├── main.go ├── util ├── context.go ├── cel.go ├── http.go └── client.go ├── folder ├── json.go ├── delete.go ├── update.go ├── move.go ├── get.go ├── filter.go ├── share.go ├── create.go └── list.go ├── cmd ├── export.go ├── move.go ├── share.go ├── update.go ├── get.go ├── create.go ├── delete.go ├── configure.go ├── doc.go ├── list.go ├── completion.go ├── verify.go ├── exec.go └── root.go ├── staticcheck.conf ├── .gitignore ├── user ├── json.go ├── delete.go ├── update.go ├── filter.go ├── get.go ├── create.go └── list.go ├── .github ├── workflows │ ├── .docs.yml │ └── .release.yml └── ISSUE_TEMPLATE │ └── bug_report.md ├── version.go ├── group ├── json.go ├── delete.go ├── filter.go ├── update.go ├── create.go ├── get.go └── list.go ├── resource ├── delete.go ├── json.go ├── move.go ├── share.go ├── filter.go ├── update.go ├── expiry.go ├── create.go ├── list.go └── get.go ├── LICENSE ├── .goreleaser.yml ├── go.mod ├── README.md ├── keepass └── export.go └── go.sum /main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "github.com/passbolt/go-passbolt-cli/cmd" 5 | ) 6 | 7 | func main() { 8 | cmd.SetVersionInfo(version, commit, date, dirty) 9 | cmd.Execute() 10 | } 11 | -------------------------------------------------------------------------------- /util/context.go: -------------------------------------------------------------------------------- 1 | package util 2 | 3 | import ( 4 | "context" 5 | 6 | "github.com/spf13/viper" 7 | ) 8 | 9 | func GetContext() context.Context { 10 | ctx, cancel := context.WithTimeout(context.Background(), viper.GetViper().GetDuration("timeout")) 11 | _ = cancel 12 | return ctx 13 | } 14 | -------------------------------------------------------------------------------- /folder/json.go: -------------------------------------------------------------------------------- 1 | package folder 2 | 3 | import "time" 4 | 5 | type FolderJsonOutput struct { 6 | ID *string `json:"id,omitempty"` 7 | FolderParentID *string `json:"folder_parent_id,omitempty"` 8 | Name *string `json:"name,omitempty"` 9 | CreatedTimestamp *time.Time `json:"created_timestamp,omitempty"` 10 | ModifiedTimestamp *time.Time `json:"modified_timestamp,omitempty"` 11 | } 12 | -------------------------------------------------------------------------------- /cmd/export.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | import ( 4 | "github.com/passbolt/go-passbolt-cli/keepass" 5 | "github.com/spf13/cobra" 6 | ) 7 | 8 | // exportCmd represents the export command 9 | var exportCmd = &cobra.Command{ 10 | Use: "export", 11 | Short: "Exports Passbolt Data", 12 | Long: `Exports Passbolt Data`, 13 | } 14 | 15 | func init() { 16 | rootCmd.AddCommand(exportCmd) 17 | exportCmd.AddCommand(keepass.KeepassExportCmd) 18 | } 19 | -------------------------------------------------------------------------------- /staticcheck.conf: -------------------------------------------------------------------------------- 1 | checks = ["all", "-ST1005", "-ST1000", "-ST1003", "-ST1016"] 2 | initialisms = ["ACL", "API", "ASCII", "CPU", "CSS", "DNS", 3 | "EOF", "GUID", "HTML", "HTTP", "HTTPS", "ID", 4 | "IP", "JSON", "QPS", "RAM", "RPC", "SLA", 5 | "SMTP", "SQL", "SSH", "TCP", "TLS", "TTL", 6 | "UDP", "UI", "GID", "UID", "UUID", "URI", 7 | "URL", "UTF8", "VM", "XML", "XMPP", "XSRF", 8 | "XSS"] 9 | dot_import_whitelist = [] 10 | http_status_code_whitelist = ["200", "400", "404", "500"] -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Ignore all 2 | * 3 | # Unignore all with extensions 4 | !*.* 5 | # Unignore all dirs 6 | !*/ 7 | 8 | man/ 9 | completion/ 10 | 11 | # Binaries for programs and plugins 12 | *.exe 13 | *.exe~ 14 | *.dll 15 | *.so 16 | *.dylib 17 | 18 | # Test binary, built with `go test -c` 19 | *.test 20 | 21 | # Output of the go coverage tool, specifically when used with LiteIDE 22 | *.out 23 | 24 | # Dependency directories (remove the comment below to include it) 25 | # vendor/ 26 | -------------------------------------------------------------------------------- /cmd/move.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | import ( 4 | "github.com/passbolt/go-passbolt-cli/folder" 5 | "github.com/passbolt/go-passbolt-cli/resource" 6 | "github.com/spf13/cobra" 7 | ) 8 | 9 | // moveCmd represents the move command 10 | var moveCmd = &cobra.Command{ 11 | Use: "move", 12 | Short: "Moves a Passbolt Entity", 13 | Long: `Moves a Passbolt Entity`, 14 | } 15 | 16 | func init() { 17 | rootCmd.AddCommand(moveCmd) 18 | moveCmd.AddCommand(resource.ResourceMoveCmd) 19 | moveCmd.AddCommand(folder.FolderMoveCmd) 20 | } 21 | -------------------------------------------------------------------------------- /user/json.go: -------------------------------------------------------------------------------- 1 | package user 2 | 3 | import "time" 4 | 5 | type UserJsonOutput struct { 6 | ID *string `json:"id,omitempty"` 7 | Username *string `json:"username,omitempty"` 8 | FirstName *string `json:"first_name,omitempty"` 9 | LastName *string `json:"last_name,omitempty"` 10 | Role *string `json:"role,omitempty"` 11 | CreatedTimestamp *time.Time `json:"created_timestamp,omitempty"` 12 | ModifiedTimestamp *time.Time `json:"modified_timestamp,omitempty"` 13 | } 14 | -------------------------------------------------------------------------------- /cmd/share.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | import ( 4 | "github.com/passbolt/go-passbolt-cli/folder" 5 | "github.com/passbolt/go-passbolt-cli/resource" 6 | "github.com/spf13/cobra" 7 | ) 8 | 9 | // shareCmd represents the share command 10 | var shareCmd = &cobra.Command{ 11 | Use: "share", 12 | Short: "Shares a Passbolt Entity", 13 | Long: `Shares a Passbolt Entity`, 14 | } 15 | 16 | func init() { 17 | rootCmd.AddCommand(shareCmd) 18 | shareCmd.AddCommand(resource.ResourceShareCmd) 19 | shareCmd.AddCommand(folder.FolderShareCmd) 20 | } 21 | -------------------------------------------------------------------------------- /util/cel.go: -------------------------------------------------------------------------------- 1 | package util 2 | 3 | import "github.com/google/cel-go/cel" 4 | 5 | // InitCELProgram - Initialize a CEL program with given CEL command and a set of environments 6 | func InitCELProgram(celCmd string, options ...cel.EnvOption) (*cel.Program, error) { 7 | env, err := cel.NewEnv(options...) 8 | if err != nil { 9 | return nil, err 10 | } 11 | 12 | ast, issue := env.Compile(celCmd) 13 | if issue.Err() != nil { 14 | return nil, issue.Err() 15 | } 16 | 17 | program, err := env.Program(ast) 18 | if err != nil { 19 | return nil, err 20 | } 21 | 22 | return &program, nil 23 | } 24 | -------------------------------------------------------------------------------- /.github/workflows/.docs.yml: -------------------------------------------------------------------------------- 1 | name: Go 2 | 3 | on: 4 | push: 5 | branches: [ main ] 6 | 7 | jobs: 8 | 9 | build: 10 | runs-on: ubuntu-latest 11 | steps: 12 | - uses: actions/checkout@v2 13 | 14 | - name: Set up Go 15 | uses: actions/setup-go@v2 16 | with: 17 | go-version: 1.21 18 | 19 | - name: Build 20 | run: go build -o passbolt 21 | 22 | - name: Update Wiki 23 | run: | 24 | mkdir doc 25 | ls 26 | ./passbolt gendoc 27 | 28 | - name: Upload Documentation to Wiki 29 | uses: SwiftDocOrg/github-wiki-publish-action@v1 30 | with: 31 | path: "doc" 32 | env: 33 | GH_PERSONAL_ACCESS_TOKEN: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} 34 | -------------------------------------------------------------------------------- /cmd/update.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | import ( 4 | "github.com/passbolt/go-passbolt-cli/folder" 5 | "github.com/passbolt/go-passbolt-cli/group" 6 | "github.com/passbolt/go-passbolt-cli/resource" 7 | "github.com/passbolt/go-passbolt-cli/user" 8 | "github.com/spf13/cobra" 9 | ) 10 | 11 | // updateCmd represents the update command 12 | var updateCmd = &cobra.Command{ 13 | Use: "update", 14 | Short: "Updates a Passbolt Entity", 15 | Long: `Updates a Passbolt Entity`, 16 | Aliases: []string{"change"}, 17 | } 18 | 19 | func init() { 20 | rootCmd.AddCommand(updateCmd) 21 | updateCmd.AddCommand(resource.ResourceUpdateCmd) 22 | updateCmd.AddCommand(folder.FolderUpdateCmd) 23 | updateCmd.AddCommand(group.GroupUpdateCmd) 24 | updateCmd.AddCommand(user.UserUpdateCmd) 25 | } 26 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: '' 5 | labels: bug 6 | assignees: speatzle 7 | 8 | --- 9 | 10 | **Describe the bug:** 11 | A clear and concise description of what the bug is. 12 | 13 | **To Reproduce:** 14 | A clear and concise description of how to reproduce the bug. 15 | 16 | **Output when using --debug (you should censor this):** 17 | 18 | **Passbolt Server Version (please complete the following information):** 19 | - Edition: [e.g. Cloud / PRO / Community] 20 | - Version [e.g. 3.5.0] 21 | 22 | **go-passbolt-cli Version (please complete the following information):** 23 | - OS: [e.g. linux] 24 | - Version [e.g. v0.1.7] 25 | 26 | **Additional context** 27 | Add any other context about the problem here. 28 | -------------------------------------------------------------------------------- /cmd/get.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | import ( 4 | "github.com/passbolt/go-passbolt-cli/folder" 5 | "github.com/passbolt/go-passbolt-cli/group" 6 | "github.com/passbolt/go-passbolt-cli/resource" 7 | "github.com/passbolt/go-passbolt-cli/user" 8 | "github.com/spf13/cobra" 9 | ) 10 | 11 | // getCmd represents the get command 12 | var getCmd = &cobra.Command{ 13 | Use: "get", 14 | Short: "Gets a Passbolt Entity", 15 | Long: `Gets a Passbolt Entity`, 16 | Aliases: []string{"read"}, 17 | } 18 | 19 | func init() { 20 | rootCmd.AddCommand(getCmd) 21 | getCmd.PersistentFlags().BoolP("json", "j", false, "Output JSON") 22 | getCmd.AddCommand(resource.ResourceGetCmd) 23 | getCmd.AddCommand(folder.FolderGetCmd) 24 | getCmd.AddCommand(group.GroupGetCmd) 25 | getCmd.AddCommand(user.UserGetCmd) 26 | 27 | } 28 | -------------------------------------------------------------------------------- /version.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "runtime/debug" 5 | "time" 6 | ) 7 | 8 | var ( 9 | version = "unknown" 10 | commit = "unknown" 11 | date = "unknown" 12 | dirty = false 13 | ) 14 | 15 | func init() { 16 | // if not set by goreleaser, use buildinfo instead 17 | if version == "unknown" { 18 | info, ok := debug.ReadBuildInfo() 19 | if !ok { 20 | return 21 | } 22 | if info.Main.Version != "" { 23 | version = info.Main.Version 24 | } 25 | 26 | for _, kv := range info.Settings { 27 | if kv.Value == "" { 28 | continue 29 | } 30 | switch kv.Key { 31 | case "vcs.revision": 32 | commit = kv.Value 33 | case "vcs.time": 34 | d, _ := time.Parse(time.RFC3339, kv.Value) 35 | date = d.String() 36 | case "vcs.modified": 37 | dirty = kv.Value == "true" 38 | } 39 | } 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /cmd/create.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | import ( 4 | "github.com/passbolt/go-passbolt-cli/folder" 5 | "github.com/passbolt/go-passbolt-cli/group" 6 | "github.com/passbolt/go-passbolt-cli/resource" 7 | "github.com/passbolt/go-passbolt-cli/user" 8 | "github.com/spf13/cobra" 9 | ) 10 | 11 | // createCmd represents the create command 12 | var createCmd = &cobra.Command{ 13 | Use: "create", 14 | Short: "Creates a Passbolt Entity", 15 | Long: `Creates a Passbolt Entity`, 16 | Aliases: []string{"new"}, 17 | } 18 | 19 | func init() { 20 | rootCmd.AddCommand(createCmd) 21 | createCmd.PersistentFlags().BoolP("json", "j", false, "Output JSON") 22 | createCmd.AddCommand(resource.ResourceCreateCmd) 23 | createCmd.AddCommand(folder.FolderCreateCmd) 24 | createCmd.AddCommand(group.GroupCreateCmd) 25 | createCmd.AddCommand(user.UserCreateCmd) 26 | } 27 | -------------------------------------------------------------------------------- /group/json.go: -------------------------------------------------------------------------------- 1 | package group 2 | 3 | import "time" 4 | 5 | type GroupJsonOutput struct { 6 | ID *string `json:"id,omitempty"` 7 | Name *string `json:"name,omitempty"` 8 | Users []GroupUserMembershipJsonOutput `json:"users,omitempty"` 9 | CreatedTimestamp *time.Time `json:"created_timestamp,omitempty"` 10 | ModifiedTimestamp *time.Time `json:"modified_timestamp,omitempty"` 11 | } 12 | 13 | type GroupUserMembershipJsonOutput struct { 14 | ID *string `json:"id,omitempty"` 15 | Username *string `json:"username,omitempty"` 16 | FirstName *string `json:"first_name,omitempty"` 17 | LastName *string `json:"last_name,omitempty"` 18 | IsGroupManager *bool `json:"is_group_manager,omitempty"` 19 | } 20 | -------------------------------------------------------------------------------- /cmd/delete.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | import ( 4 | "github.com/passbolt/go-passbolt-cli/folder" 5 | "github.com/passbolt/go-passbolt-cli/group" 6 | "github.com/passbolt/go-passbolt-cli/resource" 7 | "github.com/passbolt/go-passbolt-cli/user" 8 | "github.com/spf13/cobra" 9 | ) 10 | 11 | // deleteCmd represents the delete command 12 | var deleteCmd = &cobra.Command{ 13 | Use: "delete", 14 | Short: "Deletes a Passbolt Entity", 15 | Long: `Deletes a Passbolt Entity`, 16 | Aliases: []string{"remove"}, 17 | } 18 | 19 | func init() { 20 | rootCmd.AddCommand(deleteCmd) 21 | deleteCmd.AddCommand(resource.ResourceDeleteCmd) 22 | deleteCmd.AddCommand(folder.FolderDeleteCmd) 23 | deleteCmd.AddCommand(group.GroupDeleteCmd) 24 | deleteCmd.AddCommand(user.UserDeleteCmd) 25 | 26 | deleteCmd.PersistentFlags().String("id", "", "ID of the Entity to Delete") 27 | } 28 | -------------------------------------------------------------------------------- /group/delete.go: -------------------------------------------------------------------------------- 1 | package group 2 | 3 | import ( 4 | "context" 5 | "fmt" 6 | 7 | "github.com/passbolt/go-passbolt-cli/util" 8 | "github.com/spf13/cobra" 9 | ) 10 | 11 | // GroupDeleteCmd Deletes a Group 12 | var GroupDeleteCmd = &cobra.Command{ 13 | Use: "group", 14 | Short: "Deletes a Passbolt Group", 15 | Long: `Deletes a Passbolt Group`, 16 | RunE: GroupDelete, 17 | } 18 | 19 | func GroupDelete(cmd *cobra.Command, args []string) error { 20 | resourceID, err := cmd.Flags().GetString("id") 21 | if err != nil { 22 | return err 23 | } 24 | 25 | if resourceID == "" { 26 | return fmt.Errorf("No ID to Delete Provided") 27 | } 28 | 29 | ctx := util.GetContext() 30 | 31 | client, err := util.GetClient(ctx) 32 | if err != nil { 33 | return err 34 | } 35 | defer client.Logout(context.TODO()) 36 | cmd.SilenceUsage = true 37 | 38 | client.DeleteGroup(ctx, resourceID) 39 | if err != nil { 40 | return fmt.Errorf("Deleting Group: %w", err) 41 | } 42 | return nil 43 | } 44 | -------------------------------------------------------------------------------- /folder/delete.go: -------------------------------------------------------------------------------- 1 | package folder 2 | 3 | import ( 4 | "context" 5 | "fmt" 6 | 7 | "github.com/passbolt/go-passbolt-cli/util" 8 | "github.com/spf13/cobra" 9 | ) 10 | 11 | // FolderDeleteCmd Deletes a Folder 12 | var FolderDeleteCmd = &cobra.Command{ 13 | Use: "folder", 14 | Short: "Deletes a Passbolt Folder", 15 | Long: `Deletes a Passbolt Folder`, 16 | RunE: FolderDelete, 17 | } 18 | 19 | func FolderDelete(cmd *cobra.Command, args []string) error { 20 | folderID, err := cmd.Flags().GetString("id") 21 | if err != nil { 22 | return err 23 | } 24 | 25 | if folderID == "" { 26 | return fmt.Errorf("No ID to Delete Provided") 27 | } 28 | 29 | ctx := util.GetContext() 30 | 31 | client, err := util.GetClient(ctx) 32 | if err != nil { 33 | return err 34 | } 35 | defer client.Logout(context.TODO()) 36 | cmd.SilenceUsage = true 37 | 38 | client.DeleteFolder(ctx, folderID) 39 | if err != nil { 40 | return fmt.Errorf("Deleting Folder: %w", err) 41 | } 42 | return nil 43 | } 44 | -------------------------------------------------------------------------------- /resource/delete.go: -------------------------------------------------------------------------------- 1 | package resource 2 | 3 | import ( 4 | "context" 5 | "fmt" 6 | 7 | "github.com/passbolt/go-passbolt-cli/util" 8 | "github.com/spf13/cobra" 9 | ) 10 | 11 | // ResourceDeleteCmd Deletes a Resource 12 | var ResourceDeleteCmd = &cobra.Command{ 13 | Use: "resource", 14 | Short: "Deletes a Passbolt Resource", 15 | Long: `Deletes a Passbolt Resource`, 16 | RunE: ResourceDelete, 17 | } 18 | 19 | func ResourceDelete(cmd *cobra.Command, args []string) error { 20 | resourceID, err := cmd.Flags().GetString("id") 21 | if err != nil { 22 | return err 23 | } 24 | 25 | if resourceID == "" { 26 | return fmt.Errorf("No ID to Delete Provided") 27 | } 28 | 29 | ctx := util.GetContext() 30 | 31 | client, err := util.GetClient(ctx) 32 | if err != nil { 33 | return err 34 | } 35 | defer client.Logout(context.TODO()) 36 | cmd.SilenceUsage = true 37 | 38 | err = client.DeleteResource(ctx, resourceID) 39 | if err != nil { 40 | return fmt.Errorf("Deleting Resource: %w", err) 41 | } 42 | return nil 43 | } 44 | -------------------------------------------------------------------------------- /user/delete.go: -------------------------------------------------------------------------------- 1 | package user 2 | 3 | import ( 4 | "context" 5 | "fmt" 6 | 7 | "github.com/passbolt/go-passbolt-cli/util" 8 | "github.com/passbolt/go-passbolt/helper" 9 | "github.com/spf13/cobra" 10 | ) 11 | 12 | // UserDeleteCmd Deletes a User 13 | var UserDeleteCmd = &cobra.Command{ 14 | Use: "user", 15 | Short: "Deletes a Passbolt User", 16 | Long: `Deletes a Passbolt User`, 17 | RunE: UserDelete, 18 | } 19 | 20 | func UserDelete(cmd *cobra.Command, args []string) error { 21 | resourceID, err := cmd.Flags().GetString("id") 22 | if err != nil { 23 | return err 24 | } 25 | 26 | if resourceID == "" { 27 | return fmt.Errorf("No ID to Delete Provided") 28 | } 29 | 30 | ctx := util.GetContext() 31 | 32 | client, err := util.GetClient(ctx) 33 | if err != nil { 34 | return err 35 | } 36 | defer client.Logout(context.TODO()) 37 | cmd.SilenceUsage = true 38 | 39 | helper.DeleteUser(ctx, client, resourceID) 40 | if err != nil { 41 | return fmt.Errorf("Deleting User: %w", err) 42 | } 43 | return nil 44 | } 45 | -------------------------------------------------------------------------------- /cmd/configure.