### Create and Share Resource Source: https://context7.com/passbolt/lab-passbolt-py/llms.txt An end-to-end example demonstrating the creation of a new resource and sharing it with a group. ```APIDOC ## POST /resources and POST /groups/{group_id}/users ### Description This is a complete example that first creates a new password resource, then creates a group (or uses an existing one), and finally adds users to that group, effectively sharing the resource. ### Method POST (for resource creation and group creation), POST (for adding users to groups) ### Endpoint `/resources`, `/groups`, `/groups/{group_id}/users` ### Parameters (See individual endpoint documentation for detailed parameters. This example shows the usage within the SDK.) ### Request Example ```python from passbolt import PassboltAPI import json # Initialize client with open("config.json") as config_file: config = json.load(config_file) p = PassboltAPI(dict_config=config) # Step 1: Create a new resource secret_data = { "password": "productionDB_pass_2024!", "description": "Production database credentials - MySQL 8.0" } new_resource = { "name": "Production MySQL DB", "username": "db_admin", "uri": "mysql://prod-db.example.com:3306", "resource_type_id": p.resource_types["password-and-description"], "secrets": [ { "data": p.encrypt( secret_data, p.get_user_public_key(p.user_id) ) } ] } response = p.create_resource(new_resource) resource_id = json.loads(response.text)("body")("id") print(f"Created resource: {resource_id}") # Step 2: Create a group (or get existing) group_response = p.create_group("Database Admins") group_id = json.loads(group_response.text)("body")("id") # Step 3: Add team members to the group team_members = [ "alice@example.com", "bob@example.com" ] for email in team_members: user = p.get_user_by_email(email) if user: response = p.put_user_on_group(group_id, user["id"], admin=False) print(f"Added {email} to group") print("Resource created and shared with team!") ``` ### Response #### Success Response (200) (for each operation) - **status_code** (integer) - Indicates successful operation. - **body** (object) - Contains details of the created resource or group, or confirmation of user addition. #### Response Example (for resource creation) ```json { "status_code": 201, "body": { "id": "resource-uuid-xyz", "message": "Resource created successfully." } } ``` ``` -------------------------------- ### Install py-passbolt Python Library Source: https://github.com/passbolt/lab-passbolt-py/blob/main/README.md Installs the py-passbolt Python library using pip. This is the primary method for adding the library to your Python environment. ```bash python -m pip install py-passbolt ``` -------------------------------- ### Initialize PassboltAPI Client (Python) Source: https://context7.com/passbolt/lab-passbolt-py/llms.txt Demonstrates how to create and authenticate a PassboltAPI client instance. It supports configuration loading from a JSON file or environment variables, and shows example configurations for both PGPy and python-gnupg. ```python from passbolt import PassboltAPI import json # Using config file with open("config.json") as config_file: dict_config = json.load(config_file) # Initialize client (automatically authenticates) p = PassboltAPI(dict_config=dict_config) # Alternative: Using environment variables # Set these environment variables first: # PASSBOLT_BASE_URL=https://passbolt.example.com # PASSBOLT_PRIVATE_KEY=-----BEGIN PGP PRIVATE KEY BLOCK-----\n...\n-----END PGP PRIVATE KEY BLOCK-----\n # PASSBOLT_PASSPHRASE=your-passphrase p = PassboltAPI() # Config file format (PGPy): config_pgpy = { "base_url": "https://passbolt.domain.tld", "private_key": "-----BEGIN PGP PRIVATE KEY BLOCK-----\r\n\r\n...-----END PGP PRIVATE KEY BLOCK-----\r", "passphrase": "a-strong-passphrase" } # Config file format (gnupg): config_gnupg = { "gpg_binary": "gpg", "gpg_library": "gnupg", "fingerprint": "1321159AE7BEE9EF9C4BBC7ECBAD2FB0C22FE70C", "base_url": "https://passbolt.domain.tld" } ``` -------------------------------- ### Get Resource Types Source: https://context7.com/passbolt/lab-passbolt-py/llms.txt Retrieves a list of available resource type definitions, including their IDs, names, and descriptions. ```APIDOC ## GET /resource_types ### Description Retrieves a list of available resource type definitions, including their IDs, names, and descriptions. ### Method GET ### Endpoint `/resource_types` ### Parameters #### Query Parameters - **per** (string) - Optional - Specifies the mapping format for returned IDs. Accepted values: 'slug'. If not provided, a list of objects is returned. ### Request Example ```python # Get all resource types resource_types = p.get_resource_types() for rt in resource_types: print(f"Name: {rt['name']}") print(f"Slug: {rt['slug']}") print(f"ID: {rt['id']}") print(f"Description: {rt['description']}") print("---") # Get resource type IDs mapped by slug type_ids_by_slug = p.get_resource_type_ids(per="slug") print(f"password-string ID: {type_ids_by_slug['password-string']}") print(f"password-and-description ID: {type_ids_by_slug['password-and-description']}") # Access via convenience property password_string_id = p.resource_types["password-string"] password_desc_id = p.resource_types["password-and-description"] ``` ### Response #### Success Response (200) - **resource_types** (array or object) - If `per` is not specified, an array of resource type objects. If `per='slug'`, an object mapping slugs to IDs. - **id** (integer) - The unique identifier of the resource type. - **name** (string) - The human-readable name of the resource type. - **slug** (string) - A URL-friendly identifier for the resource type. - **description** (string) - A description of the resource type. #### Response Example (without `per` parameter) ```json [ { "id": 1, "name": "Password and Description", "slug": "password-and-description", "description": "Stores a password and a description." } ] ``` #### Response Example (with `per='slug'`) ```json { "password-and-description": 1 } ``` ``` -------------------------------- ### Create and Share Resource End-to-End (Python) Source: https://context7.com/passbolt/lab-passbolt-py/llms.txt An example demonstrating the complete workflow of creating a new password resource, encrypting its secret data, and then sharing it with a group by adding members to that group. Requires configuration loading and PassboltAPI initialization. ```python from passbolt import PassboltAPI import json # Assuming 'config.json' exists and contains valid configuration # with open("config.json") as config_file: # config = json.load(config_file) # p = PassboltAPI(dict_config=config) # Step 1: Create a new resource secret_data = { "password": "productionDB_pass_2024!", "description": "Production database credentials - MySQL 8.0" } # Assuming 'p' is an initialized PassboltAPI instance # new_resource = { # "name": "Production MySQL DB", # "username": "db_admin", # "uri": "mysql://prod-db.example.com:3306", # "resource_type_id": p.resource_types["password-and-description"], # "secrets": [ # { # "data": p.encrypt( # secret_data, # p.get_user_public_key(p.user_id) # ) # } # ] # } # response = p.create_resource(new_resource) # resource_id = json.loads(response.text)("body")("id") # print(f"Created resource: {resource_id}") # Step 2: Create a group (or get existing) # group_response = p.create_group("Database Admins") # group_id = json.loads(group_response.text)("body")("id") # Step 3: Add team members to the group # team_members = [ # "alice@example.com", # "bob@example.com" # ] # for email in team_members: # user = p.get_user_by_email(email) # if user: # response = p.put_user_on_group(group_id, user["id"], admin=False) # print(f"Added {email} to group") # print("Resource created and shared with team!") ``` -------------------------------- ### Format OpenPGP Key for macOS Source: https://github.com/passbolt/lab-passbolt-py/blob/main/README.md Formats a private OpenPGP key file for use with Passbolt on macOS by replacing newline characters with escaped newlines. It requires the installation of `gnu-sed` via Homebrew. ```bash brew install gnu-sed gsed -z 's/\n/\\n/g' private.asc ``` -------------------------------- ### Manage Users: Retrieve User Information Source: https://context7.com/passbolt/lab-passbolt-py/llms.txt Demonstrates how to retrieve user information from Passbolt. It covers fetching all users, finding a user by their email address, and finding a user by their unique ID. It also shows how to get the current logged-in user's ID. ```python from passbolt import PassboltAPI # Assuming 'config' is a dictionary with configuration # p = PassboltAPI(dict_config=config) # # Get all users # all_users = p.get_users() # print(f"Total users: {len(all_users)}") # # Find user by email # user = p.get_user_by_email("john.doe@example.com") # if user: # print(f"User ID: {user['id']}") # print(f"Username: {user['username']}") # print(f"First name: {user['profile']['first_name']}") # print(f"Last name: {user['profile']['last_name']}") # # Find user by ID # user = p.get_user_by_id("d9143b6d-82bb-4093-9272-6471e222e990") # if user: # print(f"User: {user['username']}") # # Get current user ID # current_user_id = p.user_id # print(f"Current user ID: {current_user_id}") ``` -------------------------------- ### Get Resource Types (Python) Source: https://context7.com/passbolt/lab-passbolt-py/llms.txt Fetches definitions for all available resource types in Passbolt, including their names, slugs, IDs, and descriptions. It also demonstrates how to retrieve specific resource type IDs mapped by slug. ```python from passbolt import PassboltAPI # Assuming 'p' is an initialized PassboltAPI instance and 'config' is loaded # p = PassboltAPI(dict_config=config) # Get all resource types resource_types = p.get_resource_types() for rt in resource_types: print(f"Name: {rt['name']}") print(f"Slug: {rt['slug']}") print(f"ID: {rt['id']}") print(f"Description: {rt['description']}") print("---") # Get resource type IDs mapped by slug type_ids_by_slug = p.get_resource_type_ids(per="slug") print(f"password-string ID: {type_ids_by_slug['password-string']}") print(f"password-and-description ID: {type_ids_by_slug['password-and-description']}") # Access via convenience property password_string_id = p.resource_types["password-string"] password_desc_id = p.resource_types["password-and-description"] ``` -------------------------------- ### Handle TOTP Secrets (Python) Source: https://context7.com/passbolt/lab-passbolt-py/llms.txt This snippet is intended to show how to handle Time-based One-Time Password (TOTP) secrets within Passbolt using the py-passbolt library, including retrieving and generating TOTP codes. The example is incomplete. ```python from passbolt import PassboltAPI import json import pyotp p = PassboltAPI(dict_config=config) ``` -------------------------------- ### Initialize PassboltAPI Client Source: https://context7.com/passbolt/lab-passbolt-py/llms.txt Instantiate a PassboltAPI client, handling authentication via GPG challenge-response, CSRF tokens, and session management. Configuration can be provided via a JSON file or environment variables. ```APIDOC ## Initialize PassboltAPI Client Create and authenticate a Passbolt API client instance using configuration from a JSON file or environment variables. ```python from passbolt import PassboltAPI import json # Using config file with open("config.json") as config_file: dict_config = json.load(config_file) # Initialize client (automatically authenticates) p = PassboltAPI(dict_config=dict_config) # Alternative: Using environment variables # Set these environment variables first: # PASSBOLT_BASE_URL=https://passbolt.example.com # PASSBOLT_PRIVATE_KEY=-----BEGIN PGP PRIVATE KEY BLOCK-----\n...\n-----END PGP PRIVATE KEY BLOCK-----\n # PASSBOLT_PASSPHRASE=your-passphrase p = PassboltAPI() # Config file format (PGPy): config_pgpy = { "base_url": "https://passbolt.domain.tld", "private_key": "-----BEGIN PGP PRIVATE KEY BLOCK-----\\r\\n\\r\\n...-----END PGP PRIVATE KEY BLOCK-----\\r", "passphrase": "a-strong-passphrase" } # Config file format (gnupg): config_gnupg = { "gpg_binary": "gpg", "gpg_library": "gnupg", "fingerprint": "1321159AE7BEE9EF9C4BBC7ECBAD2FB0C22FE70C", "base_url": "https://passbolt.domain.tld" } ``` ### Description Instantiate a PassboltAPI client, handling authentication via GPG challenge-response, CSRF tokens, and session management. Configuration can be provided via a JSON file or environment variables. ### Method `PassboltAPI(dict_config=None)` ### Parameters #### Request Body - **dict_config** (dict) - Optional - Configuration dictionary. If not provided, environment variables are used. ### Request Example ```json { "base_url": "https://passbolt.example.com", "private_key": "-----BEGIN PGP PRIVATE KEY BLOCK-----\n...\n-----END PGP PRIVATE KEY BLOCK-----", "passphrase": "your-passphrase" } ``` ### Response #### Success Response (200) - **PassboltAPI object** - An authenticated PassboltAPI client instance. #### Response Example ``` ``` ``` -------------------------------- ### List All Resources Source: https://context7.com/passbolt/lab-passbolt-py/llms.txt Retrieves a list of all password resources accessible by the authenticated user. ```APIDOC ## GET /resources ### Description Retrieves a list of all password resources accessible by the authenticated user. ### Method GET ### Endpoint `/resources` ### Parameters (No parameters for this endpoint) ### Request Example ```python # Get all resources resources = p.get_resources() # Iterate through resources for resource in resources: print(f"ID: {resource['id']}") print(f"Name: {resource['name']}") print(f"URI: {resource.get('uri', 'N/A')}") print(f"Username: {resource.get('username', 'N/A')}") print(f"Resource type: {resource['resource_type_id']}") print(f"Created: {resource['created']}") print(f"Modified: {resource['modified']}") print("---") # Filter resources by criteria web_resources = [r for r in resources if r.get('uri', '').startswith('https://')] print(f"Found {len(web_resources)} web