Login password read

We want to use passbolt to store some sensitive passwords, that should be used only in emergency cases.
To be sure the password wasn’t used without an emergency case, we would like to trace “password reads”: is there any kind of log file where we could find this information?

Hi @GeorgesMC,

Passbolt log files would be located in the following folder:
/var/log/passbolt/*

You could try this:
Instead of trying to get passbolt to notice those changes, the system that is going to use those passwords should be accessed by only 1 person and the system that is taking the login information should register that an One Time Password has been used and by who.

Regards
Bond

Thank you for your answer.

In /var/log/passbolt I can only find error.log and nothing about creation, modification or password read?

Note: Each user has a unique login/password, but sometimes we should need a “superuser” (root or Administrator), we currently store these passwords offline, but albeit we can know if somebody has accessed the password (seal break), we can’t know who did it.

In fact, more than a password manager, we need an “electronic seal”

That was a misunderstanding, so to view creation, modification changes you have to setup SMTP in the passbolt config file /etc/passbolt/passbolt.php

To view who read the password and used it, I am not too sure if passbolt registers that. It may be in the Enterprise edition.

I have not personally used the Enterprise edition so I’m not too sure if there is that feature.

Unfortunately Passbolt may not be able to do that since its only a Password Manager.

This problem can be solved by probably placing cameras in the location where you store the password and only trusted people can enter that room/safe.

Hi :wave:

All passbolt actions are logged in action_logs, even in the CE version.

You can get a list of passwords accessed by a user with this SQL request:

SELECT
       al.created,
       u.username,
       r.name,
       r.uri,
       r.deleted
FROM
       action_logs al
       INNER JOIN actions a ON al.action_id = a.id
       INNER JOIN users u ON u.id = al.user_id
       INNER JOIN secret_accesses sa ON sa.created = al.created
       INNER JOIN resources r ON sa.resource_id = r.id
WHERE
       a.name = "ResourcesView.view";

Another request example, if you want to search all actions made between last september 14th and 15th:

SELECT al.created AS Datetime, u.username AS Username, a.name AS ActionName, al.context AS Context
FROM action_logs al 
JOIN actions a on a.id = al.action_id
JOIN users u on u.id = al.user_id
WHERE al.created > "2022-09-14 00:00:00" AND al.created < "2022-09-15 00:00:00"
ORDER BY al.created asc;

Best,

2 Likes