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | import ( 4 | "fmt" 5 | 6 | "github.com/spf13/cobra" 7 | "github.com/spf13/viper" 8 | ) 9 | 10 | // configureCmd represents the configure command 11 | var configureCmd = &cobra.Command{ 12 | Use: "configure", 13 | Short: "Configure saves the provided global flags to the Config File", 14 | Long: `Configure saves the provided global flags to the Config File. 15 | this makes using the cli easier as they don't have to be specified all the time.`, 16 | RunE: func(cmd *cobra.Command, args []string) error { 17 | 18 | if viper.ConfigFileUsed() == "" { 19 | err := viper.SafeWriteConfig() 20 | if err != nil { 21 | return fmt.Errorf("Writing Config: %w", err) 22 | } 23 | } else { 24 | err := viper.WriteConfig() 25 | if err != nil { 26 | return fmt.Errorf("Writing Config: %w", err) 27 | } 28 | } 29 | if viper.GetBool("debug") { 30 | fmt.Printf("Saved: %+v\n", viper.AllSettings()) 31 | } 32 | return nil 33 | }, 34 | } 35 | 36 | func init() { 37 | rootCmd.AddCommand(configureCmd) 38 | } 39 | -------------------------------------------------------------------------------- /cmd/doc.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | import ( 4 | "fmt" 5 | "path" 6 | "strings" 7 | 8 | "github.com/spf13/cobra" 9 | "github.com/spf13/cobra/doc" 10 | ) 11 | 12 | // configureCmd represents the configure command 13 | var genDocCmd = &cobra.Command{ 14 | Use: "gendoc", 15 | Hidden: true, 16 | RunE: func(cmd *cobra.Command, args []string) error { 17 | docType, err := cmd.Flags().GetString("type") 18 | if err != nil { 19 | return err 20 | } 21 | rootCmd.DisableAutoGenTag = true 22 | switch docType { 23 | case "markdown": 24 | return doc.GenMarkdownTreeCustom(rootCmd, "doc", filePrepender, linkHandler) 25 | case "man": 26 | return doc.GenManTree(rootCmd, nil, "man") 27 | default: 28 | return fmt.Errorf("Unknown type: %v", docType) 29 | } 30 | }, 31 | } 32 | 33 | func init() { 34 | rootCmd.AddCommand(genDocCmd) 35 | genDocCmd.Flags().StringP("type", "t", "markdown", "what to generate, markdown or man") 36 | } 37 | 38 | func filePrepender(name string) string { 39 | return name 40 | } 41 | 42 | func linkHandler(name string) string { 43 | return strings.TrimSuffix(name, path.Ext(name)) 44 | } 45 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2021 Samuel Lorch 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /resource/json.go: -------------------------------------------------------------------------------- 1 | package resource 2 | 3 | import "time" 4 | 5 | type ResourceJsonOutput struct { 6 | ID *string `json:"id,omitempty"` 7 | FolderParentID *string `json:"folder_parent_id,omitempty"` 8 | Name *string `json:"name,omitempty"` 9 | Username *string `json:"username,omitempty"` 10 | URI *string `json:"uri,omitempty"` 11 | Password *string `json:"password,omitempty"` 12 | Description *string `json:"description,omitempty"` 13 | CreatedTimestamp *time.Time `json:"created_timestamp,omitempty"` 14 | ModifiedTimestamp *time.Time `json:"modified_timestamp,omitempty"` 15 | } 16 | 17 | type PermissionJsonOutput struct { 18 | ID *string `json:"id,omitempty"` 19 | Aco *string `json:"aco,omitempty"` 20 | AcoForeignKey *string `json:"aco_foreign_key,omitempty"` 21 | Aro *string `json:"aro,omitempty"` 22 | AroForeignKey *string `json:"aro_foreign_key,omitempty"` 23 | Type *int `json:"type,omitempty"` 24 | CreatedTimestamp *time.Time `json:"created_timestamp,omitempty"` 25 | ModifiedTimestamp *time.Time `json:"modified_timestamp,omitempty"` 26 | } 27 | -------------------------------------------------------------------------------- /util/http.go: -------------------------------------------------------------------------------- 1 | package util 2 | 3 | import ( 4 | "crypto/tls" 5 | "fmt" 6 | "net/http" 7 | 8 | "github.com/spf13/viper" 9 | ) 10 | 11 | func GetClientCertificate() (tls.Certificate, error) { 12 | cert := viper.GetString("tlsClientCert") 13 | certExists := cert != "" 14 | key := viper.GetString("tlsClientPrivateKey") 15 | keyExists := key != "" 16 | if !certExists && !keyExists { 17 | return tls.Certificate{}, nil 18 | } 19 | if certExists && !keyExists { 20 | return tls.Certificate{}, fmt.Errorf("Client TLS private key is empty, but client TLS cert was set.") 21 | } 22 | if !certExists && keyExists { 23 | return tls.Certificate{}, fmt.Errorf("Client TLS cert is empty, but client TLS private key was set.") 24 | } 25 | return tls.X509KeyPair([]byte(cert), []byte(key)) 26 | } 27 | 28 | func GetHttpClient() (*http.Client, error) { 29 | tlsSkipVerify := viper.GetBool("tlsSkipVerify") 30 | cert, err := GetClientCertificate() 31 | if err != nil { 32 | return nil, err 33 | } 34 | httpClient := http.Client{ 35 | Transport: &http.Transport{ 36 | Proxy: http.ProxyFromEnvironment, 37 | TLSClientConfig: &tls.Config{ 38 | Certificates: []tls.Certificate{cert}, 39 | InsecureSkipVerify: tlsSkipVerify, 40 | }, 41 | }, 42 | } 43 | 44 | return &httpClient, nil 45 | } 46 | -------------------------------------------------------------------------------- /folder/update.go: -------------------------------------------------------------------------------- 1 | package folder 2 | 3 | import ( 4 | "context" 5 | "fmt" 6 | 7 | "github.com/passbolt/go-passbolt-cli/util" 8 | "github.com/passbolt/go-passbolt/helper" 9 | "github.com/spf13/cobra" 10 | ) 11 | 12 | // FolderUpdateCmd Updates a Passbolt Folder 13 | var FolderUpdateCmd = &cobra.Command{ 14 | Use: "resource", 15 | Short: "Updates a Passbolt Folder", 16 | Long: `Updates a Passbolt Folder`, 17 | RunE: FolderUpdate, 18 | } 19 | 20 | func init() { 21 | FolderUpdateCmd.Flags().String("id", "", "id of Folder to Update") 22 | FolderUpdateCmd.Flags().StringP("name", "n", "", "Folder Name") 23 | 24 | FolderUpdateCmd.MarkFlagRequired("id") 25 | FolderUpdateCmd.MarkFlagRequired("name") 26 | } 27 | 28 | func FolderUpdate(cmd *cobra.Command, args []string) error { 29 | id, err := cmd.Flags().GetString("id") 30 | if err != nil { 31 | return err 32 | } 33 | name, err := cmd.Flags().GetString("name") 34 | if err != nil { 35 | return err 36 | } 37 | 38 | ctx := util.GetContext() 39 | 40 | client, err := util.GetClient(ctx) 41 | if err != nil { 42 | return err 43 | } 44 | defer client.Logout(context.TODO()) 45 | cmd.SilenceUsage = true 46 | 47 | err = helper.UpdateFolder( 48 | ctx, 49 | client, 50 | id, 51 | name, 52 | ) 53 | if err != nil { 54 | return fmt.Errorf("Updating Folder: %w", err) 55 | } 56 | return nil 57 | } 58 | -------------------------------------------------------------------------------- /cmd/list.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | import ( 4 | "github.com/passbolt/go-passbolt-cli/folder" 5 | "github.com/passbolt/go-passbolt-cli/group" 6 | "github.com/passbolt/go-passbolt-cli/resource" 7 | "github.com/passbolt/go-passbolt-cli/user" 8 | "github.com/spf13/cobra" 9 | ) 10 | 11 | // listCmd represents the list command 12 | var listCmd = &cobra.Command{ 13 | Use: "list", 14 | Short: "Lists Passbolt Entitys", 15 | Long: `Lists Passbolt Entitys`, 16 | Aliases: []string{"index", "ls", "filter", "search"}, 17 | } 18 | 19 | func init() { 20 | rootCmd.AddCommand(listCmd) 21 | listCmd.PersistentFlags().BoolP("json", "j", false, "Output JSON") 22 | listCmd.PersistentFlags().String("filter", "", 23 | "Define a CEl expression as filter for any list commands. In the expression, all available columns of subcommand can be used (see -c/--column).\n"+ 24 | "See also CEl specifications under https://github.com/google/cel-spec.\n"+ 25 | "Examples:\n"+ 26 | "\t--filter '(Name == \"SomeName\" || matches(Name, \"RegExpr\")) && URI.startsWith(\"https://auth.\")'\n"+ 27 | "\t--filter 'Username == \"User\" && CreatedTimestamp > timestamp(\"2022-06-10T00:00:00.000-00:00\")'") 28 | listCmd.AddCommand(resource.ResourceListCmd) 29 | listCmd.AddCommand(folder.FolderListCmd) 30 | listCmd.AddCommand(group.GroupListCmd) 31 | listCmd.AddCommand(user.UserListCmd) 32 | } 33 | -------------------------------------------------------------------------------- /folder/move.go: -------------------------------------------------------------------------------- 1 | package folder 2 | 3 | import ( 4 | "context" 5 | "fmt" 6 | 7 | "github.com/passbolt/go-passbolt-cli/util" 8 | "github.com/passbolt/go-passbolt/helper" 9 | "github.com/spf13/cobra" 10 | ) 11 | 12 | // FolderMoveCmd Moves a Passbolt Folder 13 | var FolderMoveCmd = &cobra.Command{ 14 | Use: "folder", 15 | Short: "Moves a Passbolt Folder into a Folder", 16 | Long: `Moves a Passbolt Folder into a Folder`, 17 | RunE: FolderMove, 18 | } 19 | 20 | func init() { 21 | FolderMoveCmd.Flags().String("id", "", "id of Folder to Move") 22 | FolderMoveCmd.Flags().StringP("folderParentID", "f", "", "Folder in which to Move the Folder") 23 | 24 | FolderMoveCmd.MarkFlagRequired("id") 25 | FolderMoveCmd.MarkFlagRequired("folderParentID") 26 | } 27 | 28 | func FolderMove(cmd *cobra.Command, args []string) error { 29 | id, err := cmd.Flags().GetString("id") 30 | if err != nil { 31 | return err 32 | } 33 | folderParentID, err := cmd.Flags().GetString("folderParentID") 34 | if err != nil { 35 | return err 36 | } 37 | 38 | ctx := util.GetContext() 39 | 40 | client, err := util.GetClient(ctx) 41 | if err != nil { 42 | return err 43 | } 44 | defer client.Logout(context.TODO()) 45 | cmd.SilenceUsage = true 46 | 47 | err = helper.MoveFolder( 48 | ctx, 49 | client, 50 | id, 51 | folderParentID, 52 | ) 53 | if err != nil { 54 | return fmt.Errorf("Moving Folder: %w", err) 55 | } 56 | return nil 57 | } 58 | -------------------------------------------------------------------------------- /resource/move.go: -------------------------------------------------------------------------------- 1 | package resource 2 | 3 | import ( 4 | "context" 5 | "fmt" 6 | 7 | "github.com/passbolt/go-passbolt-cli/util" 8 | "github.com/passbolt/go-passbolt/helper" 9 | "github.com/spf13/cobra" 10 | ) 11 | 12 | // ResourceMoveCmd Moves a Passbolt Resource 13 | var ResourceMoveCmd = &cobra.Command{ 14 | Use: "resource", 15 | Short: "Moves a Passbolt Resource into a Folder", 16 | Long: `Moves a Passbolt Resource into a Folder`, 17 | RunE: ResourceMove, 18 | } 19 | 20 | func init() { 21 | ResourceMoveCmd.Flags().String("id", "", "id of Resource to Move") 22 | ResourceMoveCmd.Flags().StringP("folderParentID", "f", "", "Folder in which to Move the Resource") 23 | 24 | ResourceMoveCmd.MarkFlagRequired("id") 25 | ResourceMoveCmd.MarkFlagRequired("folderParentID") 26 | } 27 | 28 | func ResourceMove(cmd *cobra.Command, args []string) error { 29 | id, err := cmd.Flags().GetString("id") 30 | if err != nil { 31 | return err 32 | } 33 | folderParentID, err := cmd.Flags().GetString("folderParentID") 34 | if err != nil { 35 | return err 36 | } 37 | 38 | ctx := util.GetContext() 39 | 40 | client, err := util.GetClient(ctx) 41 | if err != nil { 42 | return err 43 | } 44 | defer client.Logout(context.TODO()) 45 | cmd.SilenceUsage = true 46 | 47 | err = helper.MoveResource( 48 | ctx, 49 | client, 50 | id, 51 | folderParentID, 52 | ) 53 | if err != nil { 54 | return fmt.Errorf("Moving Resource: %w", err) 55 | } 56 | return nil 57 | } 58 | -------------------------------------------------------------------------------- /group/filter.go: -------------------------------------------------------------------------------- 1 | package group 2 | 3 | import ( 4 | "context" 5 | "fmt" 6 | 7 | "github.com/google/cel-go/cel" 8 | "github.com/passbolt/go-passbolt-cli/util" 9 | "github.com/passbolt/go-passbolt/api" 10 | ) 11 | 12 | // Environments for CEl 13 | var celEnvOptions = []cel.EnvOption{ 14 | cel.Variable("ID", cel.StringType), 15 | cel.Variable("Name", cel.StringType), 16 | cel.Variable("CreatedTimestamp", cel.TimestampType), 17 | cel.Variable("ModifiedTimestamp", cel.TimestampType), 18 | } 19 | 20 | // Filters the slice groups by invoke CEL program for each group 21 | func filterGroups(groups *[]api.Group, celCmd string, ctx context.Context) ([]api.Group, error) { 22 | if celCmd == "" { 23 | return *groups, nil 24 | } 25 | 26 | program, err := util.InitCELProgram(celCmd, celEnvOptions...) 