resources") ``` ### Response #### Success Response (200) - **resources** (array) - A list of resource objects. - **id** (string) - The unique identifier of the resource. - **name** (string) - The name of the resource. - **uri** (string) - The URI associated with the resource (optional). - **username** (string) - The username for the resource (optional). - **resource_type_id** (integer) - The ID of the resource type. - **created** (string) - The creation timestamp. - **modified** (string) - The last modified timestamp. #### Response Example ```json [ { "id": "resource-uuid-1", "name": "Example Website Login", "uri": "https://example.com", "username": "user@example.com", "resource_type_id": 1, "created": "2024-01-01T10:00:00Z", "modified": "2024-01-01T10:00:00Z" } ] ``` ``` -------------------------------- ### Create New Password Resource (Python) Source: https://context7.com/passbolt/lab-passbolt-py/llms.txt Shows how to create a new password resource in Passbolt using the PassboltAPI client. It includes encrypting secret data using the user's public key and specifies the resource type. ```python from passbolt import PassboltAPI import json p = PassboltAPI(dict_config=config) # Create a new password resource new_resource = { "name": "test-python-api", "resource_type_id": p.resource_types["password-and-description"], "secrets": [ { "data": p.encrypt( {"description": "Production database", "password": "securePassword123!"}, p.get_user_public_key(p.user_id), ) } ], } # Create the resource response = p.create_resource(new_resource) # Get the new resource ID resource_id = json.loads(response.text)["body"]["id"] print(f"New resource created with ID: {resource_id}") # Available resource types: # - p.resource_types["password-string"] # - p.resource_types["password-and-description"] ``` -------------------------------- ### Format OpenPGP Key for Linux Source: https://github.com/passbolt/lab-passbolt-py/blob/main/README.md Formats a private OpenPGP key file for use with Passbolt by replacing newline characters with escaped newlines. This is necessary for certain configuration methods. ```bash sed -z 's/\n/\\n/g' private.asc ``` -------------------------------- ### List All Resources (Python) Source: https://context7.com/passbolt/lab-passbolt-py/llms.txt Retrieves a list of all password resources accessible by the authenticated user. It iterates through the resources, printing details like ID, name, URI, and username. Supports filtering resources. ```python from passbolt import PassboltAPI # Assuming 'p' is an initialized PassboltAPI instance and 'config' is loaded # p = PassboltAPI(dict_config=config) # Get all resources resources = p.get_resources() # Iterate through resources for resource in resources: print(f"ID: {resource['id']}") print(f"Name: {resource['name']}") print(f"URI: {resource.get('uri', 'N/A')}") print(f"Username: {resource.get('username', 'N/A')}") print(f"Resource type: {resource['resource_type_id']}") print(f"Created: {resource['created']}") print(f"Modified: {resource['modified']}") print("---") # Filter resources by criteria web_resources = [r for r in resources if r.get('uri', '').startswith('https://')] print(f"Found {len(web_resources)} web resources") ``` -------------------------------- ### Manage Groups: Create and Retrieve Group Information Source: https://context7.com/passbolt/lab-passbolt-py/llms.txt Provides functionality to manage groups within Passbolt. It includes methods to retrieve all existing groups, find a specific group by its name or ID, and create new groups. The creation process returns the ID of the newly created group. ```python from passbolt import PassboltAPI import json # Assuming 'config' is a dictionary with configuration # p = PassboltAPI(dict_config=config) # # Get all groups # all_groups = p.get_groups() # print(f"Total groups: {len(all_groups)}") # # Find group by name # group = p.get_group_by_name("DevOps Team") # if group: # print(f"Group ID: {group['id']}") # print(f"Group name: {group['name']}") # # Find group by ID # group = p.get_group_by_id("group-uuid-here") # if group: # print(f"Group: {group['name']}") # # Create a new group # response = p.create_group("New Development Team") # if response.status_code == 200: # group_data = json.loads(response.text) # new_group_id = group_data["body"]["id"] # print(f"Created group with ID: {new_group_id}") ``` -------------------------------- ### Create a New Resource (Password) Source: https://context7.com/passbolt/lab-passbolt-py/llms.txt Create a new password resource in Passbolt. This involves encrypting the secret data using the user's public key before sending it to the API. ```APIDOC ## Create a New Resource (Password) Create a new password resource in Passbolt with encrypted secret data. ```python from passbolt import PassboltAPI import json p = PassboltAPI(dict_config=config) # Create a new password resource new_resource = { "name": "test-python-api", "resource_type_id": p.resource_types["password-and-description"], "secrets": [ { "data": p.encrypt( {"description": "Production database", "password": "securePassword123!"