SlideShare a Scribd company logo

Passbolt Introduction and Usage for secret managment

Download as PPTX, PDF
Thierry Gayet
Thierry Gayet

Passbolt Introduction and Usage for secret managment

Software
1 of 79
lundi 13 mars 2023 Passbolt
❑ Why passbolt ? ❑ Registration / login ❑ Passbolt introduction ❑ Import keepassxc files ❑ Export to password manager ❑ Extract secret from bach/python script ❑ Use secret from gitlab-ci GOAL 2
Why passbolt ? 3
❑ For many reason : ⮚ There is many keepassxc file on the drive and this is safer to have a single access to all secrets (this is more difficult to leave NN6 with all secrets) : WHY 4
❑ To avoids secret in ANY script (local, gitlab-ci, jenkins, …. ) WHY 5
Registration / login 6
❑ One single URL for all ENENSYS : ⮚ https://passbolt.enensys.com ⮚ https://passbolt.enensys.com/auth/login?redirect=%2Fapp%2Fusers&locale =fr-FR URL 7
SIGN IN PROCESS 8 To access to the PASSBOLT appliance, you must be invited by the admin. If so, you will receive such email 🡪
SIGN IN PROCESS 9 Fill with a strong passphrase ! Valid
❑ Store the private key preciously inside your local keepassxc because you will need it if you migrate your environment to another computer or for command line ! SIGN IN PROCESS 10 $ cat private2.txt -----BEGIN PGP PRIVATE KEY BLOCK----- xcTGBGRKlCgBDADxZFP++5zvD7YLLZakyu3InA1IANazb/XpTvJwGWeXcbNL aBChr3VPgUYQ1TtAE7R0FlS9oukSP4QQrfV1Crgab33fIar69bvRCZZo0iFZ s/JEOvqEkY/pGsXQZaoJX91qHP6e5tG71K+e5aC+oHa3Dppdhurnrjk5fCdy 0ccSO64YwAlgdrap+hE1m4rbjkgzER9YXimePLO+hqyJJ3atDwIird0J763b EDQJ3dIy9zYbWU3eIkwDON9SK1l/DMzFc9gYPpJmCFaxlRTdqtAAeuKPD9BD kYy/LyywKbVbU7ZH90zgL+OGEV1iFe7x7N1CHWzzIqN5AKpfGAeI6UWL/F4F 3hgau3hJmuJEEz70VM82ll/QKmgoSJJNxejtomJICqT+mD/HM2OW3N7FnZG7 3CbqcvHcl2Y6ov/KF1omd2h4r/HuC3rDBgJS1T3D16P4V9cBsCsnZxcdqd1L A50xeW2Nws7Vqg7OTJC+8p8MFkxnE9GvxS6Wz0J29dHa1esAEQEAAf4JAwio 6hzUGjUVjeA0MxpBAdSeJczZTUuy3DZ2nwRG6N5XARGasQ3EH4azRpNi2iOM oZEVwmTFYVE27ZVn4Rds9HSTSk6XHUguuXn3Tin6jpmDH5FlpubxRq23+UOS HH6o3jhGhtYSRxvHq95vCMg6bS9bGKgyv/cvl8RjoU+Js/mOcw9kVe1KGuTE Mo4gjmfxSS9MejBCby7Hi3tRwaGFbe9cjK2JeMSmZoDkUPzVyfFcIRamxiKT C/d2ZoOLzOqQyXPMWQItdhMs+/ULlhLaulrFfoU4TRa8fWz4XSoN1F5Tuc3b zsj5zrgH4K15p1vTFs4krT3UY9hYSDklIMm2RaFJx7UQaBX9iN2kvnGrOlXc qZ+/2mSB1c4IoZMUJb2Iz0BW1W2VsKGnJ4lXfBguN1AYdB+HXOjjXMhUaFii R+guRagxDNLPNLsDIOfd8z6KTAUJ/t+D9lEtU6+wNWz7eUgNiI/rnbIHT2HN 8esH8E29HdCZMJmnTnDZ5Xo8EFw+MuunII4buLUy/WUpO2eMenzS/1h2nxbD n9O3NRmXJrvxsGmMkADc2LNg4/Bx8g21vZATiFFVKtomRqdhbOW/D0Ro3lfo qSU5RBNtd9vlwf3V00CifeX4LcqOCLXtd36awtUtTArdkIRBtcVQ5nDVA2qA (…) -----END PGP PRIVATE KEY BLOCK-----
SIGN IN PROCESS 11 Valid
SIGN IN PROCESS 12 Valid
SIGN IN PROCESS 13 Not yet in the RD group !
SIGN IN PROCESS 14 After the intégration of the user to the rd group
LOGIN 15 Fill With your passphrase We are already known We just need to sign in https://passbolt.enensys.com/
❑ For an installation on another computer : (RE)LOGIN 16
❑ You will need to dump your private pgp key file : (RE)LOGIN 17
❑ Finaly retype your passphrase : (RE)LOGIN 18
❑ Choose a color : (RE)LOGIN 19 And that’s all !
Passbolt introduction 20
21
MAIN USER INTERFACE 22 https://medevel.com/passbolt/ TOPBAR FOLDER GROUPS SECRETS SEARCH BAR CURRENT USER ACTION BAR LISTS
LIST USERS 23
SEARCH A SECRET 24
VIEW A SECRET 25
VIEW A SECRET 26 EDIT password
SHARE A SECRET 27
EXPORT A SECRET 28
❑ COPY USERNAME TO CLIPBOARD ❑ COPY PASSWORD TO CLIPBOARD ❑ DELETE ❑ COPY PERMALINK TO CLIPBOARD : https://passbolt.enensys.com/app/passwords/view/818f39c7-bb8e- 441d-851d-2148c0781702 OTHER ACTIONS 29
Import keepassxc files 30
Keepassxc 🡪 export 🡪 CVS file 🡪 import 🡪 Passbolt Database Menu 🡪 Export 🡪 CVS File … Export 31
Export 32 "Group","Title","Username","Password","URL","Notes","TOTP","Icon","Last Modified","Created" "Database/Recycle Bin","postgre password","","y7BSsxFFCXi7cnd3C0tJ","","","","0","2022-12-20T13:10:13Z","2022-12- 20T13:10:03Z" "Database/Recycle Bin","ESXI labo","root","2duk2cwZ18!","","","","0","2023-01-12T15:32:53Z","2023-01-12T15:32:21Z" "Database/Recycle Bin","IDRAC","root","Enensys35","https://10.12.2.173","","","0","2023-02-23T07:06:36Z","2023-02- 23T07:05:08Z" "Database/Recycle Bin","DATAMINER on ESXI-DEMO","enensys","4_DataMiner_2021!_TestTree","10.12.238.33","to connect via RDP: ordinateur 10.12.238.33","","0","2023-03-16T11:12:08Z","2023-03-16T11:10:31Z" "Database/Recycle Bin","DATAMINER on ESXI-DEMO","enensys","4_DataMiner_2021!_TestTree","10.12.238.33","To connect via RDP: ordinateur 10.12.238.33","","0","2023-03-16T10:54:02Z","2023-03-16T10:50:21Z" "Database/Recycle Bin/srv081","idrac","root","XzRurRuMT68w0i55QWHa","https://srv081-idrac/","","","0","2020-11- 20T14:31:00Z","2020-11-20T14:31:00Z" "Database/Recycle Bin/srv081","Esxi","root","enensys_35","srv081.enensys.com","","","0","2020-11-20T14:31:00Z","2020-11- 20T14:31:00Z" "Database/Recycle Bin/Srv200","idrac - Copy","root","N5mC3VDYsDNSnYs4nuVpqQ2QA","https://srv200.enensys.com/","10.12.2.151","","0","2023-02- 21T16:21:53Z","2023-02-21T16:23:00Z" "Database/Recycle Bin/Srv200","Centos7 - Copy","root","qArhWbqfFU9Pp27uhHo2ju7CV","10.5.8.180","","","0","2023-02- 21T16:22:11Z","2023-02-21T16:23:00Z" "Database/Recycle Bin/Srv200","Centos7 - Copy","enensys","JHqohXR2sgKNW7oJdeiJvbspL","","","","0","2023-02- 21T16:20:48Z","2023-02-21T16:23:00Z" "Database/Recycle Bin/Srv200","ovirt - Copy","admin","ovirt_nn6","10.5.8.180","","","0","2023-02-21T16:22:26Z","2023-02- 