27 | if err != nil { 28 | return nil, err 29 | } 30 | 31 | filteredGroups := []api.Group{} 32 | for _, group := range *groups { 33 | val, _, err := (*program).ContextEval(ctx, map[string]any{ 34 | "ID": group.ID, 35 | "Name": group.Name, 36 | "CreatedTimestamp": group.Created.Time, 37 | "ModifiedTimestamp": group.Modified.Time, 38 | }) 39 | 40 | if err != nil { 41 | return nil, err 42 | } 43 | 44 | if val.Value() == true { 45 | filteredGroups = append(filteredGroups, group) 46 | } 47 | } 48 | 49 | if len(filteredGroups) == 0 { 50 | return nil, fmt.Errorf("No such groups found with filter %v!", celCmd) 51 | } 52 | 53 | return filteredGroups, nil 54 | } 55 | -------------------------------------------------------------------------------- /folder/get.go: -------------------------------------------------------------------------------- 1 | package folder 2 | 3 | import ( 4 | "context" 5 | "encoding/json" 6 | "fmt" 7 | 8 | "al.essio.dev/pkg/shellescape" 9 | "github.com/passbolt/go-passbolt-cli/util" 10 | "github.com/spf13/cobra" 11 | ) 12 | 13 | // FolderGetCmd Gets a Passbolt Folder 14 | var FolderGetCmd = &cobra.Command{ 15 | Use: "folder", 16 | Short: "Gets a Passbolt Folder", 17 | Long: `Gets a Passbolt Folder`, 18 | RunE: FolderGet, 19 | } 20 | 21 | func init() { 22 | FolderGetCmd.Flags().String("id", "", "id of Folder to Get") 23 | 24 | FolderGetCmd.MarkFlagRequired("id") 25 | } 26 | 27 | func FolderGet(cmd *cobra.Command, args []string) error { 28 | id, err := cmd.Flags().GetString("id") 29 | if err != nil { 30 | return err 31 | } 32 | jsonOutput, err := cmd.Flags().GetBool("json") 33 | if err != nil { 34 | return err 35 | } 36 | 37 | ctx := util.GetContext() 38 | 39 | client, err := util.GetClient(ctx) 40 | if err != nil { 41 | return err 42 | } 43 | defer client.Logout(context.TODO()) 44 | cmd.SilenceUsage = true 45 | 46 | folder, err := client.GetFolder(ctx, id, nil) 47 | if err != nil { 48 | return fmt.Errorf("Getting Folder: %w", err) 49 | } 50 | if jsonOutput { 51 | jsonGroup, err := json.MarshalIndent(FolderJsonOutput{ 52 | FolderParentID: &folder.FolderParentID, 53 | Name: &folder.Name, 54 | }, "", " ") 55 | if err != nil { 56 | return err 57 | } 58 | fmt.Println(string(jsonGroup)) 59 | } else { 60 | fmt.Printf("FolderParentID: %v\n", folder.FolderParentID) 61 | fmt.Printf("Name: %v\n", shellescape.StripUnsafe(folder.Name)) 62 | } 63 | return nil 64 | } 65 | -------------------------------------------------------------------------------- /folder/filter.go: -------------------------------------------------------------------------------- 1 | package folder 2 | 3 | import ( 4 | "context" 5 | "fmt" 6 | 7 | "github.com/google/cel-go/cel" 8 | "github.com/passbolt/go-passbolt-cli/util" 9 | "github.com/passbolt/go-passbolt/api" 10 | ) 11 | 12 | // Environments for CEl 13 | var celEnvOptions = []cel.EnvOption{ 14 | cel.Variable("ID", cel.StringType), 15 | cel.Variable("FolderParentID", cel.StringType), 16 | cel.Variable("Name", cel.StringType), 17 | cel.Variable("CreatedTimestamp", cel.TimestampType), 18 | cel.Variable("ModifiedTimestamp", cel.TimestampType), 19 | } 20 | 21 | // Filters the slice folders by invoke CEL program for each folder 22 | func filterFolders(folders *[]api.Folder, celCmd string, ctx context.Context) ([]api.Folder, error) { 23 | if celCmd == "" { 24 | return *folders, nil 25 | } 26 | 27 | program, err := util.InitCELProgram(celCmd, celEnvOptions...) 28 | if err != nil { 29 | return nil, err 30 | } 31 | 32 | filteredFolders := []api.Folder{} 33 | for _, folder := range *folders { 34 | val, _, err := (*program).ContextEval(ctx, map[string]any{ 35 | "ID": folder.ID, 36 | "FolderParentID": folder.FolderParentID, 37 | "Name": folder.Name, 38 | "CreatedTimestamp": folder.Created.Time, 39 | "ModifiedTimestamp": folder.Modified.Time, 40 | }) 41 | 42 | if err != nil { 43 | return nil, err 44 | } 45 | 46 | if val.Value() == true { 47 | filteredFolders = append(filteredFolders, folder) 48 | } 49 | } 50 | 51 | if len(filteredFolders) == 0 { 52 | return nil, fmt.Errorf("No such folders found with filter %v!", celCmd) 53 | } 54 | 55 | return filteredFolders, nil 56 | } 57 | -------------------------------------------------------------------------------- /user/update.go: -------------------------------------------------------------------------------- 1 | package user 2 | 3 | import ( 4 | "context" 5 | "fmt" 6 | 7 | "github.com/passbolt/go-passbolt-cli/util" 8 | "github.com/passbolt/go-passbolt/helper" 9 | "github.com/spf13/cobra" 10 | ) 11 | 12 | // UserUpdateCmd Updates a Passbolt User 13 | var UserUpdateCmd = &cobra.Command{ 14 | Use: "user", 15 | Short: "Updates a Passbolt User", 16 | Long: `Updates a Passbolt User`, 17 | RunE: UserUpdate, 18 | } 19 | 20 | func init() { 21 | UserUpdateCmd.Flags().String("id", "", "id of User to Update") 22 | UserUpdateCmd.Flags().StringP("firstname", "f", "", "User FirstName") 23 | UserUpdateCmd.Flags().StringP("lastname", "l", "", "User LastName") 24 | UserUpdateCmd.Flags().StringP("role", "r", "", "User Role") 25 | 26 | UserUpdateCmd.MarkFlagRequired("id") 27 | } 28 | 29 | func UserUpdate(cmd *cobra.Command, args []string) error { 30 | id, err := cmd.Flags().GetString("id") 31 | if err != nil { 32 | return err 33 | } 34 | firstname, err := cmd.Flags().GetString("firstname") 35 | if err != nil { 36 | return err 37 | } 38 | lastname, err := cmd.Flags().GetString("lastname") 39 | if err != nil { 40 | return err 41 | } 42 | role, err := cmd.Flags().GetString("role") 43 | if err != nil { 44 | return err 45 | } 46 | 47 | ctx := util.GetContext() 48 | 49 | client, err := util.GetClient(ctx) 50 | if err != nil { 51 | return err 52 | } 53 | defer client.Logout(context.TODO()) 54 | cmd.SilenceUsage = true 55 | 56 | err = helper.UpdateUser( 57 | ctx, 58 | client, 59 | id, 60 | role, 61 | firstname, 62 | lastname, 63 | ) 64 | if err != nil { 65 | return fmt.Errorf("Updating User: %w", err) 66 | } 67 | return nil 68 | } 69 | -------------------------------------------------------------------------------- /.github/workflows/.release.yml: -------------------------------------------------------------------------------- 1 | name: goreleaser 2 | 3 | on: 4 | push: 5 | tag: '*' 6 | 7 | permissions: 8 | contents: write 9 | 10 | jobs: 11 | goreleaser: 12 | runs-on: ubuntu-latest 13 | steps: 14 | - 15 | name: Checkout 16 | uses: actions/checkout@v4 17 | with: 18 | fetch-depth: 0 19 | - 20 | name: Set up Go 21 | uses: actions/setup-go@v5 22 | with: 23 | go-version: 1.21 24 | - 25 | name: Generate Man and Completions 26 | run: | 27 | mkdir completion 28 | go run *.go completion bash > completion/bash 29 | go run *.go completion zsh > completion/zsh 30 | go run *.go completion fish > completion/fish 31 | go run *.go completion powershell > completion/powershell 32 | mkdir man 33 | go run *.go gendoc --type man 34 | pwd 35 | ls 36 | - 37 | if: ${{ !startsWith(github.ref, 'refs/tags/v') }} 38 | run: echo "flags=--snapshot" >> $GITHUB_ENV 39 | - 40 | name: Run GoReleaser 41 | uses: goreleaser/goreleaser-action@v5 42 | with: 43 | distribution: goreleaser 44 | version: latest 45 | args: release --clean ${{ env.flags }} 46 | env: 47 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 48 | TAP_GITHUB_TOKEN: ${{ secrets.TAP_GITHUB_TOKEN }} 49 | - 50 | name: Run Version 51 | run: | 52 | dist/go-passbolt-cli_linux_amd64_v1/passbolt -v 53 | - 54 | uses: actions/upload-artifact@v4 55 | with: 56 | name: go-passbolt-cli-artifacts 57 | path: dist/ 58 | -------------------------------------------------------------------------------- /user/filter.go: -------------------------------------------------------------------------------- 1 | package user 2 | 3 | import ( 4 | "context" 5 | "fmt" 6 | 7 | "github.com/google/cel-go/cel" 8 | "github.com/passbolt/go-passbolt-cli/util" 9 | "github.com/passbolt/go-passbolt/api" 10 | ) 11 | 12 | // Environments for CEl 13 | var celEnvOptions = []cel.EnvOption{ 14 | cel.Variable("ID", cel.StringType), 15 | cel.Variable("Username", cel.StringType), 16 | cel.Variable("FirstName", cel.StringType), 17 | cel.Variable("LastName", cel.StringType), 18 | cel.Variable("Role", cel.StringType), 19 | cel.Variable("CreatedTimestamp", cel.TimestampType), 20 | cel.Variable("ModifiedTimestamp", cel.TimestampType), 21 | } 22 | 23 | // Filters the slice users by invoke CEL program for each user 24 | func filterUsers(users *[]api.User, celCmd string, ctx context.Context) ([]api.User, error) { 25 | if celCmd == "" { 26 | return *users, nil 27 | } 28 | 29 | program, err := util.InitCELProgram(celCmd, celEnvOptions...) 30 | if err != nil { 31 | return nil, err 32 | } 33 | 34 | filteredUsers := []api.User{} 35 | for _, user := range *users { 36 | val, _, err := (*program).ContextEval(ctx, map[string]any{ 37 | "ID": user.ID, 38 | "Username": user.Username, 39 | "FirstName": user.Profile.FirstName, 40 | "LastName": user.Profile.LastName, 41 | "Role": user.Role.Name, 42 | "CreatedTimestamp": user.Created.Time, 43 | "ModifiedTimestamp": user.Modified.Time, 44 | }) 45 | 46 | if err != nil { 47 | return nil, err 48 | } 49 | 50 | if val.Value() == true { 51 | filteredUsers = append(filteredUsers, user) 52 | } 53 | } 54 | 55 | if len(filteredUsers) == 0 { 56 | return nil, fmt.Errorf("No such users found with filter %v!", celCmd) 57 | } 58 | 59 | return filteredUsers, nil 60 | } 61 | -------------------------------------------------------------------------------- /folder/share.go: -------------------------------------------------------------------------------- 1 | package folder 2 | 3 | import ( 4 | "context" 5 | "fmt" 6 | 7 | "github.com/passbolt/go-passbolt-cli/util" 8 | "github.com/passbolt/go-passbolt/helper" 9 | "github.com/spf13/cobra" 10 | ) 11 | 12 | // FolderShareCmd Shares a Passbolt Folder 13 | var FolderShareCmd = &cobra.Command{ 14 | Use: "folder", 15 | Short: "Shares a Passbolt Folder", 16 | Long: `Shares a Passbolt Folder`, 17 | RunE: FolderShare, 18 | } 19 | 20 | func init() { 21 | FolderShareCmd.Flags().String("id", "", "id of Folder to Share") 22 | FolderShareCmd.Flags().IntP("type", "t", 1, "Permission Type (1 Read Only, 7 Can Update, 15 Owner)") 23 | FolderShareCmd.Flags().StringArrayP("user", "u", []string{}, "User id's to share with") 24 | FolderShareCmd.Flags().StringArrayP("group", "g", []string{}, "Group id's to share with") 25 | 26 | FolderShareCmd.MarkFlagRequired("id") 27 | FolderShareCmd.MarkFlagRequired("type") 28 | } 29 | 30 | func FolderShare(cmd *cobra.Command, args []string) error { 31 | id, err := cmd.Flags().GetString("id") 32 | if err != nil { 33 | return err 34 | } 35 | pType, err := cmd.Flags().GetInt("type") 36 | if err != nil { 37 | return err 38 | } 39 | users, err := cmd.Flags().GetStringArray("user") 40 | if err != nil { 41 | return err 42 | } 43 | groups, err := cmd.Flags().GetStringArray("group") 44 | if err != nil { 45 | return err 46 | } 47 | 48 | ctx := util.GetContext() 49 | 50 | client, err := util.GetClient(ctx) 51 | if err != nil { 52 | return err 53 | } 54 | defer client.Logout(context.TODO()) 55 | cmd.SilenceUsage = true 56 | 57 | err = helper.ShareFolderWithUsersAndGroups( 58 | ctx, 59 | client, 60 | id, 61 | users, 62 | groups, 63 | pType, 64 | ) 65 | if err != nil { 66 | return fmt.Errorf("Sharing Folder: %w", err) 67 | } 68 | return nil 69 | } 70 | -------------------------------------------------------------------------------- /folder/create.go: -------------------------------------------------------------------------------- 1 | package folder 2 | 3 | import ( 4 | "context" 5 | "encoding/json" 6 | "fmt" 7 | 8 | "github.com/passbolt/go-passbolt-cli/util" 9 | "github.com/passbolt/go-passbolt/helper" 10 | "github.com/spf13/cobra" 11 | ) 12 | 13 | // FolderCreateCmd Creates a Passbolt Folder 14 | var FolderCreateCmd = &cobra.Command{ 15 | Use: "folder", 16 | Short: "Creates a Passbolt Folder", 17 | Long: `Creates a Passbolt Folder and Returns the Folders ID`, 18 | RunE: FolderCreate, 19 | } 20 | 21 | func init() { 22 | FolderCreateCmd.Flags().StringP("name", "n", "", "Folder Name") 23 | FolderCreateCmd.Flags().StringP("folderParentID", "f", "", "Folder in which to create the Folder") 24 | 25 | FolderCreateCmd.MarkFlagRequired("name") 26 | } 27 | 28 | func FolderCreate(cmd *cobra.Command, args []string) error { 29 | folderParentID, err := cmd.Flags().GetString("folderParentID") 30 | if err != nil { 31 | return err 32 | } 33 | name, err := cmd.Flags().GetString("name") 34 | if err != nil { 35 | return err 36 | } 37 | jsonOutput, err := cmd.Flags().GetBool("json") 38 | if err != nil { 39 | return err 40 | } 41 | 42 | ctx := util.GetContext() 43 | 44 | client, err := util.GetClient(ctx) 45 | if err != nil { 46 | return err 47 | } 48 | defer client.Logout(context.TODO()) 49 | cmd.SilenceUsage = true 50 | 51 | id, err := helper.CreateFolder( 52 | ctx, 53 | client, 54 | folderParentID, 55 | name, 56 | ) 57 | if err != nil { 58 | return fmt.Errorf("Creating Folder: %w", err) 59 | } 60 | 61 | if jsonOutput { 62 | jsonId, err := json.MarshalIndent( 63 | map[string]string{"id": id}, 64 | "", 65 | " ", 66 | ) 67 | if err != nil { 68 | return fmt.Errorf("Marshalling Json: %w", err) 69 | } 70 | fmt.Println(string(jsonId)) 71 | } else { 72 | fmt.Printf("FolderID: %v\n", id) 73 | } 74 | return nil 75 | } 76 | -------------------------------------------------------------------------------- /resource/share.go: -------------------------------------------------------------------------------- 1 | package resource 2 | 3 | import ( 4 | "context" 5 | "fmt" 6 | 7 | "github.com/passbolt/go-passbolt-cli/util" 8 | "github.com/passbolt/go-passbolt/helper" 9 | "github.com/spf13/cobra" 10 | ) 11 | 12 | // ResourceShareCmd Shares a Passbolt Resource 13 | var ResourceShareCmd = &cobra.Command{ 14 | Use: "resource", 15 | Short: "Shares a Passbolt Resource", 16 | Long: `Shares a Passbolt Resource`, 17 | RunE: ResourceShare, 18 | } 19 | 20 | func init() { 21 | ResourceShareCmd.Flags().String("id", "", "id of Resource to Share") 22 | ResourceShareCmd.Flags().IntP("type", "t", 1, "Permission Type (1 Read Only, 7 Can Update, 15 Owner)") 23 | ResourceShareCmd.Flags().StringArrayP("user", "u", []string{}, "User id's to share with") 24 | ResourceShareCmd.Flags().StringArrayP("group", "g", []string{}, "Group id's to share with") 25 | 26 | ResourceShareCmd.MarkFlagRequired("id") 27 | ResourceShareCmd.MarkFlagRequired("type") 28 | } 29 | 30 | func ResourceShare(cmd *cobra.Command, args []string) error { 31 | id, err := cmd.Flags().GetString("id") 32 | if err != nil { 33 | return err 34 | } 35 | pType, err := cmd.Flags().GetInt("type") 36 | if err != nil { 37 | return err 38 | } 39 | users, err := cmd.Flags().GetStringArray("user") 40 | if err != nil { 41 | return err 42 | } 43 | groups, err := cmd.Flags().GetStringArray("group") 44 | if err != nil { 45 | return err 46 | } 47 | 48 | ctx := util.GetContext() 49 | 50 | client, err := util.GetClient(ctx) 51 | if err != nil { 52 | return err 53 | } 54 | defer client.Logout(context.TODO()) 55 | cmd.SilenceUsage = true 56 | 57 | err = helper.ShareResourceWithUsersAndGroups( 58 | ctx, 59 | client, 60 | id, 61 | users, 62 | groups, 63 | pType, 64 | ) 65 | if err != nil { 66 | return fmt.Errorf("Sharing Resource: %w", err) 67 | } 68 | return nil 69 | } 70 | -------------------------------------------------------------------------------- /user/get.go: -------------------------------------------------------------------------------- 1 | package user 2 | 3 | import ( 4 | "context" 5 | "encoding/json" 6 | "fmt" 7 | 8 | "al.essio.dev/pkg/shellescape" 9 | "github.com/passbolt/go-passbolt-cli/util" 10 | "github.com/passbolt/go-passbolt/helper" 11 | "github.com/spf13/cobra" 12 | ) 13 | 14 | // UserGetCmd Gets a Passbolt User 15 | var UserGetCmd = &cobra.Command{ 16 | Use: "user", 17 | Short: "Gets a Passbolt User", 18 | Long: `Gets a Passbolt User`, 19 | RunE: UserGet, 20 | } 21 | 22 | func init() { 23 | UserGetCmd.Flags().String("id", "", "id of User to Get") 24 | 25 | UserGetCmd.MarkFlagRequired("id") 26 | } 27 | 28 | func UserGet(cmd *cobra.Command, args []string) error { 29 | id, err := cmd.Flags().GetString("id") 30 | if err != nil { 31 | return err 32 | } 33 | jsonOutput, err := cmd.Flags().GetBool("json") 34 | if err != nil { 35 | return err 36 | } 37 | 38 | ctx := util.GetContext() 39 | 40 | client, err := util.GetClient(ctx) 41 | if err != nil { 42 | return err 43 | } 44 | defer client.Logout(context.TODO()) 45 | cmd.SilenceUsage = true 46 | 47 | role, username, firstname, lastname, err := helper.GetUser( 48 | ctx, 49 | client, 50 | id, 51 | ) 52 | if err != nil { 53 | return fmt.Errorf("Getting User: %w", err) 54 | } 55 | if jsonOutput { 56 | jsonUser, err := json.MarshalIndent(UserJsonOutput{ 57 | Username: &username, 58 | FirstName: &firstname, 59 | LastName: &lastname, 60 | Role: &role, 61 | }, "", " ") 62 | if err != nil { 63 | return err 64 | } 65 | fmt.Println(string(jsonUser)) 66 | } else { 67 | fmt.Printf("Username: %v\n", shellescape.StripUnsafe(username)) 68 | fmt.Printf("FirstName: %v\n", shellescape.StripUnsafe(firstname)) 69 | fmt.Printf("LastName: %v\n", shellescape.StripUnsafe(lastname)) 70 | fmt.Printf("Role: %v\n", shellescape.StripUnsafe(role)) 71 | } 72 | return nil 73 | } 74 | -------------------------------------------------------------------------------- /.goreleaser.yml: -------------------------------------------------------------------------------- 1 | project_name: go-passbolt-cli 2 | checksum: 3 | name_template: 'checksums.txt' 4 | builds: 5 | - env: [CGO_ENABLED=0] 6 | flags: 7 | - -trimpath 8 | goos: 9 | - linux 10 | - windows 11 | - darwin 12 | goarch: 13 | - amd64 14 | - arm64 15 | binary: passbolt 16 | archives: 17 | - files: 18 | - completion/* 19 | - man/* 20 | format_overrides: 21 | - goos: windows 22 | format: zip 23 | release: 24 | draft: true 25 | header: | 26 | ## Release {{ .Tag }} - ({{ .Date }}) 27 | nfpms: 28 | - maintainer: Samuel Lorch 29 | description: A CLI for Passbolt. 