Possible to query all certs over the API?

Dear all =)

I would like to make a script that goes through our Passbolt and extracts all the certificate expiration dates.

So I have two questions =)

  1. Is it possible to create an user than can only read certificates?
  2. Is it possible to make a query that returns a list of all the certificates?

Hugs
Sandra =)

Hi @sandra :wave: and welcome to passbolt community forum :hugs:

If you are talking about certificates stored as passbolt secrets, you can create a new user and share certificates with them with read-only rights.

You can query the passbolt API to fetch list of all certificates with a client. With go-passbolt-cli, you can fetch all resources with:

passbolt list resource

you can also choose the columns you want to be displayed:

passbolt list resource --column ID --column Name --column Username --column Password

Let me know if you have further questions.

Best,

1 Like

Dear @_jc =)

Thanks a lot =)

Ok, that is super interesting!

Is it possible to preform a query that lists all certificates? The reason I am asking is that I can get a list of the certificates we store today, but I would like to be able to automatically detect if new certificates are added.

If such query is possible, then I could schedule the query each day and compare against the list of certificates from yesterday. If they differ, then I know which new certificate have been added.

Would that be possible?

Hugs,
Sandra =)

Hi,

With go-passbolt-cli, you can pipe the results with grep:

$ passbolt list resources | grep "your-pattern-to-match-certificates"
730ef2e3-c4fa-4b1f-a743-a2ced1a74c96 | ba4a8612-2848-432e-bc8b-b2aee0361ff6 | Cert 1     | john@doe.com
0e894132-c082-4987-9f54-7eb15c60d49d | bb9b4ff9-660f-4e12-a2e8-45394016a00b | Cert 2     | john@doe.com
(...etc...)

Cheers,

1 Like

That makes sense. Thanks a lot =)