}, p.get_user_public_key(p.user_id), ) } ], } # Create the resource response = p.create_resource(new_resource) # Get the new resource ID resource_id = json.loads(response.text)[ "body" ]["id"] print(f"New resource created with ID: {resource_id}") # Available resource types: # - p.resource_types["password-string"] # - p.resource_types["password-and-description"] ``` ### Description Creates a new password resource within your Passbolt instance. The secret data (password and optional description) is encrypted using the recipient's public key before being sent. ### Method `POST /resources` ### Endpoint `/resources` ### Parameters #### Request Body - **name** (string) - Required - The name of the resource. - **resource_type_id** (integer) - Required - The ID corresponding to the resource type (e.g., `p.resource_types["password-and-description"]`). - **secrets** (array of objects) - Required - A list containing the encrypted secrets for the resource. - **data** (string) - Required - The encrypted secret data. ### Request Example ```json { "name": "My New Password", "resource_type_id": 1, "secrets": [ { "data": "-----BEGIN AGE ENCRYPTED FILE-----\n...\n-----END AGE ENCRYPTED FILE-----" } ] } ``` ### Response #### Success Response (200) - **id** (integer) - The unique identifier of the newly created resource. - **name** (string) - The name of the created resource. - **resource_type_id** (integer) - The ID of the resource type. - **created** (string) - Timestamp of creation. - **modified** (string) - Timestamp of last modification. #### Response Example ```json { "body": { "id": 123, "name": "My New Password", "resource_type_id": 1, "created": "2023-10-27T10:00:00Z", "modified": "2023-10-27T10:00:00Z" }, "status": "success" } ``` ``` -------------------------------- ### Find Resource with TOTP and Generate Code Source: https://context7.com/passbolt/lab-passbolt-py/llms.txt Finds a specific resource by name, retrieves its encrypted secret, decrypts it, and generates a Time-based One-Time Password (TOTP) code if configured. It handles decryption using either PGPy or gnupg libraries and prints the TOTP code and password. ```python from passbolt import PassboltAPI import json import pyotp # Assuming 'p' is an instance of PassboltAPI and 'config' is a dictionary with configuration # resource = next((item for item in p.get_resources() if item["name"] == "AWS Console"), None) # if resource: # # Get and decrypt secret # encrypted_secret = p.get_resource_secret(resource["id"]) # if config.get("gpg_library", "PGPy") == "gnupg": # decrypted = json.loads(p.decrypt(encrypted_secret).data) # else: # decrypted = json.loads(p.decrypt(encrypted_secret)) # # Check if TOTP is configured # if decrypted.get('totp'): # totp_config = decrypted['totp'] # secret_key = totp_config['secret_key'] # digits = totp_config['digits'] # # Generate current TOTP code # totp = pyotp.TOTP(secret_key, digits=digits) # current_code = totp.now() # print(f"Current TOTP code: {current_code}") # print(f"Password: {decrypted['password']}") ``` -------------------------------- ### Promote User to Group Admin (Python) Source: https://context7.com/passbolt/lab-passbolt-py/llms.txt Promotes an existing user within a group to an administrator role. This involves updating the user's group membership status. Requires group ID, user ID, and a PassboltAPI instance. ```python from passbolt import PassboltAPI # Assuming 'p' is an initialized PassboltAPI instance and 'config' is loaded # p = PassboltAPI(dict_config=config) # Promote user to group admin group_id = "group-uuid-here" user_id = "user-uuid-here" response = p.update_user_to_group_admin(group_id, user_id) if response.status_code == 200: print("User successfully promoted to group admin") else: print(f"Error: {response.status_code}") print(response.text) # Get group user ID (internal ID for group membership) group_user_id = p.get_group_user_id(group_id, user_id) print(f"Group membership ID: {group_user_id}") ``` -------------------------------- ### Retrieve and Decrypt Secrets Source: https://context7.com/passbolt/lab-passbolt-py/llms.txt Fetch resources by their UUID or search by name. Once a resource is found, retrieve and decrypt its secret data. ```APIDOC ## Retrieve and Decrypt Secrets Search for