30 | homepage: https://github.com/passbolt/go-passbolt-cli 31 | license: MIT 32 | contents: 33 | - src: /home/runner/work/go-passbolt-cli/go-passbolt-cli/completion/bash 34 | dst: /usr/share/bash-completion/completions/passbolt 35 | - src: /home/runner/work/go-passbolt-cli/go-passbolt-cli/completion/zsh 36 | dst: /usr/share/zsh/site-functions/_passbolt 37 | - src: /home/runner/work/go-passbolt-cli/go-passbolt-cli/completion/fish 38 | dst: /usr/share/fish/vendor_completions.d/passbolt.fish 39 | - src: /home/runner/work/go-passbolt-cli/go-passbolt-cli/man/* 40 | dst: /usr/share/man/man1/ 41 | recommends: 42 | - bash_completion 43 | formats: 44 | - deb 45 | - rpm 46 | brews: 47 | - homepage: https://github.com/passbolt/go-passbolt-cli 48 | license: "MIT" 49 | skip_upload: false 50 | description: "A CLI tool to interact with Passbolt, a Open source Password Manager for Teams" 51 | directory: Formula 52 | install: | 53 | bin.install "passbolt" 54 | bash_completion.install "completion/bash" => "passbolt" 55 | zsh_completion.install "completion/zsh" => "_passbolt" 56 | fish_completion.install "completion/fish" => "passbolt.fish" 57 | man1.install Dir["man/*"] 58 | # ... 59 | repository: 60 | owner: passbolt 61 | name: homebrew-tap 62 | token: "{{ .Env.TAP_GITHUB_TOKEN }}" 63 | 64 | 65 | -------------------------------------------------------------------------------- /cmd/completion.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | import ( 4 | "os" 5 | 6 | "github.com/spf13/cobra" 7 | ) 8 | 9 | var completionCmd = &cobra.Command{ 10 | Hidden: true, 11 | Use: "completion [bash|zsh|fish|powershell]", 12 | Short: "Generate completion script", 13 | Long: `To load completions: 14 | 15 | Bash: 16 | 17 | $ source <(yourprogram completion bash) 18 | 19 | # To load completions for each session, execute once: 20 | # Linux: 21 | $ yourprogram completion bash > /etc/bash_completion.d/yourprogram 22 | # macOS: 23 | $ yourprogram completion bash > /usr/local/etc/bash_completion.d/yourprogram 24 | 25 | Zsh: 26 | 27 | # If shell completion is not already enabled in your environment, 28 | # you will need to enable it. You can execute the following once: 29 | 30 | $ echo "autoload -U compinit; compinit" >> ~/.zshrc 31 | 32 | # To load completions for each session, execute once: 33 | $ yourprogram completion zsh > "${fpath[1]}/_yourprogram" 34 | 35 | # You will need to start a new shell for this setup to take effect. 36 | 37 | fish: 38 | 39 | $ yourprogram completion fish | source 40 | 41 | # To load completions for each session, execute once: 42 | $ yourprogram completion fish > ~/.config/fish/completions/yourprogram.fish 43 | 44 | PowerShell: 45 | 46 | PS> yourprogram completion powershell | Out-String | Invoke-Expression 47 | 48 | # To load completions for every new session, run: 49 | PS> yourprogram completion powershell > yourprogram.ps1 50 | # and source this file from your PowerShell profile. 51 | `, 52 | DisableFlagsInUseLine: true, 53 | ValidArgs: []string{"bash", "zsh", "fish", "powershell"}, 54 | Args: cobra.ExactValidArgs(1), 55 | Run: func(cmd *cobra.Command, args []string) { 56 | switch args[0] { 57 | case "bash": 58 | cmd.Root().GenBashCompletion(os.Stdout) 59 | case "zsh": 60 | cmd.Root().GenZshCompletion(os.Stdout) 61 | case "fish": 62 | cmd.Root().GenFishCompletion(os.Stdout, true) 63 | case "powershell": 64 | cmd.Root().GenPowerShellCompletionWithDesc(os.Stdout) 65 | } 66 | }, 67 | } 68 | 69 | func init() { 70 | rootCmd.AddCommand(completionCmd) 71 | } 72 | -------------------------------------------------------------------------------- /user/create.go: -------------------------------------------------------------------------------- 1 | package user 2 | 3 | import ( 4 | "context" 5 | "encoding/json" 6 | "fmt" 7 | 8 | "github.com/passbolt/go-passbolt-cli/util" 9 | "github.com/passbolt/go-passbolt/helper" 10 | "github.com/spf13/cobra" 11 | ) 12 | 13 | // UserCreateCmd Creates a Passbolt User 14 | var UserCreateCmd = &cobra.Command{ 15 | Use: "user", 16 | Short: "Creates a Passbolt User", 17 | Long: `Creates a Passbolt User and Returns the Users ID`, 18 | RunE: UserCreate, 19 | } 20 | 21 | func init() { 22 | UserCreateCmd.Flags().StringP("username", "u", "", "Username (needs to be a email address)") 23 | UserCreateCmd.Flags().StringP("firstname", "f", "", "First Name") 24 | UserCreateCmd.Flags().StringP("lastname", "l", "", "Last Name") 25 | UserCreateCmd.Flags().StringP("role", "r", "user", "Role of User.\nPossible: user, admin") 26 | 27 | UserCreateCmd.MarkFlagRequired("username") 28 | UserCreateCmd.MarkFlagRequired("firstname") 29 | UserCreateCmd.MarkFlagRequired("lastname") 30 | } 31 | 32 | func UserCreate(cmd *cobra.Command, args []string) error { 33 | username, err := cmd.Flags().GetString("username") 34 | if err != nil { 35 | return err 36 | } 37 | firstname, err := cmd.Flags().GetString("firstname") 38 | if err != nil { 39 | return err 40 | } 41 | lastname, err := cmd.Flags().GetString("lastname") 42 | if err != nil { 43 | return err 44 | } 45 | role, err := cmd.Flags().GetString("role") 46 | if err != nil { 47 | return err 48 | } 49 | jsonOutput, err := cmd.Flags().GetBool("json") 50 | if err != nil { 51 | return err 52 | } 53 | 54 | ctx := util.GetContext() 55 | 56 | client, err := util.GetClient(ctx) 57 | if err != nil { 58 | return err 59 | } 60 | defer client.Logout(context.TODO()) 61 | cmd.SilenceUsage = true 62 | 63 | id, err := helper.CreateUser( 64 | ctx, 65 | client, 66 | role, 67 | username, 68 | firstname, 69 | lastname, 70 | ) 71 | if err != nil { 72 | return fmt.Errorf("Creating User: %w", err) 73 | } 74 | 75 | if jsonOutput { 76 | jsonId, err := json.MarshalIndent( 77 | map[string]string{"id": id}, 78 | "", 79 | " ", 80 | ) 81 | if err != nil { 82 | return fmt.Errorf("Marshalling Json: %w", err) 83 | } 84 | fmt.Println(string(jsonId)) 85 | } else { 86 | fmt.Printf("UserID: %v\n", id) 87 | } 88 | return nil 89 | } 90 | -------------------------------------------------------------------------------- /resource/filter.go: -------------------------------------------------------------------------------- 1 | package resource 2 | 3 | import ( 4 | "context" 5 | "fmt" 6 | 7 | "github.com/google/cel-go/cel" 8 | "github.com/passbolt/go-passbolt-cli/util" 9 | "github.com/passbolt/go-passbolt/api" 10 | "github.com/passbolt/go-passbolt/helper" 11 | ) 12 | 13 | // Environments for CEl 14 | var celEnvOptions = []cel.EnvOption{ 15 | cel.Variable("ID", cel.StringType), 16 | cel.Variable("FolderParentID", cel.StringType), 17 | cel.Variable("Name", cel.StringType), 18 | cel.Variable("Username", cel.StringType), 19 | cel.Variable("URI", cel.StringType), 20 | cel.Variable("Password", cel.StringType), 21 | cel.Variable("Description", cel.StringType), 22 | cel.Variable("CreatedTimestamp", cel.TimestampType), 23 | cel.Variable("ModifiedTimestamp", cel.TimestampType), 24 | } 25 | 26 | // Filters the slice resources by invoke CEL program for each resource 27 | func filterResources(resources *[]api.Resource, celCmd string, ctx context.Context, client *api.Client) ([]api.Resource, error) { 28 | if celCmd == "" { 29 | return *resources, nil 30 | } 31 | 32 | program, err := util.InitCELProgram(celCmd, celEnvOptions...) 33 | if err != nil { 34 | return nil, err 35 | } 36 | 37 | filteredResources := []api.Resource{} 38 | for _, resource := range *resources { 39 | // TODO We should decrypt the secret only when required for performance reasonse 40 | _, name, username, uri, pass, desc, err := helper.GetResource(ctx, client, resource.ID) 41 | if err != nil { 42 | return nil, fmt.Errorf("Get Resource %w", err) 43 | } 44 | 45 | val, _, err := (*program).ContextEval(ctx, map[string]any{ 46 | "Id": resource.ID, 47 | "FolderParentID": resource.FolderParentID, 48 | "Name": name, 49 | "Username": username, 50 | "URI": uri, 51 | "Password": pass, 52 | "Description": desc, 53 | "CreatedTimestamp": resource.Created.Time, 54 | "ModifiedTimestamp": resource.Modified.Time, 55 | }) 56 | 57 | if err != nil { 58 | return nil, err 59 | } 60 | 61 | if val.Value() == true { 62 | filteredResources = append(filteredResources, resource) 63 | } 64 | } 65 | 66 | if len(filteredResources) == 0 { 67 | return nil, fmt.Errorf("No such Resources found with filter %v!", celCmd) 68 | } 69 | return filteredResources, nil 70 | } 71 | -------------------------------------------------------------------------------- /cmd/verify.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | import ( 4 | "fmt" 5 | 6 | "github.com/passbolt/go-passbolt-cli/util" 7 | "github.com/passbolt/go-passbolt/api" 8 | "github.com/spf13/cobra" 9 | "github.com/spf13/viper" 10 | ) 11 | 12 | // verifyCMD represents the verify command 13 | var verifyCMD = &cobra.Command{ 14 | Use: "verify", 15 | Short: "Verify Setup the Server Verification", 16 | Long: `Verify Setup the Server Verification. You need to run this once after that the Server will always be verified if the same config is used`, 17 | RunE: func(cmd *cobra.Command, args []string) error { 18 | ctx := util.GetContext() 19 | 20 | viper.Set("serverVerifyToken", "") 21 | viper.Set("serverVerifyEncToken", "") 22 | 23 | serverAddress := viper.GetString("serverAddress") 24 | if serverAddress == "" { 25 | return fmt.Errorf("serverAddress is not defined") 26 | } 27 | 28 | userPrivateKey := viper.GetString("userPrivateKey") 29 | if userPrivateKey == "" { 30 | return fmt.Errorf("userPrivateKey is not defined") 31 | } 32 | 33 | userPassword := viper.GetString("userPassword") 34 | if userPassword == "" { 35 | pw, err := util.ReadPassword("Enter Password:") 36 | if err != nil { 37 | fmt.Println() 38 | return fmt.Errorf("Reading Password: %w", err) 39 | } 40 | userPassword = pw 41 | fmt.Println() 42 | } 43 | 44 | httpClient, err := util.GetHttpClient() 45 | if err != nil { 46 | return err 47 | } 48 | client, err := api.NewClient(httpClient, "", serverAddress, userPrivateKey, userPassword) 49 | if err != nil { 50 | return fmt.Errorf("Creating Client: %w", err) 51 | } 52 | 53 | client.Debug = viper.GetBool("debug") 54 | 55 | token, enctoken, err := client.SetupServerVerification(ctx) 56 | if err != nil { 57 | return fmt.Errorf("Setup Verification: %w", err) 58 | } 59 | viper.Set("serverVerifyToken", token) 60 | viper.Set("serverVerifyEncToken", enctoken) 61 | 62 | if viper.ConfigFileUsed() == "" { 63 | err := viper.SafeWriteConfig() 64 | if err != nil { 65 | return fmt.Errorf("Writing Config: %w", err) 66 | } 67 | } else { 68 | err := viper.WriteConfig() 69 | if err != nil { 70 | return fmt.Errorf("Writing Config: %w", err) 71 | } 72 | } 73 | fmt.Println("Verification Enabled") 74 | return nil 75 | }, 76 | } 77 | 78 | func init() { 79 | rootCmd.AddCommand(verifyCMD) 80 | } 81 | -------------------------------------------------------------------------------- /group/update.go: -------------------------------------------------------------------------------- 1 | package group 2 | 3 | import ( 4 | "context" 5 | "fmt" 6 | 7 | "github.com/passbolt/go-passbolt-cli/util" 8 | "github.com/passbolt/go-passbolt/helper" 9 | "github.com/spf13/cobra" 10 | ) 11 | 12 | // GroupUpdateCmd Updates a Passbolt Group 13 | var GroupUpdateCmd = &cobra.Command{ 14 | Use: "group", 15 | Short: "Updates a Passbolt Group", 16 | Long: `Updates a Passbolt Group`, 17 | RunE: GroupUpdate, 18 | } 19 | 20 | func init() { 21 | GroupUpdateCmd.Flags().String("id", "", "id of Group to Update") 22 | GroupUpdateCmd.Flags().StringP("name", "n", "", "Group Name") 23 | 24 | GroupUpdateCmd.Flags().BoolP("delete", "d", false, "Remove Users/Managers from Group (default is Adding Users/Managers)") 25 | 26 | GroupUpdateCmd.Flags().StringArrayP("user", "u", []string{}, "Users to Add/Remove to/from Group(Including Group Managers)") 27 | GroupUpdateCmd.Flags().StringArrayP("manager", "m", []string{}, "Managers to Add/Remove to/from Group") 28 | 29 | GroupUpdateCmd.MarkFlagRequired("id") 30 | } 31 | 32 | func GroupUpdate(cmd *cobra.Command, args []string) error { 33 | id, err := cmd.Flags().GetString("id") 34 | if err != nil { 35 | return err 36 | } 37 | delete, err := cmd.Flags().GetBool("delete") 38 | if err != nil { 39 | return err 40 | } 41 | name, err := cmd.Flags().GetString("name") 42 | if err != nil { 43 | return err 44 | } 45 | users, err := cmd.Flags().GetStringArray("user") 46 | if err != nil { 47 | return err 48 | } 49 | managers, err := cmd.Flags().GetStringArray("manager") 50 | if err != nil { 51 | return err 52 | } 53 | 54 | ops := []helper.GroupMembershipOperation{} 55 | for _, user := range users { 56 | ops = append(ops, helper.GroupMembershipOperation{ 57 | UserID: user, 58 | IsGroupManager: false, 59 | Delete: delete, 60 | }) 61 | } 62 | for _, manager := range managers { 63 | ops = append(ops, helper.GroupMembershipOperation{ 64 | UserID: manager, 65 | IsGroupManager: true, 66 | Delete: delete, 67 | }) 68 | } 69 | 70 | ctx := util.GetContext() 71 | 72 | client, err := util.GetClient(ctx) 73 | if err != nil { 74 | return err 75 | } 76 | defer client.Logout(context.TODO()) 77 | cmd.SilenceUsage = true 78 | 79 | err = helper.UpdateGroup( 80 | ctx, 81 | client, 82 | id, 83 | name, 84 | ops, 85 | ) 86 | if err != nil { 87 | return fmt.Errorf("Updating Group: %w", err) 88 | } 89 | return nil 90 | } 91 | -------------------------------------------------------------------------------- /group/create.go: -------------------------------------------------------------------------------- 1 | package group 2 | 3 | import ( 4 | "context" 5 | "encoding/json" 6 | "fmt" 7 | 8 | "github.com/passbolt/go-passbolt-cli/util" 9 | "github.com/passbolt/go-passbolt/helper" 10 | "github.com/spf13/cobra" 11 | ) 12 | 13 | // GroupCreateCmd Creates a Passbolt Group 14 | var GroupCreateCmd = &cobra.Command{ 15 | Use: "group", 16 | Short: "Creates a Passbolt Group", 17 | Long: `Creates a Passbolt Group and Returns the Groups ID`, 18 | RunE: GroupCreate, 19 | } 20 | 21 | func init() { 22 | GroupCreateCmd.Flags().StringP("name", "n", "", "Group Name") 23 | 24 | GroupCreateCmd.Flags().StringArrayP("user", "u", []string{}, "Users to Add to Group") 25 | GroupCreateCmd.Flags().StringArrayP("manager", "m", []string{}, "Managers to Add to Group (atleast 1 is required)") 26 | 27 | GroupCreateCmd.MarkFlagRequired("name") 28 | GroupCreateCmd.MarkFlagRequired("manager") 29 | } 30 | 31 | func GroupCreate(cmd *cobra.Command, args []string) error { 32 | name, err := cmd.Flags().GetString("name") 33 | if err != nil { 34 | return err 35 | } 36 | users, err := cmd.Flags().GetStringArray("user") 37 | if err != nil { 38 | return err 39 | } 40 | managers, err := cmd.Flags().GetStringArray("manager") 41 | if err != nil { 42 | return err 43 | } 44 | jsonOutput, err := cmd.Flags().GetBool("json") 45 | if err != nil { 46 | return err 47 | } 48 | 49 | ops := []helper.GroupMembershipOperation{} 50 | for _, user := range users { 51 | ops = append(ops, helper.GroupMembershipOperation{ 52 | UserID: user, 53 | IsGroupManager: false, 54 | }) 55 | } 56 | for _, manager := range managers { 57 | ops = append(ops, helper.GroupMembershipOperation{ 58 | UserID: manager, 59 | IsGroupManager: true, 60 | }) 61 | } 62 | 63 | ctx := util.GetContext() 64 | 65 | client, err := util.GetClient(ctx) 66 | if err != nil { 67 | return err 68 | } 69 | defer client.Logout(context.TODO()) 70 | cmd.SilenceUsage = true 71 | 72 | id, err := helper.CreateGroup( 73 | ctx, 74 | client, 75 | name, 76 | ops, 77 | ) 78 | if err != nil { 79 | return fmt.Errorf("Creating Group: %w", err) 80 | } 81 | 82 | if jsonOutput { 83 | jsonId, err := json.MarshalIndent( 84 | map[string]string{"id": id}, 85 | "", 86 | " ", 87 | ) 88 | if err != nil { 89 | return fmt.Errorf("Marshalling Json: %w", err) 90 | } 91 | fmt.Println(string(jsonId)) 92 | } else { 93 | fmt.Printf("GroupID: %v\n", id) 94 | } 95 | return nil 96 | } 97 | -------------------------------------------------------------------------------- /resource/update.go: -------------------------------------------------------------------------------- 1 | package resource 2 | 3 | import ( 4 | "context" 5 | "fmt" 6 | 7 | "github.com/passbolt/go-passbolt-cli/util" 8 | "github.com/passbolt/go-passbolt/helper" 9 | "github.com/spf13/cobra" 10 | ) 11 | 12 | // ResourceUpdateCmd Updates a Passbolt Resource 13 | var ResourceUpdateCmd = &cobra.Command{ 14 | Use: "resource", 15 | Short: "Updates a Passbolt Resource", 16 | Long: `Updates a Passbolt Resource`, 17 | RunE: ResourceUpdate, 18 | } 19 | 20 | func init() { 21 | ResourceUpdateCmd.Flags().String("id", "", "id of Resource to Update") 22 | ResourceUpdateCmd.Flags().StringP("name", "n", "", "Resource Name") 23 | ResourceUpdateCmd.Flags().StringP("username", "u", "", "Resource Username") 24 | ResourceUpdateCmd.Flags().String("uri", "", "Resource URI") 25 | ResourceUpdateCmd.Flags().StringP("password", "p", "", "Resource Password") 26 | ResourceUpdateCmd.Flags().StringP("description", "d", "", "Resource Description") 27 | ResourceUpdateCmd.Flags().String("expiry", "", "Expiry as RFC3339 (e.g. 2025-12-31T23:59:59Z), duration (e.g. 7d, 12h), or 'none' to clear") 28 | ResourceUpdateCmd.MarkFlagRequired("id") 29 | } 30 | 31 | func ResourceUpdate(cmd *cobra.Command, args []string) error { 32 | id, err := cmd.Flags().GetString("id") 33 | if err != nil { 34 | return err 35 | } 36 | name, err := cmd.Flags().GetString("name") 37 | if err != nil { 38 | return err 39 | } 40 | username, err := cmd.Flags().GetString("username") 41 | if err != nil { 42 | return err 43 | } 44 | uri, err := cmd.Flags().GetString("uri") 45 | if err != nil { 46 | return err 47 | } 48 | password, err := cmd.Flags().GetString("password") 49 | if err != nil { 50 | return err 51 | } 52 | description, err := cmd.Flags().GetString("description") 53 | if err != nil { 54 | return err 55 | } 56 | 57 | expiry, err := cmd.Flags().GetString("expiry") 58 | if err != nil { 59 | return err 60 | } 61 | 62 | ctx := util.GetContext() 63 | 64 | client, err := util.GetClient(ctx) 65 | if err != nil { 66 | return err 67 | } 68 | defer client.Logout(context.TODO()) 69 | cmd.SilenceUsage = true 70 | 71 | err = helper.UpdateResource( 72 | ctx, 73 | client, 74 | id, 75 | name, 76 | username, 77 | uri, 78 | password, 79 | description, 80 | ) 81 | if err != nil { 82 | return fmt.Errorf("Updating Resource: %w", err) 83 | } 84 | 85 | if expiry != "" { 86 | if err := SetResourceExpiry(ctx, client, id, expiry); err != nil { 87 | return err 88 | } 89 | } 90 | return nil 91 | } 92 | -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/passbolt/go-passbolt-cli 2 | 3 | go 1.24.0 4 | 5 | toolchain go1.24.9 6 | 7 | require ( 8 | al.essio.dev/pkg/shellescape v1.6.0 9 | github.com/google/cel-go v0.26.1 10 | github.com/passbolt/go-passbolt v0.7.3-0.20251103091542-cb52308eb1b6 11 | github.com/pterm/pterm v0.12.82 12 | github.com/spf13/cobra v1.10.1 13 | github.com/spf13/viper v1.21.0 14 | github.com/tobischo/gokeepasslib/v3 v3.6.1 15 | golang.org/x/term v0.36.0 16 | ) 17 | 18 | require ( 19 | atomicgo.dev/cursor v0.2.0 // indirect 20 | atomicgo.dev/keyboard v0.2.9 // indirect 21 | atomicgo.dev/schedule v0.1.0 // indirect 22 | cel.dev/expr v0.24.0 // indirect 23 | github.com/ProtonMail/go-crypto v1.3.0 // indirect 24 | github.com/ProtonMail/gopenpgp/v3 v3.3.0 // indirect 25 | github.com/antlr4-go/antlr/v4 v4.13.1 // indirect 26 | github.com/clipperhouse/stringish v0.1.1 // indirect 27 | github.com/clipperhouse/uax29/v2 v2.3.0 // indirect 28 | github.com/cloudflare/circl v1.6.1 // indirect 29 | github.com/containerd/console v1.0.5 // indirect 30 | github.com/cpuguy83/go-md2man/v2 v2.0.7 // indirect 31 | github.com/fsnotify/fsnotify v1.9.0 // indirect 32 | github.com/go-viper/mapstructure/v2 v2.4.0 // indirect 33 | github.com/google/go-querystring v1.1.0 // indirect 34 | github.com/google/uuid v1.6.0 // indirect 35 | github.com/gookit/color v1.6.0 // indirect 36 | github.com/inconshreveable/mousetrap v1.1.0 // indirect 37 | github.com/lithammer/fuzzysearch v1.1.8 // indirect 38 | github.com/mattn/go-runewidth v0.0.19 // indirect 39 | github.com/pelletier/go-toml/v2 v2.2.4 // indirect 40 | github.com/russross/blackfriday/v2 v2.1.0 // indirect 41 | github.com/sagikazarmark/locafero v0.12.0 // indirect 42 | github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 // indirect 43 | github.com/spf13/afero v1.15.0 // indirect 44 | github.com/spf13/cast v1.10.0 // indirect 45 | github.com/spf13/pflag v1.0.10 // indirect 46 | github.com/stoewer/go-strcase v1.3.1 // indirect 47 | github.com/subosito/gotenv v1.6.0 // indirect 48 | github.com/tobischo/argon2 v0.1.0 // indirect 49 | github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect 50 | go.yaml.in/yaml/v3 v3.0.4 // indirect 51 | golang.org/x/crypto v0.43.0 // indirect 52 | golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546 // indirect 53 | golang.org/x/sys v0.37.0 // indirect 54 | golang.org/x/text v0.30.0 // indirect 55 | google.golang.org/genproto/googleapis/api v0.0.0-20251029180050-ab9386a59fda // indirect 56 | google.golang.org/genproto/googleapis/rpc v0.0.0-20251029180050-ab9386a59fda // indirect 57 | google.golang.org/protobuf v1.36.10 // indirect 58 | gopkg.in/yaml.v3 v3.0.1 // indirect 59 | ) 60 | 61 | // replace github.com/passbolt/go-passbolt => ../go-passbolt 62 | -------------------------------------------------------------------------------- /resource/expiry.go: -------------------------------------------------------------------------------- 1 | package resource 2 | 3 | import ( 4 | "context" 5 | "fmt" 6 | "regexp" 7 | "strings" 8 | "time" 9 | 10 | "github.com/passbolt/go-passbolt/api" 11 | ) 12 | 13 | // SetResourceExpiry updates only the expiry date of a resource. 14 | func SetResourceExpiry(ctx context.Context, client *api.Client, id string, expiryInput string) error { 15 | if expiryInput == "" { 16 | return nil 17 | } 18 | 19 | // Safety: ensure the resource id is a UUID to avoid unsafe URL construction 20 | if !isUUID(id) { 21 | return fmt.Errorf("invalid resource id: %q", id) 22 | } 23 | 24 | // allow a single keyword to clear expiry (no TrimSpace: flags shouldn't need quoting spaces) 25 | switch strings.ToLower(expiryInput) { 26 | case "none": 27 | // TODO: Should be handled in go-passbolt when the planned new Resource API is available 28 | _, _, err := client.DoCustomRequestAndReturnRawResponse( 29 | ctx, 30 | "PUT", 31 | fmt.Sprintf("resources/%s.json", id), 32 | "v2", 33 | map[string]*string{"expired": nil}, 34 | nil, 35 | ) 36 | if err != nil { 37 | return fmt.Errorf("Clearing expiry: %w", err) 38 | } 39 | return nil 40 | } 41 | 42 | isoExpiry, err := ParseExpiry(expiryInput) 43 | if err != nil { 44 | return err 45 | } 46 | // TODO: Should be handled in go-passbolt when the planned new Resource API is available 47 | _, _, err = client.DoCustomRequestAndReturnRawResponse( 48 | ctx, 49 | "PUT", 50 | fmt.Sprintf("resources/%s.json", id), 51 | "v2", 52 | map[string]string{"expired": isoExpiry}, 53 | nil, 54 | ) 55 | if err != nil { 56 | return fmt.Errorf("Setting expiry: %w", err) 57 | } 58 | return nil 59 | } 60 | 61 | // ParseExpiry accepts either an absolute time (ISO8601/RFC3339) or a human duration like "7d", "12h", "30m", or combinations like "1w2d3h". 62 | // It returns an ISO8601 (RFC3339) timestamp string in UTC suitable for the API. 63 | func ParseExpiry(input string) (string, error) { 64 | if input == "" { 65 | return "", nil 66 | } 67 | // Try absolute timestamp first 68 | if t, err := tryParseAbsoluteTime(input); err == nil { 69 | return t.UTC().Format(time.RFC3339), nil 70 | } 71 | // Fallback to human duration(s) 72 | d, err := time.ParseDuration(input) 73 | if err != nil { 74 | return "", fmt.Errorf("invalid expiry value %q: %w", input, err) 75 | } 76 | return time.Now().UTC().Add(d).Format(time.RFC3339), nil 77 | } 78 | 79 | func tryParseAbsoluteTime(s string) (time.Time, error) { 80 | // Try RFC3339 variants only (avoid nonstandard timestamp formats) 81 | layouts := []string{ 82 | time.RFC3339, 83 | time.RFC3339Nano, 84 | } 85 | var lastErr error 86 | for _, layout := range layouts { 87 | if t, err := time.Parse(layout, s); err == nil { 88 | return t, nil 89 | } else { 90 | lastErr = err 91 | } 92 | } 93 | return time.Time{}, lastErr 94 | } 95 | 96 | // isUUID performs a basic UUID validation in canonical 8-4-4-4-12 hex format. 97 | func isUUID(s string) bool { 98 | re := regexp.MustCompile(`(?i)^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$`) 99 | return re.MatchString(s) 100 | } 101 | -------------------------------------------------------------------------------- /cmd/exec.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | import ( 4 | "context" 5 | "fmt" 6 | "os" 7 | "os/exec" 8 | "strings" 9 | 10 | "github.com/passbolt/go-passbolt-cli/util" 11 | "github.com/passbolt/go-passbolt/api" 12 | "github.com/passbolt/go-passbolt/helper" 13 | "github.com/spf13/cobra" 14 | "github.com/spf13/viper" 15 | ) 16 | 17 | const PassboltPrefix = "passbolt://" 18 | 19 | // execCmd represents the exec command 20 | var execCmd = &cobra.Command{ 21 | Use: "exec -- command [args...]", 22 | Short: "Run a command with secrets injected into the environment.", 23 | Long: `The command allows you to execute another command with environment variables that reference secrets stored in Passbolt. 24 | Any environment variables containing passbolt:// references are automatically resolved to their corresponding secret values 25 | before the specified command is executed. This ensures that secrets are securely injected into the child process's environment 26 | without exposing them to the parent shell. 27 | 28 | For example: 29 | export GITHUB_TOKEN=passbolt:// 30 | passbolt exec -- gh auth login 31 | 32 | This would resolve the passbolt:// reference in GITHUB_TOKEN to its actual secret value and pass it to the gh process. 33 | `, 34 | Args: cobra.MinimumNArgs(1), 35 | RunE: execAction, 36 | } 37 | 38 | func init() { 39 | rootCmd.AddCommand(execCmd) 40 | } 41 | 42 | func execAction(_ *cobra.Command, args []string) error { 43 | ctx, cancel := context.WithTimeout(context.Background(), viper.GetDuration("timeout")) 44 | defer cancel() 45 | 46 | client, err := util.GetClient(ctx) 47 | if err != nil { 48 | return fmt.Errorf("Creating client: %w", err) 49 | } 50 | 51 | envVars, err := resolveEnvironmentSecrets(ctx, client) 52 | if err != nil { 53 | return fmt.Errorf("Resolving secrets: %w", err) 54 | } 55 | 56 | if err = client.Logout(ctx); err != nil { 57 | return fmt.Errorf("Logging out client: %w", err) 58 | } 59 | 60 | subCmd := exec.Command(args[0], args[1:]...) 61 | subCmd.Stdin = os.Stdin 62 | subCmd.Stdout = os.Stdout 63 | subCmd.Stderr = os.Stderr 64 | subCmd.Env = envVars 65 | 66 | if err = subCmd.Run(); err != nil { 67 | return fmt.Errorf("Running command: %w", err) 68 | } 69 | 70 | return nil 71 | } 72 | 73 | func resolveEnvironmentSecrets(ctx context.Context, client *api.Client) ([]string, error) { 74 | envVars := os.Environ() 75 | 76 | for i, envVar := range envVars { 77 | splitIndex := strings.Index(envVar, "=") 78 | if splitIndex == -1 { 79 | continue 80 | } 81 | 82 | key := envVar[:splitIndex] 83 | value := envVar[splitIndex+1:] 84 | 85 | if !strings.HasPrefix(value, PassboltPrefix) { 86 | continue 87 | } 88 | 89 | resourceId := strings.TrimPrefix(value, PassboltPrefix) 90 | _, _, _, _, secret, _, err := helper.GetResource(ctx, client, resourceId) 91 | if err != nil { 92 | return nil, fmt.Errorf("Getting resource: %w", err) 93 | } 94 | 95 | envVars[i] = key + "=" + secret 96 | 97 | if viper.GetBool("debug") { 98 | fmt.Fprintf(os.Stdout, "%v env var populated with resource id %v\n", key, resourceId) 99 | } 100 | } 101 | 102 | return envVars, nil 103 | } 104 | -------------------------------------------------------------------------------- /resource/create.go: -------------------------------------------------------------------------------- 1 | package resource 2 | 3 | import ( 4 | "context" 5 | "encoding/json" 6 | "fmt" 7 | 8 | "github.com/passbolt/go-passbolt-cli/util" 9 | "github.com/passbolt/go-passbolt/helper" 10 | "github.com/spf13/cobra" 11 | ) 12 | 13 | // ResourceCreateCmd Creates a Passbolt Resource 14 | var ResourceCreateCmd = &cobra.Command{ 15 | Use: "resource", 16 | Short: "Creates a Passbolt Resource", 17 | Long: `Creates a Passbolt Resource and Returns the Resources ID`, 18 | RunE: ResourceCreate, 19 | } 20 | 21 | func init() { 22 | ResourceCreateCmd.Flags().StringP("name", "n", "", "Resource Name") 23 | ResourceCreateCmd.Flags().StringP("username", "u", "", "Resource Username") 24 | ResourceCreateCmd.Flags().String("uri", "", "Resource URI") 25 | ResourceCreateCmd.Flags().StringP("password", "p", "", "Resource Password") 26 | ResourceCreateCmd.Flags().StringP("description", "d", "", "Resource Description") 27 | ResourceCreateCmd.Flags().StringP("folderParentID", "f", "", "Folder in which to create the Resource") 28 | ResourceCreateCmd.Flags().String("expiry", "", "Expiry as RFC3339 (e.g. 2025-12-31T23:59:59Z) or Go duration (e.g. 48h, 30m)") 29 | ResourceCreateCmd.MarkFlagRequired("name") 30 | ResourceCreateCmd.MarkFlagRequired("password") 31 | } 32 | 33 | func ResourceCreate(cmd *cobra.Command, args []string) error { 34 | folderParentID, err := cmd.Flags().GetString("folderParentID") 35 | if err != nil { 36 | return err 37 | } 38 | name, err := cmd.Flags().GetString("name") 39 | if err != nil { 40 | return err 41 | } 42 | username, err := cmd.Flags().GetString("username") 43 | if err != nil { 44 | return err 45 | } 46 | uri, err := cmd.Flags().GetString("uri") 47 | if err != nil { 48 | return err 49 | } 50 | password, err := cmd.Flags().GetString("password") 51 | if err != nil { 52 | return err 53 | } 54 | description, err := cmd.Flags().GetString("description") 55 | if err != nil { 56 | return err 57 | } 58 | 59 | expiry, err := cmd.Flags().GetString("expiry") 60 | if err != nil { 61 | return err 62 | } 63 | 64 | jsonOutput, err := cmd.Flags().GetBool("json") 65 | if err != nil { 66 | return err 67 | } 68 | 69 | ctx := util.GetContext() 70 | 71 | client, err := util.GetClient(ctx) 72 | if err != nil { 73 | return err 74 | } 75 | defer client.Logout(context.TODO()) 76 | cmd.SilenceUsage = true 77 | 78 | id, err := helper.CreateResource( 79 | ctx, 80 | client, 81 | folderParentID, 82 | name, 83 | username, 84 | uri, 85 | password, 86 | description, 87 | ) 88 | if err != nil { 89 | return fmt.Errorf("Creating Resource: %w", err) 90 | } 91 | 92 | // TODO, Should be done by go-passbolt when the "new" Resource API is done 93 | if expiry != "" { 94 | if err := SetResourceExpiry(ctx, client, id, expiry); err != nil { 95 | return err 96 | } 97 | } 98 | 99 | if jsonOutput { 100 | jsonId, err := json.MarshalIndent( 101 | map[string]string{"id": id}, 102 | "", 103 | " ", 104 | ) 105 | if err != nil { 106 | return fmt.Errorf("Marshalling Json: %w", err) 107 | } 108 | fmt.Println(string(jsonId)) 109 | } else { 110 | fmt.Printf("ResourceID: %v\n", id) 111 | } 112 | return nil 113 | } 114 | -------------------------------------------------------------------------------- /group/get.go: -------------------------------------------------------------------------------- 1 | package group 2 | 3 | import ( 4 | "context" 5 | "encoding/json" 6 | "fmt" 7 | "strings" 8 | 9 | "al.essio.dev/pkg/shellescape" 10 | "github.com/passbolt/go-passbolt-cli/util" 11 | "github.com/passbolt/go-passbolt/helper" 12 | "github.com/pterm/pterm" 13 | "github.com/spf13/cobra" 14 | ) 15 | 16 | // GroupGetCmd Gets a Passbolt Group 17 | var GroupGetCmd = &cobra.Command{ 18 | Use: "group", 19 | Short: "Gets a Passbolt Group", 20 | Long: `Gets a Passbolt Group`, 21 | RunE: GroupGet, 22 | } 23 | 24 | func init() { 25 | GroupGetCmd.Flags().String("id", "", "id of Group to Get") 26 | 27 | GroupGetCmd.Flags().StringArrayP("column", "c", []string{"UserID", "Username", "UserFirstName", "UserLastName", "IsGroupManager"}, "Membership Columns to return, possible Columns:\nUserID, Username, UserFirstName, UserLastName, IsGroupManager") 28 | 29 | GroupGetCmd.MarkFlagRequired("id") 30 | } 31 | 32 | func GroupGet(cmd *cobra.Command, args []string) error { 33 | id, err := cmd.Flags().GetString("id") 34 | if err != nil { 35 | return err 36 | } 37 | columns, err := cmd.Flags().GetStringArray("column") 38 | if err != nil { 39 | return err 40 | } 41 | jsonOutput, err := cmd.Flags().GetBool("json") 42 | if err != nil { 43 | return err 44 | } 45 | 46 | ctx := util.GetContext() 47 | 48 | client, err := util.GetClient(ctx) 49 | if err != nil { 50 | return err 51 | } 52 | defer client.Logout(context.TODO()) 53 | cmd.SilenceUsage = true 54 | 55 | name, memberships, err := helper.GetGroup( 56 | ctx, 57 | client, 58 | id, 59 | ) 60 | if err != nil { 61 | return fmt.Errorf("Getting Group: %w", err) 62 | } 63 | 64 | if jsonOutput { 65 | groupUserMemberships := []GroupUserMembershipJsonOutput{} 66 | for i := range memberships { 67 | groupUserMemberships = append(groupUserMemberships, GroupUserMembershipJsonOutput{ 68 | ID: &memberships[i].UserID, 69 | Username: &memberships[i].Username, 70 | FirstName: &memberships[i].UserFirstName, 71 | LastName: &memberships[i].UserLastName, 72 | IsGroupManager: &memberships[i].IsGroupManager, 73 | }) 74 | } 75 | 76 | jsonGroup, err := json.MarshalIndent(GroupJsonOutput{ 77 | Name: &name, 78 | Users: groupUserMemberships, 79 | }, "", " ") 80 | if err != nil { 81 | return err 82 | } 83 | fmt.Println(string(jsonGroup)) 84 | 85 | } else { 86 | fmt.Printf("Name: %v\n", name) 87 | // Print Memberships 88 | if len(columns) != 0 { 89 | data := pterm.TableData{columns} 90 | 91 | for _, membership := range memberships { 92 | entry := make([]string, len(columns)) 93 | for i := range columns { 94 | switch strings.ToLower(columns[i]) { 95 | case "userid": 96 | entry[i] = membership.UserID 97 | case "isgroupmanager": 98 | entry[i] = fmt.Sprint(membership.IsGroupManager) 99 | case "username": 100 | entry[i] = shellescape.StripUnsafe(membership.Username) 101 | case "userfirstname": 102 | entry[i] = shellescape.StripUnsafe(membership.UserFirstName) 103 | case "userlastname": 104 | entry[i] = shellescape.StripUnsafe(membership.UserLastName) 105 | default: 106 | cmd.SilenceUsage = false 107 | return fmt.Errorf("Unknown Column: %v", columns[i]) 108 | } 109 | } 110 | data = append(data, entry) 111 | } 112 | 113 | pterm.DefaultTable.WithHasHeader().WithData(data).Render() 114 | } 115 | } 116 | return nil 117 | } 118 | -------------------------------------------------------------------------------- /group/list.go: -------------------------------------------------------------------------------- 1 | package group 2 | 3 | import ( 4 | "context" 5 | "encoding/json" 6 | "fmt" 7 | "strings" 8 | "time" 9 | 10 | "al.essio.dev/pkg/shellescape" 11 | "github.com/passbolt/go-passbolt-cli/util" 12 | "github.com/passbolt/go-passbolt/api" 13 | "github.com/spf13/cobra" 14 | 15 | "github.com/pterm/pterm" 16 | ) 17 | 18 | // GroupListCmd Lists a Passbolt Group 19 | var GroupListCmd = &cobra.Command{ 20 | Use: "group", 21 | Short: "Lists Passbolt Groups", 22 | Long: `Lists Passbolt Groups`, 23 | Aliases: []string{"groups"}, 24 | RunE: GroupList, 25 | } 26 | 27 | func init() { 28 | GroupListCmd.Flags().StringArrayP("user", "u", []string{}, "Groups that are shared with group") 29 | GroupListCmd.Flags().StringArrayP("manager", "m", []string{}, "Groups that are in folder") 30 | 31 | GroupListCmd.Flags().StringArrayP("column", "c", []string{"ID", "Name"}, "Columns to return, possible Columns:\nID, Name, CreatedTimestamp, ModifiedTimestamp") 32 | } 33 | 34 | func GroupList(cmd *cobra.Command, args []string) error { 35 | users, err := cmd.Flags().GetStringArray("user") 36 | if err != nil { 37 | return err 38 | } 39 | managers, err := cmd.Flags().GetStringArray("manager") 40 | if err != nil { 41 | return err 42 | } 43 | columns, err := cmd.Flags().GetStringArray("column") 44 | if err != nil { 45 | return err 46 | } 47 | if len(columns) == 0 { 48 | return fmt.Errorf("You need to specify atleast one column to return") 49 | } 50 | jsonOutput, err := cmd.Flags().GetBool("json") 51 | if err != nil { 52 | return err 53 | } 54 | celFilter, err := cmd.Flags().GetString("filter") 55 | if err != nil { 56 | return err 57 | } 58 | 59 | ctx := util.GetContext() 60 | 61 | client, err := util.GetClient(ctx) 62 | if err != nil { 63 | return err 64 | } 65 | defer client.Logout(context.TODO()) 66 | cmd.SilenceUsage = true 67 | 68 | groups, err := client.GetGroups(ctx, &api.GetGroupsOptions{ 69 | FilterHasUsers: users, 70 | FilterHasManagers: managers, 71 | }) 72 | if err != nil { 73 | return fmt.Errorf("Listing Group: %w", err) 74 | } 75 | 76 | groups, err = filterGroups(&groups, celFilter, ctx) 77 | if err != nil { 78 | return err 79 | } 80 | 81 | if jsonOutput { 82 | outputGroups := []GroupJsonOutput{} 83 | for i := range groups { 84 | outputGroups = append(outputGroups, GroupJsonOutput{ 85 | ID: &groups[i].ID, 86 | Name: &groups[i].Name, 87 | CreatedTimestamp: &groups[i].Created.Time, 88 | ModifiedTimestamp: &groups[i].Modified.Time, 89 | }) 90 | } 91 | jsonGroups, err := json.MarshalIndent(outputGroups, "", " ") 92 | if err != nil { 93 | return err 94 | } 95 | fmt.Println(string(jsonGroups)) 96 | } else { 97 | data := pterm.TableData{columns} 98 | 99 | for _, group := range groups { 100 | entry := make([]string, len(columns)) 101 | for i := range columns { 102 | switch strings.ToLower(columns[i]) { 103 | case "id": 104 | entry[i] = group.ID 105 | case "name": 106 | entry[i] = shellescape.StripUnsafe(group.Name) 107 | case "createdtimestamp": 108 | entry[i] = group.Created.Format(time.RFC3339) 109 | case "modifiedtimestamp": 110 | entry[i] = group.Modified.Format(time.RFC3339) 111 | default: 112 | cmd.SilenceUsage = false 113 | return fmt.Errorf("Unknown Column: %v", columns[i]) 114 | } 115 | } 116 | data = append(data, entry) 117 | } 118 | 119 | pterm.DefaultTable.WithHasHeader().WithData(data).Render() 120 | } 121 | return nil 122 | } 123 | -------------------------------------------------------------------------------- /folder/list.go: -------------------------------------------------------------------------------- 1 | package folder 2 | 3 | import ( 4 | "context" 5 | "encoding/json" 6 | "fmt" 7 | "strings" 8 | "time" 9 | 10 | "al.essio.dev/pkg/shellescape" 11 | "github.com/passbolt/go-passbolt-cli/util" 12 | "github.com/passbolt/go-passbolt/api" 13 | "github.com/spf13/cobra" 14 | 15 | "github.com/pterm/pterm" 16 | ) 17 | 18 | // FolderListCmd Lists a Passbolt Folder 19 | var FolderListCmd = &cobra.Command{ 20 | Use: "folder", 21 | Short: "Lists Passbolt Folders", 22 | Long: `Lists Passbolt Folders`, 23 | Aliases: []string{"folders"}, 24 | RunE: FolderList, 25 | } 26 | 27 | func init() { 28 | FolderListCmd.Flags().StringP("search", "s", "", "Folders that have this in the Name") 29 | FolderListCmd.Flags().StringArrayP("folder", "f", []string{}, "Folders that are in this Folder") 30 | FolderListCmd.Flags().StringArrayP("group", "g", []string{}, "Folders that are shared with group") 31 | FolderListCmd.Flags().StringArrayP("column", "c", []string{"ID", "FolderParentID", "Name"}, "Columns to return, possible Columns:\nID, FolderParentID, Name, CreatedTimestamp, ModifiedTimestamp") 32 | } 33 | 34 | func FolderList(cmd *cobra.Command, args []string) error { 35 | search, err := cmd.Flags().GetString("search") 36 | if err != nil { 37 | return err 38 | } 39 | parentFolders, err := cmd.Flags().GetStringArray("folder") 40 | if err != nil { 41 | return err 42 | } 43 | columns, err := cmd.Flags().GetStringArray("column") 44 | if err != nil { 45 | return err 46 | } 47 | if len(columns) == 0 { 48 | return fmt.Errorf("You need to Specify atleast one column to return") 49 | } 50 | jsonOutput, err := cmd.Flags().GetBool("json") 51 | if err != nil { 52 | return err 53 | } 54 | celFilter, err := cmd.Flags().GetString("filter") 55 | if err != nil { 56 | return err 57 | } 58 | 59 | ctx := util.GetContext() 60 | cmd.SilenceUsage = true 61 | 62 | client, err := util.GetClient(ctx) 63 | if err != nil { 64 | return err 65 | } 66 | defer client.Logout(context.TODO()) 67 | 68 | folders, err := client.GetFolders(ctx, &api.GetFoldersOptions{ 69 | FilterHasParent: parentFolders, 70 | FilterSearch: search, 71 | }) 72 | if err != nil { 73 | return fmt.Errorf("Listing Folder: %w", err) 74 | } 75 | 76 | folders, err = filterFolders(&folders, celFilter, ctx) 77 | if err != nil { 78 | return err 79 | } 80 | 81 | if jsonOutput { 82 | outputFolders := []FolderJsonOutput{} 83 | for i := range folders { 84 | outputFolders = append(outputFolders, FolderJsonOutput{ 85 | ID: &folders[i].ID, 86 | FolderParentID: &folders[i].FolderParentID, 87 | Name: &folders[i].Name, 88 | CreatedTimestamp: &folders[i].Created.Time, 89 | ModifiedTimestamp: &folders[i].Modified.Time, 90 | }) 91 | } 92 | jsonFolders, err := json.MarshalIndent(outputFolders, "", " ") 93 | if err != nil { 94 | return err 95 | } 96 | fmt.Println(string(jsonFolders)) 97 | } else { 98 | data := pterm.TableData{columns} 99 | 100 | for _, folder := range folders { 101 | entry := make([]string, len(columns)) 102 | for i := range columns { 103 | switch strings.ToLower(columns[i]) { 104 | case "id": 105 | entry[i] = folder.ID 106 | case "folderparentid": 107 | entry[i] = folder.FolderParentID 108 | case "name": 109 | entry[i] = shellescape.StripUnsafe(folder.Name) 110 | case "createdtimestamp": 111 | entry[i] = folder.Created.Format(time.RFC3339) 112 | case "modifiedtimestamp": 113 | entry[i] = folder.Modified.Format(time.RFC3339) 114 | default: 115 | cmd.SilenceUsage = false 116 | return fmt.Errorf("Unknown Column: %v", columns[i]) 117 | } 118 | } 119 | data = append(data, entry) 120 | } 121 | 122 | pterm.DefaultTable.WithHasHeader().WithData(data).Render() 123 | } 124 | return nil 125 | } 126 | -------------------------------------------------------------------------------- /user/list.go: -------------------------------------------------------------------------------- 1 | package user 2 | 3 | import ( 4 | "context" 5 | "encoding/json" 6 | "fmt" 7 | "strings" 8 | "time" 9 | 10 | "al.essio.dev/pkg/shellescape" 11 | "github.com/passbolt/go-passbolt-cli/util" 12 | "github.com/passbolt/go-passbolt/api" 13 | "github.com/spf13/cobra" 14 | 15 | "github.com/pterm/pterm" 16 | ) 17 | 18 | // UserListCmd Lists a Passbolt User 19 | var UserListCmd = &cobra.Command{ 20 | Use: "user", 21 | Short: "Lists Passbolt Users", 22 | Long: `Lists Passbolt Users`, 23 | Aliases: []string{"users"}, 24 | RunE: UserList, 25 | } 26 | 27 | func init() { 28 | UserListCmd.Flags().StringArrayP("group", "g", []string{}, "Users that are members of groups") 29 | UserListCmd.Flags().StringArrayP("resource", "r", []string{}, "Users that have access to resources") 30 | 31 | UserListCmd.Flags().StringP("search", "s", "", "Search for Users") 32 | UserListCmd.Flags().BoolP("admin", "a", false, "Only show Admins") 33 | 34 | UserListCmd.Flags().StringArrayP("column", "c", []string{"ID", "Username", "FirstName", "LastName", "Role"}, "Columns to return, possible Columns:\nID, Username, FirstName, LastName, Role, CreatedTimestamp, ModifiedTimestamp") 35 | } 36 | 37 | func UserList(cmd *cobra.Command, args []string) error { 38 | groups, err := cmd.Flags().GetStringArray("group") 39 | if err != nil { 40 | return err 41 | } 42 | resources, err := cmd.Flags().GetStringArray("resource") 43 | if err != nil { 44 | return err 45 | } 46 | search, err := cmd.Flags().GetString("search") 47 | if err != nil { 48 | return err 49 | } 50 | admin, err := cmd.Flags().GetBool("admin") 51 | if err != nil { 52 | return err 53 | } 54 | columns, err := cmd.Flags().GetStringArray("column") 55 | if err != nil { 56 | return err 57 | } 58 | if len(columns) == 0 { 59 | return fmt.Errorf("You need to specify atleast one column to return") 60 | } 61 | jsonOutput, err := cmd.Flags().GetBool("json") 62 | if err != nil { 63 | return err 64 | } 65 | celFilter, err := cmd.Flags().GetString("filter") 66 | if err != nil { 67 | return err 68 | } 69 | 70 | ctx := util.GetContext() 71 | 72 | client, err := util.GetClient(ctx) 73 | if err != nil { 74 | return err 75 | } 76 | defer client.Logout(context.TODO()) 77 | cmd.SilenceUsage = true 78 | 79 | users, err := client.GetUsers(ctx, &api.GetUsersOptions{ 80 | FilterHasGroup: groups, 81 | FilterHasAccess: resources, 82 | FilterSearch: search, 83 | FilterIsAdmin: admin, 84 | }) 85 | if err != nil { 86 | return fmt.Errorf("Listing User: %w", err) 87 | } 88 | 89 | users, err = filterUsers(&users, celFilter, ctx) 90 | if err != nil { 91 | return err 92 | } 93 | 94 | if jsonOutput { 95 | outputUsers := []UserJsonOutput{} 96 | for i := range users { 97 | outputUsers = append(outputUsers, UserJsonOutput{ 98 | ID: &users[i].ID, 99 | Username: &users[i].Username, 100 | FirstName: &users[i].Profile.FirstName, 101 | LastName: &users[i].Profile.LastName, 102 | Role: &users[i].Role.Name, 103 | CreatedTimestamp: &users[i].Created.Time, 104 | ModifiedTimestamp: &users[i].Modified.Time, 105 | }) 106 | } 107 | jsonUsers, err := json.MarshalIndent(outputUsers, "", " ") 108 | if err != nil { 109 | return err 110 | } 111 | fmt.Println(string(jsonUsers)) 112 | } else { 113 | data := pterm.TableData{columns} 114 | 115 | for _, user := range users { 116 | entry := make([]string, len(columns)) 117 | for i := range columns { 118 | switch strings.ToLower(columns[i]) { 119 | case "id": 120 | entry[i] = user.ID 121 | case "username": 122 | entry[i] = shellescape.StripUnsafe(user.Username) 123 | case "firstname": 124 | entry[i] = shellescape.StripUnsafe(user.Profile.FirstName) 125 | case "lastname": 126 | entry[i] = shellescape.StripUnsafe(user.Profile.LastName) 127 | case "role": 128 | entry[i] = shellescape.StripUnsafe(user.Role.Name) 129 | case "createdtimestamp": 130 | entry[i] = user.Created.Format(time.RFC3339) 131 | case "modifiedtimestamp": 132 | entry[i] = user.Modified.Format(time.RFC3339) 133 | default: 134 | cmd.SilenceUsage = false 135 | return fmt.Errorf("Unknown Column: %v", columns[i]) 136 | } 137 | } 138 | data = append(data, entry) 139 | } 140 | 141 | pterm.DefaultTable.WithHasHeader().WithData(data).Render() 142 | } 143 | return nil 144 | } 145 | -------------------------------------------------------------------------------- /util/client.go: -------------------------------------------------------------------------------- 1 | package util 2 | 3 | import ( 4 | "bufio" 5 | "context" 6 | "encoding/json" 7 | "errors" 8 | "fmt" 9 | "net/http" 10 | "os" 11 | "strings" 12 | "time" 13 | 14 | "github.com/passbolt/go-passbolt/api" 15 | "github.com/passbolt/go-passbolt/helper" 16 | "github.com/spf13/viper" 17 | "golang.org/x/term" 18 | ) 19 | 20 | // ReadPassword reads a Password interactively or via Pipe 21 | func ReadPassword(prompt string) (string, error) { 22 | fd := int(os.Stdin.Fd()) 23 | var pass string 24 | if term.IsTerminal(fd) { 25 | fmt.Fprint(os.Stderr, prompt); 26 | 27 | inputPass, err := term.ReadPassword(fd) 28 | if err != nil { 29 | return "", err 30 | } 31 | pass = string(inputPass) 32 | } else { 33 | reader := bufio.NewReader(os.Stdin) 34 | s, err := reader.ReadString('\n') 35 | if err != nil { 36 | return "", err 37 | } 38 | pass = s 39 | } 40 | 41 | return strings.Replace(pass, "\n", "", 1), nil 42 | } 43 | 44 | // GetClient gets a Logged in Passbolt Client 45 | func GetClient(ctx context.Context) (*api.Client, error) { 46 | serverAddress := viper.GetString("serverAddress") 47 | if serverAddress == "" { 48 | return nil, fmt.Errorf("serverAddress is not defined") 49 | } 50 | 51 | userPrivateKey := viper.GetString("userPrivateKey") 