21T16:23:00Z" "Database/Hyperviseurs","srv044","enensys","enensys35","https://10.1.208.4/ui","Download vshpere @10.1.208.4 Mdp ssh idem","","0","2019-04-05T08:51:22Z","2019-04-05T08:50:24Z" "Database/Hyperviseurs","srv083","root","xHrepPRBEbjSf8xBfSVG","https://srv083/ui/#/login","","","0","2019-04- 05T08:50:57Z","2019-04-05T08:50:42Z" "Database/Hyperviseurs","srv091","root","OToKjz4jzBkIMUak1iJM","https://srv091/ui/#/login","","","0","2019-04- 05T08:51:59Z","2019-04-05T08:51:36Z" "Database/Hyperviseurs","srv087","root","kKlu3NdtujXpYwqQ0aba","https://srv087/ui/#/login","","","0","2019-04- 05T08:52:29Z","2019-04-05T08:52:10Z" "Database/Hyperviseurs/Srv043 - Esxi - 10.12.208.2","https://10.12.208.2/ui","enensys","enensys35","https://10.1.208.2/ui","Download vshpere @10.1.208.2 Mdp ssh idem","","0","2021-01-19T10:20:15Z","2020-11-20T14:30:18Z" "Database/Hyperviseurs/Srv043 - Esxi - 10.12.208.2","ssh","root","HAvkuviK7W","","","","0","2022-09-16T09:37:12Z","2021-02- 23T14:06:21Z" "Database/Hyperviseurs/Srv044 - Esxi - 10.12.208.4","https://10.12.208.4/ui - Copy","enensys","enensys35","https://10.12.208.4/ui","Download vshpere @10.12.208.4 Mdp ssh idem","","0","2021-06-23T10:47:36Z","2020-11-20T14:30:35Z« (…) PRIVATE ☺
Import 33
Create folders 34
35
GOOGLE CHROME & MOZILLA FIREFOX EXTENSIONS 36
❑ Google chrome : ⮚ https://chrome.google.com/webstore/detail/passbolt-open-source- pass/didegimhafipceonhjepacocaffmoppf ❑ Firefox : ⮚ https://addons.mozilla.org/fr/firefox/addon/passbolt/ ❑ https://www.passbolt.com/downloads ❑ https://github.com/passbolt/passbolt_browser_extension ❑ https://help.passbolt.com/faq/start/browser-extensions 37
38
Export to password manager 39
❑ For offline experience without access to the NN6 VPN. Export 40
Export 41 It will download a file with the keepassxc format That can be directly opend with that password manager !
Passbolt 42
43
44
45
46
47
48
49
50
51
52
53
Extract secret from bach/python script 54
❑ For that purpose you will need several items : ❑ The URL of the passbolt instance/server ❑ Your user password ❑ Your user private pgp key saved in a private_key.txt file 55
❑ Website : https://github.com/passbolt/go-passbolt-cli/releases/ GNU/Linux : wget https://github.com/passbolt/go-passbolt- cli/releases/download/v0.1.9/go-passbolt-cli_0.1.9_linux_amd64.deb && sudo ./dpkg -i go-passbolt-cli_0.1.9_linux_amd64.deb Windows : wget https://github.com/passbolt/go-passbolt- cli/releases/download/v0.2.0/go-passbolt-cli_0.2.0_Windows_arm64.zip Mac OS X : wget go-passbolt-cli_0.2.0_Darwin_x86_64.tar.gz go-passbolt-cli 56
$ passbolt --help A CLI tool to interact with Passbolt. Usage: passbolt [command] Available Commands: configure Configure saves the provided global flags to the Config File create Creates a Passbolt Entity delete Deletes a Passbolt Entity export Exports Passbolt Data get Gets a Passbolt Entity help Help about any command list Lists Passbolt Entitys move Moves a Passbolt Entity share Shares a Passbolt Entity update Updates a Passbolt Entity verify Verify Setup the Server Verification HELP 57 Flags: --config string Config File --debug Enable Debug Logging -h, --help help for passbolt --mfaDelay duration Delay between MFA Attempts, only used in noninteractive modes (default 10s) --mfaMode string How to Handle MFA, the following Modes exist: none, interactive-totp and noninteractive-totp (default "interactive- totp") --mfaRetrys uint How often to retry TOTP Auth, only used in nointeractive modes (default 3) --serverAddress string Passbolt Server Address (https://passbolt.example.com) --timeout duration Timeout for the Context (default 1m0s) --totpOffset duration TOTP Generation offset only used in noninteractive-totp mode --totpToken string Token to generate TOTP's, only used in nointeractive-totp mode --userPassword string Passbolt User Password --userPrivateKey string Passbolt User Private Key --userPrivateKeyFile string Passbolt User Private Key File, if set then the userPrivateKey will be Overwritten with the File Content Use "passbolt [command] --help" for more information about a command. $ passbolt action entity [arguments] Action is the Action you want to perform like Creating, Updating or Deleting an Entity. Entity is a Resource(Password), Folder, User or Group that you want to apply an action to.
PASSBOLT(1) NAME passbolt - A CLI tool to interact with Passbolt. SYNOPSIS passbolt [flags] DESCRIPTION A CLI tool to interact with Passbolt. OPTIONS --config="" Config File --debug[=false] Enable Debug Logging -h, --help[=false] help for passbolt --mfaDelay=10s Delay between MFA Attempts, only used in noninteractive modes --mfaMode="interactive-totp" How to Handle MFA, the following Modes exist: none, interactive-totp and noninteractive-totp MAN 58 --mfaRetrys=3 How often to retry TOTP Auth, only used in nointeractive modes --serverAddress="" Passbolt Server Address (https://passbolt.example.com) --timeout=1m0s Timeout for the Context --totpOffset=0s TOTP Generation offset only used in noninteractive-totp mode --totpToken="" Token to generate TOTP's, only used in nointeractive-totp mode --userPassword="" Passbolt User Password --userPrivateKey="" Passbolt User Private Key --userPrivateKeyFile="" Passbolt User Private Key File, if set then the userPrivateKey will be Overwritten with the File Content