resources and decrypt their secret data. ```python from passbolt import PassboltAPI import json p = PassboltAPI(dict_config=config) # Method 1: Get resource by UUID resource = p.get_resource_per_uuid("3c71cf73-52e1-4f55-ba0e-9888f633510c") print(f"Resource name: {resource['name']}") # Method 2: Search by name all_resources = p.get_resources() resource = next((item for item in all_resources if item["name"] == "Production DB"), None) if resource: # Get and decrypt the secret encrypted_secret = p.get_resource_secret(resource["id"]) # Decrypt based on library used if config.get("gpg_library", "PGPy") == "gnupg": decrypted = json.loads(p.decrypt(encrypted_secret).data) else: decrypted = json.loads(p.decrypt(encrypted_secret)) # Access secret fields password = decrypted["password"] description = decrypted.get("description", "") print(f"Password: {password}") print(f"Description: {description}") else: print("Resource not found") ``` ### Description Fetches resources by their unique identifier (UUID) or searches through all resources by name. It then retrieves the encrypted secret associated with the resource and decrypts it using the appropriate GPG key. ### Method `GET /resources/{uuid}` `GET /resources` `GET /resources/by-uuid/{uuid}` `GET /resources/secret/{resource_id}` ### Endpoint - `/resources/{uuid}`: Retrieves a specific resource by its UUID. - `/resources`: Retrieves a list of all resources. - `/resources/by-uuid/{uuid}`: An alternative endpoint to retrieve a resource by its UUID. - `/resources/secret/{resource_id}`: Retrieves the encrypted secret for a given resource ID. ### Parameters #### Path Parameters - **uuid** (string) - Required - The UUID of the resource to retrieve. - **resource_id** (integer) - Required - The ID of the resource whose secret is to be retrieved. #### Query Parameters - **name** (string) - Optional - Used with `GET /resources` to filter resources by name. ### Response #### Success Response (200) - **Resource object** - Contains details of the resource, including its name, type, and metadata. - **Secret data** - The decrypted content of the secret, typically a JSON object containing fields like 'password', 'description', 'username', etc. #### Response Example ```json { "body": { "id": 42, "name": "Database Credentials", "resource_type_id": 1, "created": "2023-10-27T10:30:00Z", "modified": "2023-10-27T10:30:00Z", "uuid": "a1b2c3d4-e5f6-7890-1234-567890abcdef", "description": "Credentials for the production database." }, "status": "success" } // Decrypted Secret Example (after calling p.decrypt): { "password": "Pa$$wOrd123", "description": "Admin access for database.", "username": "db_admin" } ``` ``` -------------------------------- ### Update User to Group Admin Source: https://context7.com/passbolt/lab-passbolt-py/llms.txt Promotes an existing group member to admin status within a group. This method abstracts the underlying API calls for clarity. ```APIDOC ## PUT /groups/{group_id}/users/{user_id}/admin ### Description Promotes an existing group member to admin status within a group. This method abstracts the underlying API calls for clarity. ### Method PUT ### Endpoint `/groups/{group_id}/users/{user_id}/admin` ### Parameters #### Path Parameters - **group_id** (string) - Required - The unique identifier of the group. - **user_id** (string) - Required - The unique identifier of the user to promote. ### Request Body (No explicit request body, parameters are passed as arguments to the SDK method) ### Request Example ```python # Promote user to group admin group_id = "group-uuid-here" user_id = "user-uuid-here" response = p.update_user_to_group_admin(group_id, user_id) if response.status_code == 200: print("User successfully promoted to group admin") else: print(f"Error: {response.status_code}") print(response.text) # Get group user ID (internal ID for group membership) group_user_id = p.get_group_user_id(group_id, user_id) print(f"Group membership ID: {group_user_id}") ``` ### Response #### Success Response (200) - **status_code** (integer) - Indicates successful operation. - **body** (object) - Contains details of the operation. #### Response Example ```json { "status_code": 200, "body": { "message": "User successfully promoted to group admin." } } ``` ``` -------------------------------- ### Encrypt Messages Using Public Key Source: https://context7.com/passbolt/lab-passbolt-py/llms.txt Encrypts data, either as a dictionary or a string, for a specific recipient using their public GPG key. The encrypted data can then be used when creating or updating resources in Passbolt. It requires fetching the recipient's public key first. ```python from passbolt import PassboltAPI # Assuming 