52 | if userPrivateKey == "" { 53 | return nil, fmt.Errorf("userPrivateKey is not defined") 54 | } 55 | 56 | userPassword := viper.GetString("userPassword") 57 | if userPassword == "" { 58 | cliPassword, err := ReadPassword("Enter Password:") 59 | if err != nil { 60 | fmt.Println() 61 | return nil, fmt.Errorf("Reading Password: %w", err) 62 | } 63 | 64 | userPassword = cliPassword 65 | fmt.Println() 66 | } 67 | 68 | httpClient, err := GetHttpClient() 69 | if err != nil { 70 | return nil, err 71 | } 72 | client, err := api.NewClient(httpClient, "", serverAddress, userPrivateKey, userPassword) 73 | if err != nil { 74 | return nil, fmt.Errorf("Creating Client: %w", err) 75 | } 76 | 77 | client.Debug = viper.GetBool("debug") 78 | 79 | token := viper.GetString("serverVerifyToken") 80 | encToken := viper.GetString("serverVerifyEncToken") 81 | 82 | if token != "" { 83 | err = client.VerifyServer(ctx, token, encToken) 84 | if err != nil { 85 | return nil, fmt.Errorf("Verifing Server: %w", err) 86 | } 87 | } 88 | 89 | switch viper.GetString("mfaMode") { 90 | case "interactive-totp": 91 | client.MFACallback = func(ctx context.Context, c *api.Client, res *api.APIResponse) (http.Cookie, error) { 92 | challenge := api.MFAChallenge{} 93 | err := json.Unmarshal(res.Body, &challenge) 94 | if err != nil { 95 | return http.Cookie{}, fmt.Errorf("Parsing MFA Challenge") 96 | } 97 | if challenge.Provider.TOTP == "" { 98 | return http.Cookie{}, fmt.Errorf("Server Provided no TOTP Provider") 99 | } 100 | for i := 0; i < 3; i++ { 101 | var code string 102 | code, err := ReadPassword("Enter TOTP:") 103 | if err != nil { 104 | fmt.Printf("\n") 105 | return http.Cookie{}, fmt.Errorf("Reading TOTP: %w", err) 106 | } 107 | fmt.Printf("\n") 108 | req := api.MFAChallengeResponse{ 109 | TOTP: code, 110 | } 111 | var raw *http.Response 112 | raw, _, err = c.DoCustomRequestAndReturnRawResponse(ctx, "POST", "mfa/verify/totp.json", "v2", req, nil) 113 | if err != nil { 114 | if errors.Unwrap(err) != api.ErrAPIResponseErrorStatusCode { 115 | return http.Cookie{}, fmt.Errorf("Doing MFA Challenge Response: %w", err) 116 | } 117 | fmt.Println("TOTP Verification Failed") 118 | } else { 119 | // MFA worked so lets find the cookie and return it 120 | for _, cookie := range raw.Cookies() { 121 | if cookie.Name == "passbolt_mfa" { 122 | return *cookie, nil 123 | } 124 | } 125 | return http.Cookie{}, fmt.Errorf("Unable to find Passbolt MFA Cookie") 126 | } 127 | } 128 | return http.Cookie{}, fmt.Errorf("Failed MFA Challenge 3 times: %w", err) 129 | } 130 | case "noninteractive-totp": 131 | // if new flag is unset, use old flag instead 132 | totpToken := viper.GetString("mfaTotpToken") 133 | if totpToken == "" { 134 | totpToken = viper.GetString("totpToken") 135 | } 136 | 137 | totpOffset := viper.GetDuration("mfaTotpOffset") 138 | if totpOffset == time.Duration(0) { 139 | totpOffset = viper.GetDuration("totpOffset") 140 | } 141 | 142 | helper.AddMFACallbackTOTP(client, viper.GetUint("mfaRetrys"), viper.GetDuration("mfaDelay"), totpOffset, totpToken) 143 | case "none": 144 | default: 145 | } 146 | 147 | err = client.Login(ctx) 148 | if err != nil { 149 | return nil, fmt.Errorf("Logging in: %w", err) 150 | } 151 | return client, nil 152 | } 153 | -------------------------------------------------------------------------------- /resource/list.go: -------------------------------------------------------------------------------- 1 | package resource 2 | 3 | import ( 4 | "context" 5 | "encoding/json" 6 | "fmt" 7 | "strings" 8 | "time" 9 | 10 | "al.essio.dev/pkg/shellescape" 11 | "github.com/passbolt/go-passbolt-cli/util" 12 | "github.com/passbolt/go-passbolt/api" 13 | "github.com/passbolt/go-passbolt/helper" 14 | "github.com/spf13/cobra" 15 | 16 | "github.com/pterm/pterm" 17 | ) 18 | 19 | // ResourceListCmd Lists a Passbolt Resource 20 | var ResourceListCmd = &cobra.Command{ 21 | Use: "resource", 22 | Short: "Lists Passbolt Resources", 23 | Long: `Lists Passbolt Resources`, 24 | Aliases: []string{"resources"}, 25 | RunE: ResourceList, 26 | } 27 | 28 | func init() { 29 | ResourceListCmd.Flags().Bool("favorite", false, "Resources that are marked as favorite") 30 | ResourceListCmd.Flags().Bool("own", false, "Resources that are owned by me") 31 | ResourceListCmd.Flags().StringP("group", "g", "", "Resources that are shared with group") 32 | ResourceListCmd.Flags().StringArrayP("folder", "f", []string{}, "Resources that are in folder") 33 | ResourceListCmd.Flags().StringArrayP("column", "c", []string{"ID", "FolderParentID", "Name", "Username", "URI"}, "Columns to return, possible Columns:\nID, FolderParentID, Name, Username, URI, Password, Description, CreatedTimestamp, ModifiedTimestamp") 34 | } 35 | 36 | func ResourceList(cmd *cobra.Command, args []string) error { 37 | favorite, err := cmd.Flags().GetBool("favorite") 38 | if err != nil { 39 | return err 40 | } 41 | own, err := cmd.Flags().GetBool("own") 42 | if err != nil { 43 | return err 44 | } 45 | group, err := cmd.Flags().GetString("group") 46 | if err != nil { 47 | return err 48 | } 49 | folderParents, err := cmd.Flags().GetStringArray("folder") 50 | if err != nil { 51 | return err 52 | } 53 | columns, err := cmd.Flags().GetStringArray("column") 54 | if err != nil { 55 | return err 56 | } 57 | if len(columns) == 0 { 58 | return fmt.Errorf("You need to specify atleast one column to return") 59 | } 60 | jsonOutput, err := cmd.Flags().GetBool("json") 61 | if err != nil { 62 | return err 63 | } 64 | celFilter, err := cmd.Flags().GetString("filter") 65 | if err != nil { 66 | return err 67 | } 68 | 69 | ctx := util.GetContext() 70 | 71 | client, err := util.GetClient(ctx) 72 | if err != nil { 73 | return err 74 | } 75 | defer client.Logout(context.TODO()) 76 | cmd.SilenceUsage = true 77 | 78 | resources, err := client.GetResources(ctx, &api.GetResourcesOptions{ 79 | FilterIsFavorite: favorite, 80 | FilterIsOwnedByMe: own, 81 | FilterIsSharedWithGroup: group, 82 | FilterHasParent: folderParents, 83 | }) 84 | if err != nil { 85 | return fmt.Errorf("Listing Resource: %w", err) 86 | } 87 | 88 | resources, err = filterResources(&resources, celFilter, ctx, client) 89 | if err != nil { 90 | return err 91 | } 92 | 93 | if jsonOutput { 94 | outputResources := []ResourceJsonOutput{} 95 | for i := range resources { 96 | _, name, username, uri, pass, desc, err := helper.GetResource(ctx, client, resources[i].ID) 97 | if err != nil { 98 | return fmt.Errorf("Get Resource %w", err) 99 | } 100 | outputResources = append(outputResources, ResourceJsonOutput{ 101 | ID: &resources[i].ID, 102 | FolderParentID: &resources[i].FolderParentID, 103 | Name: &name, 104 | Username: &username, 105 | URI: &uri, 106 | Password: &pass, 107 | Description: &desc, 108 | CreatedTimestamp: &resources[i].Created.Time, 109 | ModifiedTimestamp: &resources[i].Modified.Time, 110 | }) 111 | } 112 | jsonResources, err := json.MarshalIndent(outputResources, "", " ") 113 | if err != nil { 114 | return err 115 | } 116 | fmt.Println(string(jsonResources)) 117 | } else { 118 | data := pterm.TableData{columns} 119 | 120 | for _, resource := range resources { 121 | // TODO We should decrypt the secret only when required for performance reasonse 122 | _, name, username, uri, pass, desc, err := helper.GetResource(ctx, client, resource.ID) 123 | if err != nil { 124 | return fmt.Errorf("Get Resource %w", err) 125 | } 126 | 127 | entry := make([]string, len(columns)) 128 | for i := range columns { 129 | switch strings.ToLower(columns[i]) { 130 | case "id": 131 | entry[i] = resource.ID 132 | case "folderparentid": 133 | entry[i] = resource.FolderParentID 134 | case "name": 135 | entry[i] = shellescape.StripUnsafe(name) 136 | case "username": 137 | entry[i] = shellescape.StripUnsafe(username) 138 | case "uri": 139 | entry[i] = shellescape.StripUnsafe(uri) 140 | case "password": 141 | entry[i] = shellescape.StripUnsafe(pass) 142 | case "description": 143 | entry[i] = shellescape.StripUnsafe(desc) 144 | case "createdtimestamp": 145 | entry[i] = resource.Created.Format(time.RFC3339) 146 | case "modifiedtimestamp": 147 | entry[i] = resource.Modified.Format(time.RFC3339) 148 | default: 149 | cmd.SilenceUsage = false 150 | return fmt.Errorf("Unknown Column: %v", columns[i]) 151 | } 152 | } 153 | data = append(data, entry) 154 | } 155 | 156 | pterm.DefaultTable.WithHasHeader().WithData(data).Render() 157 | } 158 | return nil 159 | } 160 | -------------------------------------------------------------------------------- /resource/get.go: -------------------------------------------------------------------------------- 1 | package resource 2 | 3 | import ( 4 | "context" 5 | "encoding/json" 6 | "fmt" 7 | "strconv" 8 | "strings" 9 | "time" 10 | 11 | "al.essio.dev/pkg/shellescape" 12 | "github.com/passbolt/go-passbolt-cli/util" 13 | "github.com/passbolt/go-passbolt/helper" 14 | "github.com/pterm/pterm" 15 | "github.com/spf13/cobra" 16 | ) 17 | 18 | // ResourceGetCmd Gets a Passbolt Resource 19 | var ResourceGetCmd = &cobra.Command{ 20 | Use: "resource", 21 | Short: "Gets a Passbolt Resource", 22 | Long: `Gets a Passbolt Resource`, 23 | RunE: ResourceGet, 24 | } 25 | 26 | // ResourcePermissionCmd Gets Permissions for Passbolt Resource 27 | var ResourcePermissionCmd = &cobra.Command{ 28 | Use: "permission", 29 | Short: "Gets Permissions for a Passbolt Resource", 30 | Long: `Gets Permissions for a Passbolt Resource`, 31 | Aliases: []string{"permissions"}, 32 | RunE: ResourcePermission, 33 | } 34 | 35 | func init() { 36 | ResourceGetCmd.Flags().String("id", "", "id of Resource to Get") 37 | 38 | ResourceGetCmd.MarkFlagRequired("id") 39 | 40 | ResourceGetCmd.AddCommand(ResourcePermissionCmd) 41 | ResourcePermissionCmd.Flags().String("id", "", "id of Resource to Get") 42 | ResourcePermissionCmd.Flags().StringArrayP("column", "c", []string{"ID", "Aco", "AcoForeignKey", "Aro", "AroForeignKey", "Type"}, "Columns to return, possible Columns:\nID, Aco, AcoForeignKey, Aro, AroForeignKey, Type, CreatedTimestamp, ModifiedTimestamp") 43 | 44 | } 45 | 46 | func ResourceGet(cmd *cobra.Command, args []string) error { 47 | id, err := cmd.Flags().GetString("id") 48 | if err != nil { 49 | return err 50 | } 51 | jsonOutput, err := cmd.Flags().GetBool("json") 52 | if err != nil { 53 | return err 54 | } 55 | 56 | ctx := util.GetContext() 57 | 58 | client, err := util.GetClient(ctx) 59 | if err != nil { 60 | return err 61 | } 62 | defer client.Logout(context.TODO()) 63 | cmd.SilenceUsage = true 64 | 65 | folderParentID, name, username, uri, password, description, err := helper.GetResource( 66 | ctx, 67 | client, 68 | id, 69 | ) 70 | if err != nil { 71 | return fmt.Errorf("Getting Resource: %w", err) 72 | } 73 | 74 | if jsonOutput { 75 | jsonResource, err := json.MarshalIndent(ResourceJsonOutput{ 76 | FolderParentID: &folderParentID, 77 | Name: &name, 78 | Username: &username, 79 | URI: &uri, 80 | Password: &password, 81 | Description: &description, 82 | }, "", " ") 83 | if err != nil { 84 | return err 85 | } 86 | fmt.Println(string(jsonResource)) 87 | } else { 88 | fmt.Printf("FolderParentID: %v\n", folderParentID) 89 | fmt.Printf("Name: %v\n", shellescape.StripUnsafe(name)) 90 | fmt.Printf("Username: %v\n", shellescape.StripUnsafe(username)) 91 | fmt.Printf("URI: %v\n", shellescape.StripUnsafe(uri)) 92 | fmt.Printf("Password: %v\n", shellescape.StripUnsafe(password)) 93 | fmt.Printf("Description: %v\n", shellescape.StripUnsafe(description)) 94 | } 95 | return nil 96 | } 97 | 98 | func ResourcePermission(cmd *cobra.Command, args []string) error { 99 | resource, err := cmd.Flags().GetString("id") 100 | if err != nil { 101 | return err 102 | } 103 | columns, err := cmd.Flags().GetStringArray("column") 104 | if err != nil { 105 | return err 106 | } 107 | if len(columns) == 0 { 108 | return fmt.Errorf("You need to specify atleast one column to return") 109 | } 110 | jsonOutput, err := cmd.Flags().GetBool("json") 111 | if err != nil { 112 | return err 113 | } 114 | 115 | ctx := util.GetContext() 116 | 117 | client, err := util.GetClient(ctx) 118 | if err != nil { 119 | return err 120 | } 121 | defer client.Logout(context.TODO()) 122 | cmd.SilenceUsage = true 123 | 124 | permissions, err := client.GetResourcePermissions(ctx, resource) 125 | if err != nil { 126 | return fmt.Errorf("Listing Permission: %w", err) 127 | } 128 | 129 | if jsonOutput { 130 | outputPermissions := []PermissionJsonOutput{} 131 | for i := range permissions { 132 | outputPermissions = append(outputPermissions, PermissionJsonOutput{ 133 | ID: &permissions[i].ID, 134 | Aco: &permissions[i].ACO, 135 | AcoForeignKey: &permissions[i].ACOForeignKey, 136 | Aro: &permissions[i].ARO, 137 | AroForeignKey: &permissions[i].AROForeignKey, 138 | Type: &permissions[i].Type, 139 | CreatedTimestamp: &permissions[i].Created.Time, 140 | ModifiedTimestamp: &permissions[i].Modified.Time, 141 | }) 142 | } 143 | jsonPermissions, err := json.MarshalIndent(outputPermissions, "", " ") 144 | if err != nil { 145 | return err 146 | } 147 | fmt.Println(string(jsonPermissions)) 148 | } else { 149 | data := pterm.TableData{columns} 150 | 151 | for _, permission := range permissions { 152 | entry := make([]string, len(columns)) 153 | for i := range columns { 154 | switch strings.ToLower(columns[i]) { 155 | case "id": 156 | entry[i] = permission.ID 157 | case "aco": 158 | entry[i] = permission.ACO 159 | case "acoforeignkey": 160 | entry[i] = permission.ACOForeignKey 161 | case "aro": 162 | entry[i] = permission.ARO 163 | case "aroforeignkey": 164 | entry[i] = permission.AROForeignKey 165 | case "type": 166 | entry[i] = strconv.Itoa(permission.Type) 167 | case "createdtimestamp": 168 | entry[i] = permission.Created.Format(time.RFC3339) 169 | case "modifiedtimestamp": 170 | entry[i] = permission.Modified.Format(time.RFC3339) 171 | default: 172 | cmd.SilenceUsage = false 173 | return fmt.Errorf("Unknown Column: %v", columns[i]) 174 | } 175 | } 176 | data = append(data, entry) 177 | } 178 | 179 | pterm.DefaultTable.WithHasHeader().WithData(data).Render() 180 | } 181 | 182 | return nil 183 | } 184 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # go-passbolt-cli 2 | 3 | A CLI tool to interact with [Passbolt](https://www.passbolt.com), an open source password manager for teams. 4 | 5 | If you want to do something more complicated: [this Go module](https://github.com/passbolt/go-passbolt) to interact with Passbolt from Go might interest you. 6 | 7 | Disclaimer: This project is community driven and not associated with [Passbolt SA](https://www.passbolt.com/about). 8 | 9 | # Install 10 | 11 | ## Via Repository (Preferred): 12 | [![Packaging status](https://repology.org/badge/vertical-allrepos/passbolt-cli.svg)](https://repology.org/project/passbolt-cli/versions) 13 | 14 | Use the package from your distros official repository. 15 | 16 | ## Via Package: 17 | 18 | Download the deb/rpm package for your distro and architecture from the latest release. 19 | 20 | Install via your distros package manager like `dpkg -i`. 21 | 22 | ## Via Homebrew 23 | 24 | brew install passbolt/tap/go-passbolt-cli 25 | 26 | ## Via Archive: 27 | 28 | Download and extract the archive for your OS and architecture from the latest release. 29 | 30 | Note: Tab completion and manpages will need to be installed manually. 31 | 32 | ## Via Go: 33 | 34 | go install github.com/passbolt/go-passbolt-cli@latest 35 | 36 | Note: This will install the binary as `go-passbolt-cli`. Also, tab completion and manpages will be missing. 37 | 38 | # Getting Started 39 | 40 | First, you need to set up basic information: 41 | 42 | - The server address, 43 | - your private key 44 | - and your password/passphrase. 