❑ $ passbolt configure --serverAddress https://passbolt.enensys.com --userPassword ")/.u#6e*tCU*Z:mC62z%UTX'9[KV5Trge]}z%bc" --userPrivateKeyFile ./private_key.txt $ echo $? 0 ❑ This is also possible to inject the private key as variable using the -- userPrivateKey parameter. Login to passbolt 59
❑ $ passbolt get resource --id 7fffe9c3-0b52-4580-b836-af04779a972a FolderParentID: 71679db1-bd72-403a-aa72-d6b7145a0208 Name: srv127 - LDAP server Username: root URI: Password: Nxx4f37rLEvM8qWBtDhh Description: mot de passe admin ldapd7NrZSU2AKidFZ-w3hv Get secret 60 mypassword
$ passbolt list user ID | Username | FirstName | LastName | Role 8f2154c9-89ed-4ab0-9630- 701b45fb252e | antonio.dubuisson@enensys.com | Antonio | DUBUISSON | user ccaf58ef-50d6-4db1-8f8f- d875a8e00107 | benjamin.glaud@enensys.com | Benjamin | GLAUD | user 52300540-9d6a-4433-85e5- 07b5f85a6de4 | bertrand.guinebault@enensys.com | Bertrand | GUINEBAULT | user 0edfaa97-1c00-46d7-a488- 7f73a5f3ae81 | it@enensys.com | IT | Team | admin6e779dbe-e43f-4c62-b3df- 42372c87cde6 | thierry.gayet@enensys.com | Thierry | GAYET | user List users 61
$ passbolt list resource ID | FolderParentID | Name | Username | URI b27b6929-7c88-488b-9c0f-222346dd79ec | a4bc0aca-c42a-48c5-9893-ee8aff8db754 | 10.11.40.201 | root | 25785c44-f90b-4ca7-9d22-1b6321aa62c7 | a4bc0aca-c42a-48c5-9893-ee8aff8db754 | 10.12.13.138 | enensys | c717623f-f1db-4dae-a9c7-d9904716f6e6 | a4bc0aca-c42a-48c5-9893-ee8aff8db754 | 10.12.2.110 | enensys | f8fa6a8c-9a3d-4578-ad69-1b7359abfccb | 135d01a7-4b36-4bcf-8b5d-975c38b9f4e4 | accès telnet aux produits modem | root | 10.5.5.125 9fc49a2b-01c8-47fd-9547-b678fb15d9aa | a2f8b4ae-3755-4443-b934-e4233df0a8f3 | Admin | root | https://10.12.208.6:8006/#v1:0:18:4:::::: acd95b22-6960-4784-bcd4-6d9355413d73 | 647aaef4-303b-474b-9b1d-e1ecbd7168ab | Admin | root | ffd9922d-01c8-4adb-b0d0-0762b5fe0e3b | 248e9319-efaf-4bc8-9b48-1981810b16b0 | Agilent Logic Analyzer a-169xxla2 | administrator | 13dcbc82-922c-43dc-9c5a-0131b9849d74 | 88363d11-8c54-41a8-8204-cc3533d30400 | api_castlabs | azza.jedidi@enensys.com | 84ef23a2-f7e4-496d-9cdc-61eefc2c3bde | fb7ea891-a703-44d5-a3da-aec07db699ca | CentOS | enensys | ee29d0d2-a466-41d8-bd13-6bfbeaa3dac1 | fb7ea891-a703-44d5-a3da-aec07db699ca | CentOS | root | 2f57a32e-1548-4321-9381-0a5ed629c6ba | 3f6aa7ad-7cfc-4011-bd3f-f8c274e3fa25 | Centos7 | root | 10.5.8.180 (…) Dump all secrets 62
Use secret from gitlab-ci 63
❑ User : passbolt.gitlab@enensys.com (ONLY this user must be used within GITLAB-CI !) GITLAB 64 I centralize the password and private key ; please ask me for them !
GITLAB (repo setting) 65 You MUST be owner of the git repo
image: ubuntu:latest stages: # List of stages for jobs, and their order of execution - build build-job: # This job runs in the build stage, which runs first. stage: build script: - echo « First stage - apt update - apt install wget -y - wget https://github.com/passbolt/go-passbolt-cli/releases/download/v0.2.0/go-passbolt-cli_0.2.0_linux_amd64.deb - dpkg -i ./go-passbolt-cli_0.2.0_linux_amd64.deb - echo $PASSBOLT_URL - echo $USER_PASSPHRASE - echo $USER_PRIVATE_KEY_FILE - passbolt configure --serverAddress $PASSBOLT_URL --userPassword $USER_PASSPHRASE --userPrivateKeyFile $USER_PRIVATE_KEY_FILE - passbolt get resource --id 7fffe9c3-0b52-4580-b836-af04779a972a GITLAB-CI.yml 66 https://gitlab.enensys.com/training/devsecops/test-ci/-/ci/editor?branch_name=main 🡪 Just a simple example that show how to extract secret from a gitlab-ci
67
JENKINS 68
❑ User : passbolt.jenkins@enensys.com (ONLY this user must be used within JENKINS jobs !) ❑ Jenkins will be usable with the same way as GITLAB ! JENKINS 69
❑ Within jenkins, credentials have been created in order to be able to extract secrets : http://jenkins.enensys.com/manage/credentials/store/system/domain/_/ ❑ Indeed, passbolt need a password and a private key for extracting ressource from passbolt. 70 JENKINS
❑ We can update the jenkins file : (…) environment { PASSBOLT_JENKINS_PASSWORD = credentials('11483a19-5b91-406f-bc6c-81b17952aa67') PASSBOLT_JENKINS_PRIVATE_KEY = credentials('a649027d-e96c-4d55-aedf-0d5d64d3f38e') } (…) ❑ Then, inside a script we can # --- Getting Key from passbolt as file : @echo "--> Getting certificate from the NN6 passbolt ... " passbolt configure --serverAddress https://passbolt.enensys.com --userPassword ${PASSBOLT_JENKINS_PASSWORD} --userPrivateKey ${PASSBOLT_JENKINS_PRIVATE_KEY} KEY_TXT="`passbolt get resource --id ab56dd91-0af4-41f7-8d0c-7f5ce816a796|grep Password|awk '{ print $2 }'`" @echo ${KEY_TXT} > $(TARGET_DIR)/var/external_resources/key.txt 71 JENKINS
❑ We can check the credential in the jenkins’s console : 72 JENKINS
DEVSECOPS 73
❑ https://blog.passbolt.com/managing-secrets-in-ansible-using- passbolt-87af031ceab6 ❑ https://github.com/passbolt/lab-passbolt-ansible-poc Ansible 74
MORE HELP 79
❑ https://fosdem.org/2023/schedule/event/passbolt/ ❑ https://fosdem.org/2023/schedule/event/passbolt/attachments/slides /5956/export/events/attachments/passbolt/slides/5956/iloveyou_exe .pdf FOSDEM 80
81
❑ https://help.passbolt.com/start/ ❑ https://help.passbolt.com/discover/ ❑ https://help.passbolt.com/faq/discover/ ❑ https://help.passbolt.com/releases/ ❑ https://www.passbolt.com/roadmap ❑ https://help.passbolt.com/faq/security/ ❑ https://help.passbolt.com/faq/hosting/ ❑ https://help.passbolt.com/hosting/install/ce/docker.html HELP 82
ENENSYS 4A rue des Buttes CS 37734 35 577 Cesson-Sévigné – France Phone (+33) 1 70 72 51 70 Email contact@test-tree.com www.enensys.com 83