'config' is a dictionary with configuration # p = PassboltAPI(dict_config=config) # # Get recipient's public key # recipient_user_id = "d9143b6d-82bb-4093-9272-6471e222e990" # recipient_public_key = p.get_user_public_key(recipient_user_id) # # Encrypt a dictionary # secret_data = { # "password": "mySecurePassword123!", # "description": "Staging environment credentials" # } # encrypted_message = p.encrypt(secret_data, recipient_public_key) # # Encrypt a string # plain_text = "Simple text message" # encrypted_text = p.encrypt(plain_text, recipient_public_key) # # Use encrypted data in resource creation # new_resource = { # "name": "Staging Credentials", # "resource_type_id": p.resource_types["password-and-description"], # "secrets": [{"data": encrypted_message}] # } ``` -------------------------------- ### Handle TOTP Secrets Source: https://context7.com/passbolt/lab-passbolt-py/llms.txt Retrieve Time-based One-Time Password (TOTP) secrets from password resources and generate current TOTP codes. ```APIDOC ## Handle TOTP Secrets Retrieve and generate TOTP codes from password resources. ```python from passbolt import PassboltAPI import json import pyotp p = PassboltAPI(dict_config=config) ``` ### Description This section covers the functionality related to Time-based One-Time Passwords (TOTP). It allows you to retrieve TOTP secrets stored within Passbolt resources and subsequently generate current TOTP codes using libraries like `pyotp`. ### Method `GET /resources/{uuid}` (to retrieve the resource containing the TOTP secret) ### Endpoint - `/resources/{uuid}`: Used to fetch the resource that contains the TOTP secret. ### Parameters #### Path Parameters - **uuid** (string) - Required - The UUID of the resource containing the TOTP secret. ### Request Example (This endpoint is a GET request to retrieve the resource, no specific request body is needed beyond the path parameter.) ### Response #### Success Response (200) - **Resource object** - Contains details of the resource, including the encrypted TOTP secret. - **TOTP Secret** - The decrypted TOTP secret key (typically a base32 encoded string). #### Response Example ```json { "body": { "id": 78, "name": "Two-Factor Authentication App", "resource_type_id": 1, "created": "2023-10-27T11:00:00Z", "modified": "2023-10-27T11:00:00Z", "uuid": "f0e1d2c3-b4a5-6789-0123-456789abcdef", "description": "TOTP secret for critical service." }, "status": "success" } ``` // After decrypting the secret, you might get a JSON like this: // { // "totp_secret": "JBSWY3DPEHPK3PXP" // } // Example of generating a TOTP code using pyotp: // ```python // import pyotp // // totp_secret = "JBSWY3DPEHPK3PXP" # Replace with your decrypted TOTP secret // totp = pyotp.TOTP(totp_secret) // current_code = totp.now() // print(f"Current TOTP Code: {current_code}") // ``` ``` -------------------------------- ### Add User to Group (as regular member) Source: https://context7.com/passbolt/lab-passbolt-py/llms.txt Adds a user to a specified group as a regular member. This action triggers a re-encryption of all group secrets for the new user. ```APIDOC ## POST /groups/{group_id}/users ### Description Adds a user to a specified group as a regular member. This action triggers a re-encryption of all group secrets for the new user. ### Method POST ### Endpoint `/groups/{group_id}/users` ### Parameters #### Path Parameters - **group_id** (string) - Required - The unique identifier of the group. - **user_id** (string) - Required - The unique identifier of the user to add. #### Query Parameters - **admin** (boolean) - Optional - If true, the user is added as an admin; otherwise, as a regular member. Defaults to false. ### Request Body (No explicit request body, parameters are passed as arguments to the SDK method) ### Request Example ```python # Add user to group (as regular member) group_id = "group-uuid-here" user_id = "user-uuid-here" response = p.put_user_on_group(group_id, user_id, admin=False) if response.status_code == 200: print("User successfully added to group") print("All group secrets have been re-encrypted for the new user") else: print(f"Error: {response.status_code}") print(response.text) ``` ### Response #### Success Response (200) - **status_code** (integer) - Indicates successful operation. - **body** (object) - Contains details of the operation. #### Response Example ```json { "status_code": 200, "body": { "message": "User added to group successfully." } } ``` ``` -------------------------------- ### Retrieve and Decrypt Secrets (Python) Source: https://context7.com/passbolt/lab-passbolt-py/llms.txt Provides methods to retrieve password resources by UUID or search by name, and then decrypt their