nextcloud-secrets icon indicating copy to clipboard operation
nextcloud-secrets copied to clipboard
verified publisher icon theCalcaholic

Any way to get an API to use it to send password to users

Open bdrayersyno opened this issue 3 years ago • 9 comments

Hi,

It will be great if there is a way to use the service using an API to send a password to a user.

Best regards

bdrayersyno avatar Mar 13 '23 14:03 bdrayersyno

Thanks, that should be a low hanging fruit (it's basically implemented, but disabled currently). I'll look into it!

theCalcaholic avatar Mar 26 '23 14:03 theCalcaholic

Cool, it's a good news :-) Thanks for your work.

bdrayersyno avatar Mar 27 '23 06:03 bdrayersyno

Yes, I would like that very much too. Let me phrase my use case a bit more precisely: "I want to send a secret string to the API, (which creates a secret in its database), and sends me back a URL that I can give to somebody who can then retrieve the original secret string".

oseiberts11 avatar Apr 11 '23 12:04 oseiberts11

@oseiberts11 That use case will most likely be out of scope for the API alone, because secrets are shared e2e encrypted, i. e. the client handles the encryption, not the server.

The second reason why I didn't expose the API yet (aside from missing brute force protection) is, that it will require a special cli to be of any use.

theCalcaholic avatar Apr 11 '23 17:04 theCalcaholic

The idea was to send the password using the API and get the link to the password, nothing more. In a first place it can be without password protection and with the standard expirity date.

bdrayersyno avatar Oct 19 '23 14:10 bdrayersyno

@bdrayersyno That's not possible with Secrets, because passwords are never transmitted to the server in plain text (therefore the API would only accept already encrypted secrets and part of the link needs to be generated by the client).

That's an important aspect of the design of Secrets

theCalcaholic avatar Oct 21 '23 15:10 theCalcaholic

what about adding secrets functionality to occ? Something similar to 'occ user:resetpassword', something which reads from stdin or environment, encrypts it like client does, and generates/stores url.

pdarko2 avatar Feb 27 '24 09:02 pdarko2

@pdarko2 I'm working on a cli tool for NC secrets right now. In order to reuse the cryptographic implementation of the nextcloud app, it is written in Javascript, though, so won't likely be added to occ (it's not impossible though, I'll think about it).

theCalcaholic avatar Mar 06 '24 10:03 theCalcaholic

Any kind of cli would be great addition, thanks :)

pdarko2 avatar Mar 06 '24 10:03 pdarko2

There is now a nightly release (v2.0.0-rc2) that supports a command line client, which you can find on the release page, including documentation on how to use it.

Please consider giving feedback :)

theCalcaholic avatar Jun 11 '24 23:06 theCalcaholic

The cli is now released with 2.0.0

theCalcaholic avatar Jul 09 '24 20:07 theCalcaholic