Recommended

Caching and tuning fun for high scalability
Caching and tuning fun for high scalabilityCaching and tuning fun for high scalability
Caching and tuning fun for high scalabilityWim Godden
 
Hacking the swisscom modem
Hacking the swisscom modemHacking the swisscom modem
Hacking the swisscom modemCyber Security Alliance
 
Caching and tuning fun for high scalability
Caching and tuning fun for high scalabilityCaching and tuning fun for high scalability
Caching and tuning fun for high scalabilityWim Godden
 
Containers with systemd-nspawn
Containers with systemd-nspawnContainers with systemd-nspawn
Containers with systemd-nspawnGábor Nyers
 
The post release technologies of Crysis 3 (Slides Only) - Stewart Needham
The post release technologies of Crysis 3 (Slides Only) - Stewart NeedhamThe post release technologies of Crysis 3 (Slides Only) - Stewart Needham
The post release technologies of Crysis 3 (Slides Only) - Stewart NeedhamStewart Needham
 
Issuing temporary credentials for my sql using hashicorp vault
Issuing temporary credentials for my sql using hashicorp vaultIssuing temporary credentials for my sql using hashicorp vault
Issuing temporary credentials for my sql using hashicorp vaultOlinData
 
Openstack 101
Openstack 101Openstack 101
Openstack 101POSSCON
 
Swift Install Workshop - OpenStack Conference Spring 2012
Swift Install Workshop - OpenStack Conference Spring 2012Swift Install Workshop - OpenStack Conference Spring 2012
Swift Install Workshop - OpenStack Conference Spring 2012Joe Arnold
 

Recommended

Caching and tuning fun for high scalability
Caching and tuning fun for high scalabilityCaching and tuning fun for high scalability
Caching and tuning fun for high scalabilityWim Godden
 
Hacking the swisscom modem
Hacking the swisscom modemHacking the swisscom modem
Hacking the swisscom modemCyber Security Alliance
 
Caching and tuning fun for high scalability
Caching and tuning fun for high scalabilityCaching and tuning fun for high scalability
Caching and tuning fun for high scalabilityWim Godden
 
Containers with systemd-nspawn
Containers with systemd-nspawnContainers with systemd-nspawn
Containers with systemd-nspawnGábor Nyers
 
The post release technologies of Crysis 3 (Slides Only) - Stewart Needham
The post release technologies of Crysis 3 (Slides Only) - Stewart NeedhamThe post release technologies of Crysis 3 (Slides Only) - Stewart Needham
The post release technologies of Crysis 3 (Slides Only) - Stewart NeedhamStewart Needham
 
Issuing temporary credentials for my sql using hashicorp vault
Issuing temporary credentials for my sql using hashicorp vaultIssuing temporary credentials for my sql using hashicorp vault
Issuing temporary credentials for my sql using hashicorp vaultOlinData
 
Openstack 101
Openstack 101Openstack 101
Openstack 101POSSCON
 
Swift Install Workshop - OpenStack Conference Spring 2012
Swift Install Workshop - OpenStack Conference Spring 2012Swift Install Workshop - OpenStack Conference Spring 2012
Swift Install Workshop - OpenStack Conference Spring 2012Joe Arnold
 
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...Jisc
 
FPC for the Masses - CoRIIN 2018
FPC for the Masses - CoRIIN 2018FPC for the Masses - CoRIIN 2018
FPC for the Masses - CoRIIN 2018Xavier Mertens
 
Memcached Study
Memcached StudyMemcached Study
Memcached Studynam kwangjin
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemCyber Security Alliance
 
Linux administration ii-parti
Linux administration ii-partiLinux administration ii-parti
Linux administration ii-partiSehla Loussaief Zayen
 
Caching and tuning fun for high scalability @ FrOSCon 2011
Caching and tuning fun for high scalability @ FrOSCon 2011Caching and tuning fun for high scalability @ FrOSCon 2011
Caching and tuning fun for high scalability @ FrOSCon 2011Wim Godden
 
InSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi SassiInSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi SassiYossi Sassi
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationAnant Shrivastava
 
SecZone 2011: Scrubbing SAP clean with SOAP
SecZone 2011: Scrubbing SAP clean with SOAPSecZone 2011: Scrubbing SAP clean with SOAP
SecZone 2011: Scrubbing SAP clean with SOAPChris John Riley
 
PHP & Performance
PHP & PerformancePHP & Performance
PHP & Performance毅 吕
 
php & performance
php & performance php & performance
php & performancesimon8410
 
Caching and tuning fun for high scalability
Caching and tuning fun for high scalabilityCaching and tuning fun for high scalability
Caching and tuning fun for high scalabilityWim Godden
 
SAP (in)security: Scrubbing SAP clean with SOAP
SAP (in)security: Scrubbing SAP clean with SOAPSAP (in)security: Scrubbing SAP clean with SOAP
SAP (in)security: Scrubbing SAP clean with SOAPChris John Riley
 
Jump into Squeak - Integrate Squeak projects with Docker & Github
Jump into Squeak - Integrate Squeak projects with Docker & GithubJump into Squeak - Integrate Squeak projects with Docker & Github
Jump into Squeak - Integrate Squeak projects with Docker & Githubhubx
 
Tatu: ssh as a service
Tatu: ssh as a serviceTatu: ssh as a service
Tatu: ssh as a servicePino deCandia
 
FIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE
 
Hardening cassandra q2_2016
Hardening cassandra q2_2016Hardening cassandra q2_2016
Hardening cassandra q2_2016zznate
 
Securing Cassandra for Compliance
Securing Cassandra for ComplianceSecuring Cassandra for Compliance
Securing Cassandra for ComplianceDataStax
 
Symfony Performance
Symfony PerformanceSymfony Performance
Symfony PerformancePaul Thrasher
 
Reutov, yunusov, nagibin random numbers take ii
Reutov, yunusov, nagibin random numbers take iiReutov, yunusov, nagibin random numbers take ii
Reutov, yunusov, nagibin random numbers take iiDefconRussia
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 

More Related Content

Similar to Passbolt Introduction and Usage for secret managment

EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...Jisc
 
FPC for the Masses - CoRIIN 2018
FPC for the Masses - CoRIIN 2018FPC for the Masses - CoRIIN 2018
FPC for the Masses - CoRIIN 2018Xavier Mertens
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemCyber Security Alliance
 
Caching and tuning fun for high scalability @ FrOSCon 2011
Caching and tuning fun for high scalability @ FrOSCon 2011Caching and tuning fun for high scalability @ FrOSCon 2011
Caching and tuning fun for high scalability @ FrOSCon 2011Wim Godden
 
InSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi SassiInSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi SassiYossi Sassi
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationAnant Shrivastava
 
SecZone 2011: Scrubbing SAP clean with SOAP
SecZone 2011: Scrubbing SAP clean with SOAPSecZone 2011: Scrubbing SAP clean with SOAP
SecZone 2011: Scrubbing SAP clean with SOAPChris John Riley
 
PHP & Performance
PHP & PerformancePHP & Performance
PHP & Performance毅 吕
 
php & performance
php & performance php & performance
php & performancesimon8410
 
Caching and tuning fun for high scalability
Caching and tuning fun for high scalabilityCaching and tuning fun for high scalability
Caching and tuning fun for high scalabilityWim Godden
 
SAP (in)security: Scrubbing SAP clean with SOAP
SAP (in)security: Scrubbing SAP clean with SOAPSAP (in)security: Scrubbing SAP clean with SOAP
SAP (in)security: Scrubbing SAP clean with SOAPChris John Riley
 
Jump into Squeak - Integrate Squeak projects with Docker & Github
Jump into Squeak - Integrate Squeak projects with Docker & GithubJump into Squeak - Integrate Squeak projects with Docker & Github
Jump into Squeak - Integrate Squeak projects with Docker & Githubhubx
 
Tatu: ssh as a service
Tatu: ssh as a serviceTatu: ssh as a service
Tatu: ssh as a servicePino deCandia
 
FIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE
 
Hardening cassandra q2_2016
Hardening cassandra q2_2016Hardening cassandra q2_2016
Hardening cassandra q2_2016zznate
 
Securing Cassandra for Compliance
Securing Cassandra for ComplianceSecuring Cassandra for Compliance
Securing Cassandra for ComplianceDataStax
 
Reutov, yunusov, nagibin random numbers take ii
Reutov, yunusov, nagibin random numbers take iiReutov, yunusov, nagibin random numbers take ii
Reutov, yunusov, nagibin random numbers take iiDefconRussia
 

Similar to Passbolt Introduction and Usage for secret managment (20)

EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
 
FPC for the Masses - CoRIIN 2018
FPC for the Masses - CoRIIN 2018FPC for the Masses - CoRIIN 2018
FPC for the Masses - CoRIIN 2018
 
Memcached Study
Memcached StudyMemcached Study
Memcached Study
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande Modem
 
Linux administration ii-parti
Linux administration ii-partiLinux administration ii-parti
Linux administration ii-parti
 
Caching and tuning fun for high scalability @ FrOSCon 2011
Caching and tuning fun for high scalability @ FrOSCon 2011Caching and tuning fun for high scalability @ FrOSCon 2011
Caching and tuning fun for high scalability @ FrOSCon 2011
 
InSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi SassiInSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi Sassi
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web Application
 
SecZone 2011: Scrubbing SAP clean with SOAP
SecZone 2011: Scrubbing SAP clean with SOAPSecZone 2011: Scrubbing SAP clean with SOAP
SecZone 2011: Scrubbing SAP clean with SOAP
 
PHP & Performance
PHP & PerformancePHP & Performance
PHP & Performance
 
php & performance
php & performance php & performance
php & performance
 
Caching and tuning fun for high scalability
Caching and tuning fun for high scalabilityCaching and tuning fun for high scalability
Caching and tuning fun for high scalability
 
SAP (in)security: Scrubbing SAP clean with SOAP
SAP (in)security: Scrubbing SAP clean with SOAPSAP (in)security: Scrubbing SAP clean with SOAP
SAP (in)security: Scrubbing SAP clean with SOAP
 
Jump into Squeak - Integrate Squeak projects with Docker & Github
Jump into Squeak - Integrate Squeak projects with Docker & GithubJump into Squeak - Integrate Squeak projects with Docker & Github
Jump into Squeak - Integrate Squeak projects with Docker & Github
 
Tatu: ssh as a service
Tatu: ssh as a serviceTatu: ssh as a service
Tatu: ssh as a service
 
FIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT Devices
 
Hardening cassandra q2_2016
Hardening cassandra q2_2016Hardening cassandra q2_2016
Hardening cassandra q2_2016
 
Securing Cassandra for Compliance
Securing Cassandra for ComplianceSecuring Cassandra for Compliance
Securing Cassandra for Compliance
 
Symfony Performance
Symfony PerformanceSymfony Performance
Symfony Performance
 
Reutov, yunusov, nagibin random numbers take ii
Reutov, yunusov, nagibin random numbers take iiReutov, yunusov, nagibin random numbers take ii
Reutov, yunusov, nagibin random numbers take ii
 

Recently uploaded

KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
software engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxsoftware engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxnada99848
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 

Recently uploaded (20)

KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
software engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxsoftware engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptx
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 

