tunes01.datayard.local"], "datayard) passwords = Passbolt.getpassword({"tunes01.datayard.local": "datayard"}) passwords = Passbolt.getpassword("Resource name", "Username") passwords = Passbolt.getpassword(["Resource name"], "Username) passwords = Passbolt.getpassword({"Resource name": "Username"})
-
Share a password:
Share password accepts:
- Resource name
- Username
- List of Users to share with (Optional if Groups list is defined)
- List of Groups to share with (Optional if Users list is defined)
Note:
- If there is unkwnown user or unknow group, the function will ignore the share. No error will be reported
- Sharing with large group take time as we need to cipher the secret for all the users
print( Passbolt.sharepassword( "Resource name", "Username", ["List of Users Email"], ["List of Groups"]) ) print( Passbolt.sharepassword( "testing", "test", ["[email protected]"], ["test_group"]) )
-
Update a password:
Update password accepts:
- Resource name
- New password
- Username (Optional)
- New Resource name (Optional)
- New Username (Optional)
- Uri (Optional)
- Description (Optional)
- Encrypt Description (Optional, defaults True)
print( Passbolt.updatepassword( "Resource name", "New password" ) ) print( Passbolt.updatepassword( "Testing", "Hunter2", "Test", newname="Testing2", newusername="Test2", uri="testing.com", description="asdf" ) )
-
Delete a password:
Delete password accepts:
- Resource name
- Username (Optional)
print( Passbolt.deletepassword( "Resource name", "Username" ) ) print( Passbolt.deletepassword( "testlib", "dlynch" ) )
-
Create User:
Create user accepts:
- Email Address (Username)
- First name
- Last name
print( Passbolt.createuser("email", "First name", "Last name") ) print( Passbolt.createuser("[email protected]", "John", "Doe") )
-
Get User:
Get user accepts:
- Email Address (Username)
User = Passbolt.getuser("[email protected]")
Returns a user object with the following attributes:
userid (string) username (string) gpgkey (Dict) created (string) active (string) deleted (string) modified (string) role_id (string) profile (Dict) role (string) last_logged_in (string)
-
Update User:
Update user accepts:
- Email Address (Username)
- Firstname
- Lastname
- Admin status (Optional, defaults False)
print( Passbolt.updateuser("email", "First name", "Last name") ) print( Passbolt.updateuser("[email protected]", "Jane", "Doe") )
-
Delete User:
Delete user accepts:
- Email Address (Username)
print(Passbolt.deleteuser("[email protected]"))
-
Get Groups:
Get groups accepts:
- members (Optional, defaults True)
print(Passbolt.getgroups())
Returns a list of group objects:
-
Get Group:
Accepts:
- Group name
print(Passbolt.getgroup("Users"))
Returns a group object with the following attributes:
groupid (string) name (string) users (List of partial User objects) admins (List of User objects) created (string) created_by (string, User ID) deleted (string) modified (string) modified_by (string, User ID)
-
Update Group:
Accepts:
- Group name
- New Users (Optional)
- New Admins (Optional)
Passbolt.updategroup("Users", ["[email protected]"], ["[email protected]"])
Currently only supports adding Users and Admins due to API limitations.
-
Delete Group:
Accepts:
- Group name
Passbolt.deletegroup("Users")