secret data. It handles different decryption methods based on the GPG library configuration. ```python from passbolt import PassboltAPI import json p = PassboltAPI(dict_config=config) # Method 1: Get resource by UUID resource = p.get_resource_per_uuid("3c71cf73-52e1-4f55-ba0e-9888f633510c") print(f"Resource name: {resource['name']}") # Method 2: Search by name all_resources = p.get_resources() resource = next((item for item in all_resources if item["name"] == "Production DB"), None) if resource: # Get and decrypt the secret encrypted_secret = p.get_resource_secret(resource["id"]) # Decrypt based on library used if config.get("gpg_library", "PGPy") == "gnupg": decrypted = json.loads(p.decrypt(encrypted_secret).data) else: decrypted = json.loads(p.decrypt(encrypted_secret)) # Access secret fields password = decrypted["password"] description = decrypted.get("description", "") print(f"Password: {password}") print(f"Description: {description}") else: print("Resource not found") ``` -------------------------------- ### Retrieve User Public GPG Key Source: https://context7.com/passbolt/lab-passbolt-py/llms.txt Fetches a user's public GPG key using their ID. The function returns details about the key, including its ID, fingerprint, type, bit size, user ID, creation date, and the armored key string, which is necessary for encryption. ```python from passbolt import PassboltAPI # Assuming 'config' is a dictionary with configuration # p = PassboltAPI(dict_config=config) # # Get public key for a user # user_id = "d9143b6d-82bb-4093-9272-6471e222e990" # public_key = p.get_user_public_key(user_id) # # Public key structure: # print(f"Key ID: {public_key['key_id']}") # print(f"Fingerprint: {public_key['fingerprint']}") # print(f"Type: {public_key['type']}") # print(f"Bits: {public_key['bits']}") # print(f"UID: {public_key['uid']}") # print(f"Created: {public_key['created']}") # # The armored key for encryption # armored_key = public_key['armored_key'] ``` -------------------------------- ### Add User to Group (Python) Source: https://context7.com/passbolt/lab-passbolt-py/llms.txt Adds a specified user to a specified group as a regular member. The method handles secret re-encryption automatically. Requires group ID, user ID, and a PassboltAPI instance. ```python from passbolt import PassboltAPI # Assuming 'p' is an initialized PassboltAPI instance and 'config' is loaded # p = PassboltAPI(dict_config=config) group_id = "group-uuid-here" user_id = "user-uuid-here" response = p.put_user_on_group(group_id, user_id, admin=False) if response.status_code == 200: print("User successfully added to group") print("All group secrets have been re-encrypted for the new user") else: print(f"Error: {response.status_code}") print(response.text) ``` -------------------------------- ### Add User to Group with Secret Re-encryption Source: https://context7.com/passbolt/lab-passbolt-py/llms.txt Enables adding a user to an existing group in Passbolt. This operation automatically handles the re-encryption of secrets associated with the group to include the newly added user, ensuring secure access. ```python from passbolt import PassboltAPI # Assuming 'config' is a dictionary with configuration # p = PassboltAPI(dict_config=config) # # Example: Add user 'user-uuid-here' to group 'group-uuid-here' # user_id_to_add = "user-uuid-here" # group_id = "group-uuid-here" # p.add_user_to_group(user_id_to_add, group_id) ``` -------------------------------- ### Decrypt Messages Using Private Key Source: https://context7.com/passbolt/lab-passbolt-py/llms.txt Decrypts encrypted messages or secrets retrieved from Passbolt. The decryption process is handled based on the configured GPG library (gnupg or PGPy). The decrypted data, typically a JSON string, is then parsed into a Python dictionary. ```python from passbolt import PassboltAPI import json # Assuming 'config' is a dictionary with configuration # p = PassboltAPI(dict_config=config) # # Get encrypted secret # encrypted_secret = p.get_resource_secret("resource-uuid-here") # # Decrypt based on GPG library # if config.get("gpg_library", "PGPy") == "gnupg": # decrypted_data = p.decrypt(encrypted_secret) # # For gnupg, access .data property # secret_dict = json.loads(decrypted_data.data) # else: # # For PGPy, decrypt returns the message directly # decrypted_message = p.decrypt(encrypted_secret) # # If it's bytes, decode it # if isinstance(decrypted_message, bytes): # decrypted_message = decrypted_message.decode() # secret_dict = json.loads(decrypted_message) # print(f"Password: {secret_dict['password']}") # print(f"Description: {secret_dict.get('description', '')}") ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.