Passbolt Introduction and Usage for secret managment

  • 1. lundi 13 mars 2023 Passbolt
  • 2. ❑ Why passbolt ? ❑ Registration / login ❑ Passbolt introduction ❑ Import keepassxc files ❑ Export to password manager ❑ Extract secret from bach/python script ❑ Use secret from gitlab-ci GOAL 2
  • 4. ❑ For many reason : ⮚ There is many keepassxc file on the drive and this is safer to have a single access to all secrets (this is more difficult to leave NN6 with all secrets) : WHY 4
  • 5. ❑ To avoids secret in ANY script (local, gitlab-ci, jenkins, …. ) WHY 5
  • 7. ❑ One single URL for all ENENSYS : ⮚ https://passbolt.enensys.com ⮚ https://passbolt.enensys.com/auth/login?redirect=%2Fapp%2Fusers&locale =fr-FR URL 7
  • 8. SIGN IN PROCESS 8 To access to the PASSBOLT appliance, you must be invited by the admin. If so, you will receive such email 🡪
  • 9. SIGN IN PROCESS 9 Fill with a strong passphrase ! Valid
  • 10. ❑ Store the private key preciously inside your local keepassxc because you will need it if you migrate your environment to another computer or for command line ! SIGN IN PROCESS 10 $ cat private2.txt -----BEGIN PGP PRIVATE KEY BLOCK----- xcTGBGRKlCgBDADxZFP++5zvD7YLLZakyu3InA1IANazb/XpTvJwGWeXcbNL aBChr3VPgUYQ1TtAE7R0FlS9oukSP4QQrfV1Crgab33fIar69bvRCZZo0iFZ s/JEOvqEkY/pGsXQZaoJX91qHP6e5tG71K+e5aC+oHa3Dppdhurnrjk5fCdy 0ccSO64YwAlgdrap+hE1m4rbjkgzER9YXimePLO+hqyJJ3atDwIird0J763b EDQJ3dIy9zYbWU3eIkwDON9SK1l/DMzFc9gYPpJmCFaxlRTdqtAAeuKPD9BD kYy/LyywKbVbU7ZH90zgL+OGEV1iFe7x7N1CHWzzIqN5AKpfGAeI6UWL/F4F 3hgau3hJmuJEEz70VM82ll/QKmgoSJJNxejtomJICqT+mD/HM2OW3N7FnZG7 3CbqcvHcl2Y6ov/KF1omd2h4r/HuC3rDBgJS1T3D16P4V9cBsCsnZxcdqd1L A50xeW2Nws7Vqg7OTJC+8p8MFkxnE9GvxS6Wz0J29dHa1esAEQEAAf4JAwio 6hzUGjUVjeA0MxpBAdSeJczZTUuy3DZ2nwRG6N5XARGasQ3EH4azRpNi2iOM oZEVwmTFYVE27ZVn4Rds9HSTSk6XHUguuXn3Tin6jpmDH5FlpubxRq23+UOS HH6o3jhGhtYSRxvHq95vCMg6bS9bGKgyv/cvl8RjoU+Js/mOcw9kVe1KGuTE Mo4gjmfxSS9MejBCby7Hi3tRwaGFbe9cjK2JeMSmZoDkUPzVyfFcIRamxiKT C/d2ZoOLzOqQyXPMWQItdhMs+/ULlhLaulrFfoU4TRa8fWz4XSoN1F5Tuc3b zsj5zrgH4K15p1vTFs4krT3UY9hYSDklIMm2RaFJx7UQaBX9iN2kvnGrOlXc qZ+/2mSB1c4IoZMUJb2Iz0BW1W2VsKGnJ4lXfBguN1AYdB+HXOjjXMhUaFii R+guRagxDNLPNLsDIOfd8z6KTAUJ/t+D9lEtU6+wNWz7eUgNiI/rnbIHT2HN 8esH8E29HdCZMJmnTnDZ5Xo8EFw+MuunII4buLUy/WUpO2eMenzS/1h2nxbD n9O3NRmXJrvxsGmMkADc2LNg4/Bx8g21vZATiFFVKtomRqdhbOW/D0Ro3lfo qSU5RBNtd9vlwf3V00CifeX4LcqOCLXtd36awtUtTArdkIRBtcVQ5nDVA2qA (…) -----END PGP PRIVATE KEY BLOCK-----
  • 13. SIGN IN PROCESS 13 Not yet in the RD group !
  • 14. SIGN IN PROCESS 14 After the intégration of the user to the rd group
  • 15. LOGIN 15 Fill With your passphrase We are already known We just need to sign in https://passbolt.enensys.com/
  • 16. ❑ For an installation on another computer : (RE)LOGIN 16
  • 17. ❑ You will need to dump your private pgp key file : (RE)LOGIN 17
  • 18. ❑ Finaly retype your passphrase : (RE)LOGIN 18
  • 19. ❑ Choose a color : (RE)LOGIN 19 And that’s all !
  • 21. 21
  • 29. ❑ COPY USERNAME TO CLIPBOARD ❑ COPY PASSWORD TO CLIPBOARD ❑ DELETE ❑ COPY PERMALINK TO CLIPBOARD : https://passbolt.enensys.com/app/passwords/view/818f39c7-bb8e- 441d-851d-2148c0781702 OTHER ACTIONS 29
  • 31. Keepassxc 🡪 export 🡪 CVS file 🡪 import 🡪 Passbolt Database Menu 🡪 Export 🡪 CVS File … Export 31
  • 32. Export 32 "Group","Title","Username","Password","URL","Notes","TOTP","Icon","Last Modified","Created" "Database/Recycle Bin","postgre password","","y7BSsxFFCXi7cnd3C0tJ","","","","0","2022-12-20T13:10:13Z","2022-12- 20T13:10:03Z" "Database/Recycle Bin","ESXI labo","root","2duk2cwZ18!","","","","0","2023-01-12T15:32:53Z","2023-01-12T15:32:21Z" "Database/Recycle Bin","IDRAC","root","Enensys35","https://10.12.2.173","","","0","2023-02-23T07:06:36Z","2023-02- 23T07:05:08Z" "Database/Recycle Bin","DATAMINER on ESXI-DEMO","enensys","4_DataMiner_2021!_TestTree","10.12.238.33","to connect via RDP: ordinateur 10.12.238.33","","0","2023-03-16T11:12:08Z","2023-03-16T11:10:31Z" "Database/Recycle Bin","DATAMINER on ESXI-DEMO","enensys","4_DataMiner_2021!_TestTree","10.12.238.33","To connect via RDP: ordinateur 10.12.238.33","","0","2023-03-16T10:54:02Z","2023-03-16T10:50:21Z" "Database/Recycle Bin/srv081","idrac","root","XzRurRuMT68w0i55QWHa","https://srv081-idrac/","","","0","2020-11- 20T14:31:00Z","2020-11-20T14:31:00Z" "Database/Recycle Bin/srv081","Esxi","root","enensys_35","srv081.enensys.com","","","0","2020-11-20T14:31:00Z","2020-11- 20T14:31:00Z" "Database/Recycle Bin/Srv200","idrac - Copy","root","N5mC3VDYsDNSnYs4nuVpqQ2QA","https://srv200.enensys.com/","10.12.2.151","","0","2023-02- 21T16:21:53Z","2023-02-21T16:23:00Z" "Database/Recycle Bin/Srv200","Centos7 - Copy","root","qArhWbqfFU9Pp27uhHo2ju7CV","10.5.8.180","","","0","2023-02- 21T16:22:11Z","2023-02-21T16:23:00Z" "Database/Recycle Bin/Srv200","Centos7 - Copy","enensys","JHqohXR2sgKNW7oJdeiJvbspL","","","","0","2023-02- 21T16:20:48Z","2023-02-21T16:23:00Z" "Database/Recycle Bin/Srv200","ovirt - Copy","admin","ovirt_nn6","10.5.8.180","","","0","2023-02-21T16:22:26Z","2023-02- 21T16:23:00Z" "Database/Hyperviseurs","srv044","enensys","enensys35","https://10.1.208.4/ui","Download vshpere @10.1.208.4 Mdp ssh idem","","0","2019-04-05T08:51:22Z","2019-04-05T08:50:24Z" "Database/Hyperviseurs","srv083","root","xHrepPRBEbjSf8xBfSVG","https://srv083/ui/#/login","","","0","2019-04- 