Ansible Passbolt Plugin does not handle TOTP

Checklist
I have read intro post: About the Installation Issues category
I have read the tutorials, help and searched for similar issues
I provide relevant information about my server (component names and versions, etc.)
I provide a copy of my logs and healthcheck
I describe the steps I have taken to trouble shoot the problem
I describe the steps on how to reproduce the issue

Hello,

i have setup the ansible plugin anatomicjc.passbolt successfully and it works.
For TOTP enabled accounts, it fails with the following error:

TASK [Password lookup fetch one"] ******************************************************************************************************************************************************************************************
Loading collection anatomicjc.passbolt from /srv/tftp/webtemp/ansible/.ansible/collections/ansible_collections/anatomicjc/passbolt
fatal: [localhost]: FAILED! => {}

MSG:

An unhandled exception occurred while running the lookup plugin ā€˜anatomicjc.passbolt.passboltā€™. Error was a <class ā€˜json.decoder.JSONDecodeErrorā€™>, original message: Expecting value: line 1 column 1 (char 0)

Is there a working solution to provide the totp code in runtime for the requesting account?

Server version latest-ce (4.7.0)

Best regards and many thanks
AckDeGo

1 Like

I had that same issue.
A working solution would be very welcome.

Hi,

It is indeed not yet implemented. I will try to have a look in the coming days.

Best,

2 Likes

Hi Anatomic,
could you get a look to the passbolt-ansible-TOTP issue?
some status relating to this issue would be very appreciated.
thanks

Hi AnatomicJC,

do you have some news about that? I want to automate my Servers. there are protected with multiple passwords hosted in passbolt.

Thanks for help.

Best regards
AckDeGo

Hey there,

Unfortunately, I have no ETA about this request. It is currently not easy for me to find time to work on this.

:cry:

Hey,

thanks for your reply. Is there a chance to use an api_token to get this working without 2fa?
Idea:

  • A user has to enroll an api_token for his own user to use passbolt-ansible password plugin, to read/write passwords etc.
  • When an authentication happens over api, check if there is an working api_token for this user, if not normal authentication flow, (user with mfa has to handle the mfa).
  • To renew/enroll this specific api_token, the user has to handle this with the passbolt web interface.
  • That can help in the first step, to bypass the active mfa, like the jwt in android app.

For me, that would be fine for the first step.