How to use API to share a resource to a group?

I am trying to import some existing logins to passbolt see partial code below, I am getting “The secrets of all the users having access to the resource are required.”

            secrets = passbolt.get(f'/secrets/resource/{}.json')['body']
            # secrets = map(lambda s: s['body'])
            if login.access_level:
                group = get_group(f'level {login.access_level.level}')
                share_payload = {
                    'permissions': [
                        {'is_new': True, "aro": "Group", 'aro_foreign_key': group['id'], "aco": "Resource", "aco_foreign_key":, 'type': resource_type_id}
                    "secrets": [secrets]
                print(222222222222, share_payload)
                    resp =
                        f"/share/simulate/resource/{}.json", share_payload, return_response_object=True
                    print(33333333, resp.content)
                    passbolt.put(f"/share/resource/{}.json", share_payload, return_response_object=True)
                except Exception as ex:

the simulate request returned successful but failed on the next PUT

What am I doing wrong here?

According the the error message, and what I’m understanding from your snippet, your are not sending the secrets for all the users that are part of the group you are trying to share the resource with. When you add a group permission you must encrypt the secret for all the members of that group.

The function should do something like this:

  • Get secret for yourself (you’re doing that already)
  • Decrypt secret (you can use for example python-gnupg - A Python wrapper for GnuPG)
  • Get list of users that are member of the group
    (You can call users.json?filter[has-groups])
  • Parse the OpenPGP keys for these users and encrypt multiple secrets for all group members using these keys
  • Post the new permission with the secrets (you’re doing that already)

Hi, when you say “secret” do you mean the whole secret json object or just the password?


Nevermind, I got it worked out, thanks.