05T08:50:57Z","2019-04-05T08:50:42Z" "Database/Hyperviseurs","srv091","root","OToKjz4jzBkIMUak1iJM","https://srv091/ui/#/login","","","0","2019-04- 05T08:51:59Z","2019-04-05T08:51:36Z" "Database/Hyperviseurs","srv087","root","kKlu3NdtujXpYwqQ0aba","https://srv087/ui/#/login","","","0","2019-04- 05T08:52:29Z","2019-04-05T08:52:10Z" "Database/Hyperviseurs/Srv043 - Esxi - 10.12.208.2","https://10.12.208.2/ui","enensys","enensys35","https://10.1.208.2/ui","Download vshpere @10.1.208.2 Mdp ssh idem","","0","2021-01-19T10:20:15Z","2020-11-20T14:30:18Z" "Database/Hyperviseurs/Srv043 - Esxi - 10.12.208.2","ssh","root","HAvkuviK7W","","","","0","2022-09-16T09:37:12Z","2021-02- 23T14:06:21Z" "Database/Hyperviseurs/Srv044 - Esxi - 10.12.208.4","https://10.12.208.4/ui - Copy","enensys","enensys35","https://10.12.208.4/ui","Download vshpere @10.12.208.4 Mdp ssh idem","","0","2021-06-23T10:47:36Z","2020-11-20T14:30:35Z« (…) PRIVATE ☺
  • 35. 35
  • 36. GOOGLE CHROME & MOZILLA FIREFOX EXTENSIONS 36
  • 37. ❑ Google chrome : ⮚ https://chrome.google.com/webstore/detail/passbolt-open-source- pass/didegimhafipceonhjepacocaffmoppf ❑ Firefox : ⮚ https://addons.mozilla.org/fr/firefox/addon/passbolt/ ❑ https://www.passbolt.com/downloads ❑ https://github.com/passbolt/passbolt_browser_extension ❑ https://help.passbolt.com/faq/start/browser-extensions 37
  • 38. 38
  • 39. Export to password manager 39
  • 40. ❑ For offline experience without access to the NN6 VPN. Export 40
  • 41. Export 41 It will download a file with the keepassxc format That can be directly opend with that password manager !
  • 43. 43
  • 44. 44
  • 45. 45
  • 46. 46
  • 47. 47
  • 48. 48
  • 49. 49
  • 50. 50
  • 51. 51
  • 52. 52
  • 53. 53
  • 54. Extract secret from bach/python script 54
  • 55. ❑ For that purpose you will need several items : ❑ The URL of the passbolt instance/server ❑ Your user password ❑ Your user private pgp key saved in a private_key.txt file 55
  • 56. ❑ Website : https://github.com/passbolt/go-passbolt-cli/releases/ GNU/Linux : wget https://github.com/passbolt/go-passbolt- cli/releases/download/v0.1.9/go-passbolt-cli_0.1.9_linux_amd64.deb && sudo ./dpkg -i go-passbolt-cli_0.1.9_linux_amd64.deb Windows : wget https://github.com/passbolt/go-passbolt- cli/releases/download/v0.2.0/go-passbolt-cli_0.2.0_Windows_arm64.zip Mac OS X : wget go-passbolt-cli_0.2.0_Darwin_x86_64.tar.gz go-passbolt-cli 56
  • 57. $ passbolt --help A CLI tool to interact with Passbolt. Usage: passbolt [command] Available Commands: configure Configure saves the provided global flags to the Config File create Creates a Passbolt Entity delete Deletes a Passbolt Entity export Exports Passbolt Data get Gets a Passbolt Entity help Help about any command list Lists Passbolt Entitys move Moves a Passbolt Entity share Shares a Passbolt Entity update Updates a Passbolt Entity verify Verify Setup the Server Verification HELP 57 Flags: --config string Config File --debug Enable Debug Logging -h, --help help for passbolt --mfaDelay duration Delay between MFA Attempts, only used in noninteractive modes (default 10s) --mfaMode string How to Handle MFA, the following Modes exist: none, interactive-totp and noninteractive-totp (default "interactive- totp") --mfaRetrys uint How often to retry TOTP Auth, only used in nointeractive modes (default 3) --serverAddress string Passbolt Server Address (https://passbolt.example.com) --timeout duration Timeout for the Context (default 1m0s) --totpOffset duration TOTP Generation offset only used in noninteractive-totp mode --totpToken string Token to generate TOTP's, only used in nointeractive-totp mode --userPassword string Passbolt User Password --userPrivateKey string Passbolt User Private Key --userPrivateKeyFile string Passbolt User Private Key File, if set then the userPrivateKey will be Overwritten with the File Content Use "passbolt [command] --help" for more information about a command. $ passbolt action entity [arguments] Action is the Action you want to perform like Creating, Updating or Deleting an Entity. Entity is a Resource(Password), Folder, User or Group that you want to apply an action to.
  • 58. PASSBOLT(1) NAME passbolt - A CLI tool to interact with Passbolt. SYNOPSIS passbolt [flags] DESCRIPTION A CLI tool to interact with Passbolt. OPTIONS --config="" Config File --debug[=false] Enable Debug Logging -h, --help[=false] help for passbolt --mfaDelay=10s Delay between MFA Attempts, only used in noninteractive modes --mfaMode="interactive-totp" How to Handle MFA, the following Modes exist: none, interactive-totp and noninteractive-totp MAN 58 --mfaRetrys=3 How often to retry TOTP Auth, only used in nointeractive modes --serverAddress="" Passbolt Server Address (https://passbolt.example.com) --timeout=1m0s Timeout for the Context --totpOffset=0s TOTP Generation offset only used in noninteractive-totp mode --totpToken="" Token to generate TOTP's, only used in nointeractive-totp mode --userPassword="" Passbolt User Password --userPrivateKey="" Passbolt User Private Key --userPrivateKeyFile="" Passbolt User Private Key File, if set then the userPrivateKey will be Overwritten with the File Content
  • 59. ❑ $ passbolt configure --serverAddress https://passbolt.enensys.com --userPassword ")/.u#6e*tCU*Z:mC62z%UTX'9[KV5Trge]}z%bc" --userPrivateKeyFile ./private_key.txt $ echo $? 0 ❑ This is also possible to inject the private key as variable using the -- userPrivateKey parameter. Login to passbolt 59
  • 60. ❑ $ passbolt get resource --id 7fffe9c3-0b52-4580-b836-af04779a972a FolderParentID: 71679db1-bd72-403a-aa72-d6b7145a0208 Name: srv127 - LDAP server Username: root URI: Password: Nxx4f37rLEvM8qWBtDhh Description: mot de passe admin ldapd7NrZSU2AKidFZ-w3hv Get secret 60 mypassword
  • 61. $ passbolt list user ID | Username | FirstName | LastName | Role 8f2154c9-89ed-4ab0-9630- 701b45fb252e | antonio.dubuisson@enensys.com | Antonio | DUBUISSON | user ccaf58ef-50d6-4db1-8f8f- d875a8e00107 | benjamin.glaud@enensys.com | Benjamin | GLAUD | user 52300540-9d6a-4433-85e5- 07b5f85a6de4 | bertrand.guinebault@enensys.com | Bertrand | GUINEBAULT | user 0edfaa97-1c00-46d7-a488- 7f73a5f3ae81 | it@enensys.com | IT | Team | admin6e779dbe-e43f-4c62-b3df- 42372c87cde6 | thierry.gayet@enensys.com | Thierry | GAYET | user List users 61
  • 62. $ passbolt list resource ID | FolderParentID | Name | Username | URI b27b6929-7c88-488b-9c0f-222346dd79ec | a4bc0aca-c42a-48c5-9893-ee8aff8db754 | 10.11.40.201 | root | 25785c44-f90b-4ca7-9d22-1b6321aa62c7 | a4bc0aca-c42a-48c5-9893-ee8aff8db754 | 10.12.13.138 | enensys | c717623f-f1db-4dae-a9c7-d9904716f6e6 | a4bc0aca-c42a-48c5-9893-ee8aff8db754 | 10.12.2.110 | enensys | f8fa6a8c-9a3d-4578-ad69-1b7359abfccb | 135d01a7-4b36-4bcf-8b5d-975c38b9f4e4 | accès telnet aux produits modem | root | 10.5.5.125 9fc49a2b-01c8-47fd-9547-b678fb15d9aa | a2f8b4ae-3755-4443-b934-e4233df0a8f3 | Admin | root | https://10.12.208.6:8006/#v1:0:18:4:::::: acd95b22-6960-4784-bcd4-6d9355413d73 | 647aaef4-303b-474b-9b1d-e1ecbd7168ab | Admin | root | ffd9922d-01c8-4adb-b0d0-0762b5fe0e3b | 248e9319-efaf-4bc8-9b48-1981810b16b0 | Agilent Logic Analyzer a-169xxla2 | administrator | 13dcbc82-922c-43dc-9c5a-0131b9849d74 | 88363d11-8c54-41a8-8204-cc3533d30400 | api_castlabs | azza.jedidi@enensys.com | 84ef23a2-f7e4-496d-9cdc-61eefc2c3bde | fb7ea891-a703-44d5-a3da-aec07db699ca | CentOS | enensys | ee29d0d2-a466-41d8-bd13-6bfbeaa3dac1 | fb7ea891-a703-44d5-a3da-aec07db699ca | CentOS | root | 2f57a32e-1548-4321-9381-0a5ed629c6ba | 3f6aa7ad-7cfc-4011-bd3f-f8c274e3fa25 | Centos7 | root | 10.5.8.180 (…) Dump all secrets 62
  • 63. Use secret from gitlab-ci 63
  • 64. ❑ User : passbolt.gitlab@enensys.com (ONLY this user must be used within GITLAB-CI !) GITLAB 64 I centralize the password and private key ; please ask me for them !
  • 65. GITLAB (repo setting) 65 You MUST be owner of the git repo
  • 66. image: ubuntu:latest stages: # List of stages for jobs, and their order of execution - build build-job: # This job runs in the build stage, which runs first. stage: build script: - echo « First stage - apt update - apt install wget -y - wget https://github.com/passbolt/go-passbolt-cli/releases/download/v0.2.0/go-passbolt-cli_0.2.0_linux_amd64.deb - dpkg -i ./go-passbolt-cli_0.2.0_linux_amd64.deb - echo $PASSBOLT_URL - echo $USER_PASSPHRASE - echo $USER_PRIVATE_KEY_FILE - passbolt configure --serverAddress $PASSBOLT_URL --userPassword $USER_PASSPHRASE --userPrivateKeyFile $USER_PRIVATE_KEY_FILE - passbolt get resource --id 7fffe9c3-0b52-4580-b836-af04779a972a GITLAB-CI.yml 66 https://gitlab.enensys.com/training/devsecops/test-ci/-/ci/editor?branch_name=main 🡪 Just a simple example that show how to extract secret from a gitlab-ci
  • 67. 67
  • 69. ❑ User : passbolt.jenkins@enensys.com (ONLY this user must be used within JENKINS jobs !) ❑ Jenkins will be usable with the same way as GITLAB ! JENKINS 69
  • 70. ❑ Within jenkins, credentials have been created in order to be able to extract secrets : http://jenkins.enensys.com/manage/credentials/store/system/domain/_/ ❑ Indeed, passbolt need a password and a private key for extracting ressource from passbolt. 70 JENKINS
  • 71. ❑ We can update the jenkins file : (…) environment { PASSBOLT_JENKINS_PASSWORD = credentials('11483a19-5b91-406f-bc6c-81b17952aa67') PASSBOLT_JENKINS_PRIVATE_KEY = credentials('a649027d-e96c-4d55-aedf-0d5d64d3f38e') } (…) ❑ Then, inside a script we can # --- Getting Key from passbolt as file : @echo "--> Getting certificate from the NN6 passbolt ... " passbolt configure --serverAddress https://passbolt.enensys.com --userPassword ${PASSBOLT_JENKINS_PASSWORD} --userPrivateKey ${PASSBOLT_JENKINS_PRIVATE_KEY} KEY_TXT="`passbolt get resource --id ab56dd91-0af4-41f7-8d0c-7f5ce816a796|grep Password|awk '{ print $2 }'`" @echo ${KEY_TXT} > $(TARGET_DIR)/var/external_resources/key.txt 71 JENKINS
  • 72. ❑ We can check the credential in the jenkins’s console : 72 JENKINS
  • 77. 81
  • 78. ❑ https://help.passbolt.com/start/ ❑ https://help.passbolt.com/discover/ ❑ https://help.passbolt.com/faq/discover/ ❑ https://help.passbolt.com/releases/ ❑ https://www.passbolt.com/roadmap ❑ https://help.passbolt.com/faq/security/ ❑ https://help.passbolt.com/faq/hosting/ ❑ https://help.passbolt.com/hosting/install/ce/docker.html HELP 82
  • 79. ENENSYS 4A rue des Buttes CS 37734 35 577 Cesson-Sévigné – France Phone (+33) 1 70 72 51 70 Email contact@test-tree.com www.enensys.com 83