45 | 46 | You have these options: 47 | 48 | - Save it in the config file using 49 | 50 | ``` 51 | passbolt configure --serverAddress https://passbolt.example.org --userPassword '1234' --userPrivateKeyFile 'keys/privatekey.asc' 52 | ``` 53 | 54 | or 55 | 56 | ``` 57 | passbolt configure --serverAddress https://passbolt.example.org --userPassword '1234' --userPrivateKey '-----BEGIN PGP PRIVATE KEY BLOCK-----' 58 | ``` 59 | 60 | - Set up environment variables 61 | - Provide the flags manually every time 62 | 63 | Notes: 64 | 65 | - You can set the private key using the flags `--userPrivateKey` or `--userPrivateKeyFile` where `--userPrivateKey` takes the actual private key and `--userPrivateKeyFile` loads the content of a file as the private key, `--userPrivateKeyFile` overwrites the value of `--userPrivateKey`. 66 | - You can also just store the `serverAddress` and your private key. If your password is not set it will prompt you for it every time. 67 | - Passwordless private keys are not supported. 68 | - MFA settings can also be saved permanently this way. 69 | 70 | # Usage 71 | 72 | Generally, the structure of commands are like this: 73 | 74 | ```bash 75 | passbolt action entity [arguments] 76 | ``` 77 | 78 | `action` is the action you want to perform like creating, updating or deleting an entity. 79 | `entity` is a resource (e.g. password), folder, user or group that you want to apply an action to. 80 | 81 | In Passbolt a password is usually referred to as a "resource". 82 | 83 | To create a resource you can do the following, which will return the ID of the newly created resource: 84 | 85 | ```bash 86 | passbolt create resource --name "Test Resource" --password "Strong Password" 87 | ``` 88 | 89 | You can then list all users: 90 | 91 | ```bash 92 | passbolt list user 93 | ``` 94 | 95 | Note: You can adjust which columns should be listed using the flag `--column` or its short from `-c`, 96 | if you want multiple column then you need to specify this flag multiple times. 97 | 98 | For sharing, we will need to know how we want to share, for that there are these permission types: 99 | 100 | | Code | Meaning | 101 | |------|----------------------------| 102 | | `1` | Read-only | 103 | | `7` | Can update | 104 | | `15` | Owner | 105 | | `-1` | Delete existing permission | 106 | 107 | Now, that we have a resource ID, know the IDs of other users and know about permission types, we can share the resource with them: 108 | 109 | ```bash 110 | passbolt share resource --id id_of_resource_to_share --type type_of_permission --user id_of_user_to_share_with 111 | ``` 112 | 113 | Note: You can supply the users argument multiple times to share with multiple users. 114 | 115 | For sharing with groups the `--group` argument exists. 116 | 117 | # MFA 118 | 119 | You can set up MFA also using the configuration sub command. Only TOTP is supported. There are multiple modes for MFA: `none`, `interactive-totp` and `noninteractive-totp`. 120 | 121 | | Mode | Description | 122 | |-----------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| 123 | | `none` | just errors if challenged for MFA. | 124 | | `interactive-totp` | prompts for interactive entry of TOTP Codes. | 125 | | `noninteractive-totp` | automatically generates TOTP codes when challenged. It requires the `mfaTotpToken` flag to be set to your TOTP secret. You can configure the behavior using the `mfaDelay`, `mfaRetrys` and `mfaTotpOffset` flags | 126 | 127 | # Server Verification 128 | 129 | To enable server verification, you need to run `passbolt verify` once, after that the server will always be verified if the same config is used. 130 | 131 | # Scripting 132 | 133 | For scripting we have a `-j` or `--json` flag to convert the output for the `create`, `get` and `list` commands to JSON for easier parsing in scripts. 134 | 135 | Note: The JSON output does not cover error messages. You can detect errors by checking if the exit code is not 0. 136 | 137 | # Exposing Secrets to Subprocesses 138 | 139 | The `exec` command allows you to execute another command with environment variables that reference secrets stored in Passbolt. 140 | Any environment variables containing `passbolt://` references are automatically resolved to their corresponding secret values 141 | before the specified command is executed. This ensures that secrets are securely injected into the child process's environment 142 | without exposing them to the parent shell. 143 | 144 | For example: 145 | 146 | ```bash 147 | export GITHUB_TOKEN=passbolt:// 148 | passbolt exec -- gh auth login 149 | ``` 150 | 151 | This would resolve the `passbolt://` reference in `GITHUB_TOKEN` to its actual secret value and pass it to the GitHub process. 152 | 153 | # Documentation 154 | 155 | Usage for all subcommands is [here](https://github.com/passbolt/go-passbolt-cli/wiki/passbolt). 156 | And is also available via `man passbolt` 157 | -------------------------------------------------------------------------------- /cmd/root.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | "path/filepath" 7 | "time" 8 | 9 | "github.com/pterm/pterm" 10 | "github.com/spf13/cobra" 11 | 12 | "github.com/spf13/viper" 13 | ) 14 | 15 | var cfgFile string 16 | 17 | // rootCmd represents the base command when called without any subcommands 18 | var rootCmd = &cobra.Command{ 19 | Use: "passbolt", 20 | Short: "A CLI tool to interact with Passbolt.", 21 | Long: `A CLI tool to interact with Passbolt.`, 22 | SilenceUsage: true, 23 | } 24 | 25 | // Execute adds all child commands to the root command and sets flags appropriately. 26 | // This is called by main.main(). It only needs to happen once to the rootCmd. 27 | func Execute() { 28 | err := rootCmd.Execute() 29 | if err != nil { 30 | os.Exit(1) 31 | } 32 | } 33 | 34 | func init() { 35 | pterm.DisableStyling() 36 | 37 | cobra.OnInitialize(initConfig) 38 | 39 | rootCmd.CompletionOptions.DisableDefaultCmd = true 40 | 41 | rootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "Config File") 42 | 43 | rootCmd.PersistentFlags().Bool("debug", false, "Enable Debug Logging") 44 | rootCmd.PersistentFlags().Duration("timeout", time.Minute, "Timeout for the Context") 45 | rootCmd.PersistentFlags().String("serverAddress", "", "Passbolt Server Address (https://passbolt.example.com)") 46 | rootCmd.PersistentFlags().String("userPrivateKey", "", "Passbolt User Private Key") 47 | rootCmd.PersistentFlags().String("userPrivateKeyFile", "", "Passbolt User Private Key File, if set then the userPrivateKey will be Overwritten with the File Content") 48 | rootCmd.PersistentFlags().String("userPassword", "", "Passbolt User Password") 49 | rootCmd.PersistentFlags().String("mfaMode", "interactive-totp", "How to Handle MFA, the following Modes exist: none, interactive-totp and noninteractive-totp") 50 | 51 | rootCmd.PersistentFlags().String("totpToken", "", "Token to generate TOTP's, only used in nointeractive-totp mode") 52 | rootCmd.PersistentFlags().MarkDeprecated("totpToken", "use --mfaTotpToken instead") 53 | rootCmd.PersistentFlags().String("mfaTotpToken", "", "Token to generate TOTP's, only used in nointeractive-totp mode") 54 | 55 | rootCmd.PersistentFlags().Duration("totpOffset", time.Duration(0), "TOTP Generation offset only used in noninteractive-totp mode") 56 | rootCmd.PersistentFlags().MarkDeprecated("totpOffset", "use --mfaTotpOffset instead") 57 | rootCmd.PersistentFlags().Duration("mfaTotpOffset", time.Duration(0), "TOTP Generation offset only used in noninteractive-totp mode") 58 | 59 | rootCmd.PersistentFlags().Uint("mfaRetrys", 3, "How often to retry TOTP Auth, only used in nointeractive modes") 60 | rootCmd.PersistentFlags().Duration("mfaDelay", time.Second*10, "Delay between MFA Attempts, only used in noninteractive modes") 61 | 62 | rootCmd.PersistentFlags().Bool("tlsSkipVerify", false, "Allow servers with self-signed certificates") 63 | rootCmd.PersistentFlags().String("tlsClientPrivateKeyFile", "", "Client private key path for mtls") 64 | rootCmd.PersistentFlags().String("tlsClientCertFile", "", "Client certificate path for mtls") 65 | rootCmd.PersistentFlags().String("tlsClientPrivateKey", "", "Client private key for mtls") 66 | rootCmd.PersistentFlags().String("tlsClientCert", "", "Client certificate for mtls") 67 | 68 | viper.BindPFlag("debug", rootCmd.PersistentFlags().Lookup("debug")) 69 | viper.BindPFlag("timeout", rootCmd.PersistentFlags().Lookup("timeout")) 70 | viper.BindPFlag("serverAddress", rootCmd.PersistentFlags().Lookup("serverAddress")) 71 | viper.BindPFlag("userPrivateKey", rootCmd.PersistentFlags().Lookup("userPrivateKey")) 72 | viper.BindPFlag("userPassword", rootCmd.PersistentFlags().Lookup("userPassword")) 73 | viper.BindPFlag("mfaMode", rootCmd.PersistentFlags().Lookup("mfaMode")) 74 | viper.BindPFlag("totpToken", rootCmd.PersistentFlags().Lookup("totpToken")) 75 | viper.BindPFlag("mfaTotpToken", rootCmd.PersistentFlags().Lookup("mfaTotpToken")) 76 | viper.BindPFlag("totpOffset", rootCmd.PersistentFlags().Lookup("totpOffset")) 77 | viper.BindPFlag("mfaTotpOffset", rootCmd.PersistentFlags().Lookup("mfaTotpOffset")) 78 | viper.BindPFlag("mfaRetrys", rootCmd.PersistentFlags().Lookup("mfaRetrys")) 79 | viper.BindPFlag("mfaDelay", rootCmd.PersistentFlags().Lookup("mfaDelay")) 80 | 81 | viper.BindPFlag("tlsSkipVerify", rootCmd.PersistentFlags().Lookup("tlsSkipVerify")) 82 | viper.BindPFlag("tlsClientCert", rootCmd.PersistentFlags().Lookup("tlsClientCert")) 83 | viper.BindPFlag("tlsClientPrivateKey", rootCmd.PersistentFlags().Lookup("tlsClientPrivateKey")) 84 | } 85 | 86 | func fileToContent(file, contentFlag string) { 87 | if viper.GetBool("debug") { 88 | fmt.Fprintln(os.Stderr, "Loading file:", file) 89 | } 90 | content, err := os.ReadFile(file) 91 | if err != nil { 92 | fmt.Fprintln(os.Stderr, "Error Loading File: ", err) 93 | os.Exit(1) 94 | } 95 | viper.Set(contentFlag, string(content)) 96 | } 97 | 98 | // initConfig reads in config file and ENV variables if set. 99 | func initConfig() { 100 | if cfgFile != "" { 101 | // Use config file from the flag. 102 | viper.SetConfigFile(cfgFile) 103 | } else { 104 | // Find config directory. 105 | confDir, err := os.UserConfigDir() 106 | cobra.CheckErr(err) 107 | 108 | confDir = filepath.Join(confDir, "go-passbolt-cli") 109 | _ = os.MkdirAll(confDir, 0700) 110 | 111 | viper.SetConfigPermissions(os.FileMode(0600)) 112 | viper.AddConfigPath(confDir) 113 | viper.SetConfigType("toml") 114 | viper.SetConfigName("go-passbolt-cli") 115 | } 116 | 117 | viper.AutomaticEnv() // read in environment variables that match 118 | 119 | // If a config file is found, read it in. 120 | if err := viper.ReadInConfig(); err == nil { 121 | if viper.GetBool("debug") { 122 | fmt.Fprintln(os.Stderr, "Using config file:", viper.ConfigFileUsed()) 123 | } 124 | // update Config file Permissions 125 | os.Chmod(viper.ConfigFileUsed(), 0600) 126 | } 127 | 128 | // Read in Private Key from File if userprivatekeyfile is set 129 | userprivatekeyfile, err := rootCmd.PersistentFlags().GetString("userPrivateKeyFile") 130 | if err == nil && userprivatekeyfile != "" { 131 | fileToContent(userprivatekeyfile, "userPrivateKey") 132 | } else if err != nil && viper.GetBool("debug") { 133 | fmt.Fprintln(os.Stderr, "Getting Private Key File Flag:", err) 134 | } 135 | 136 | // Read in Client Certificate Private Key from File if tlsClientPrivateKeyFile is set 137 | tlsclientprivatekeyfile, err := rootCmd.PersistentFlags().GetString("tlsClientPrivateKeyFile") 138 | if err == nil && tlsclientprivatekeyfile != "" { 139 | fileToContent(tlsclientprivatekeyfile, "tlsClientPrivateKey") 140 | } else if err != nil && viper.GetBool("debug") { 141 | fmt.Fprintln(os.Stderr, "Getting Client Certificate Private key File Flag:", err) 142 | } 143 | 144 | // Read in Client Certificate from File if tlsClientCertFile is set 145 | tlsclientcertfile, err := rootCmd.PersistentFlags().GetString("tlsClientCertFile") 146 | if err == nil && tlsclientcertfile != "" { 147 | fileToContent(tlsclientcertfile, "tlsClientCert") 148 | } else if err != nil && viper.GetBool("debug") { 149 | fmt.Fprintln(os.Stderr, "Getting Client Certificate File Flag:", err) 150 | } 151 | } 152 | 153 | func SetVersionInfo(version, commit, date string, dirty bool) { 154 | v := fmt.Sprintf("%s (Built on %s from Git SHA %s)", version, date, commit) 155 | if dirty { 156 | v = v + " dirty" 157 | } 158 | rootCmd.Version = v 159 | } 160 | -------------------------------------------------------------------------------- /keepass/export.go: -------------------------------------------------------------------------------- 1 | package keepass 2 | 3 | import ( 4 | "context" 5 | "encoding/json" 6 | "fmt" 7 | "net/url" 8 | "os" 9 | "sort" 10 | "strconv" 11 | "strings" 12 | 13 | "github.com/passbolt/go-passbolt-cli/util" 14 | "github.com/passbolt/go-passbolt/api" 15 | "github.com/passbolt/go-passbolt/helper" 16 | "github.com/pterm/pterm" 17 | "github.com/spf13/cobra" 18 | "github.com/tobischo/gokeepasslib/v3" 19 | w "github.com/tobischo/gokeepasslib/v3/wrappers" 20 | ) 21 | 22 | // KeepassExportCmd Exports a Passbolt KeePass 23 | var KeepassExportCmd = &cobra.Command{ 24 | Use: "keepass", 25 | Short: "Exports Passbolt to a KeePass File", 26 | Long: `Exports Passbolt to a KeePass File`, 27 | Aliases: []string{}, 28 | RunE: KeepassExport, 29 | } 30 | 31 | func init() { 32 | KeepassExportCmd.Flags().StringP("file", "f", "passbolt-export.kdbx", "File name of the KeePass File") 33 | KeepassExportCmd.Flags().StringP("password", "p", "", "Password for the KeePass File, if empty prompts interactively") 34 | } 35 | 36 | func KeepassExport(cmd *cobra.Command, args []string) error { 37 | filename, err := cmd.Flags().GetString("file") 38 | if err != nil { 39 | return err 40 | } 41 | 42 | if filename == "" { 43 | return fmt.Errorf("the Filename cannot be empty") 44 | } 45 | 46 | keepassPassword, err := cmd.Flags().GetString("password") 47 | if err != nil { 48 | return err 49 | } 50 | 51 | ctx := util.GetContext() 52 | 53 | client, err := util.GetClient(ctx) 54 | if err != nil { 55 | return err 56 | } 57 | defer client.Logout(context.TODO()) 58 | cmd.SilenceUsage = true 59 | 60 | if keepassPassword == "" { 61 | pw, err := util.ReadPassword("Enter KeePass Password:") 62 | if err != nil { 63 | fmt.Println() 64 | return fmt.Errorf("Reading KeePass Password: %w", err) 65 | } 66 | keepassPassword = pw 67 | fmt.Println() 68 | } 69 | 70 | fmt.Println("Getting Resources...") 71 | resources, err := client.GetResources(ctx, &api.GetResourcesOptions{ 72 | ContainSecret: true, 73 | ContainResourceType: true, 74 | ContainTags: true, 75 | }) 76 | if err != nil { 77 | return fmt.Errorf("Getting Resources: %w", err) 78 | } 79 | 80 | file, err := os.Create(filename) 81 | if err != nil { 82 | return fmt.Errorf("Creating File: %w", err) 83 | } 84 | defer file.Close() 85 | 86 | rootGroup := gokeepasslib.NewGroup() 87 | rootGroup.Name = "root" 88 | 89 | pterm.EnableStyling() 90 | pterm.DisableColor() 91 | progressbar, err := pterm.DefaultProgressbar.WithTitle("Decryping Resources").WithTotal(len(resources)).Start() 92 | if err != nil { 93 | return fmt.Errorf("Progress: %w", err) 94 | } 95 | 96 | for _, resource := range resources { 97 | entry, err := getKeepassEntry(client, resource, resource.Secrets[0], resource.ResourceType) 98 | if err != nil { 99 | fmt.Printf("\nSkipping Export of Resource %v %v Because of: %v\n", resource.ID, resource.Name, err) 100 | progressbar.Increment() 101 | continue 102 | } 103 | 104 | rootGroup.Entries = append(rootGroup.Entries, *entry) 105 | progressbar.Increment() 106 | } 107 | 108 | db := gokeepasslib.NewDatabase( 109 | gokeepasslib.WithDatabaseKDBXVersion4(), 110 | ) 111 | db.Content.Meta.DatabaseName = "Passbolt Export" 112 | 113 | if keepassPassword != "" { 114 | db.Credentials = gokeepasslib.NewPasswordCredentials(keepassPassword) 115 | } 116 | 117 | db.Content.Root = &gokeepasslib.RootData{ 118 | Groups: []gokeepasslib.Group{rootGroup}, 119 | } 120 | 121 | db.LockProtectedEntries() 122 | 123 | keepassEncoder := gokeepasslib.NewEncoder(file) 124 | if err := keepassEncoder.Encode(db); err != nil { 125 | return fmt.Errorf("Encodeing kdbx: %w", err) 126 | } 127 | fmt.Println("Done") 128 | 129 | return nil 130 | } 131 | 132 | func getKeepassEntry(client *api.Client, resource api.Resource, secret api.Secret, rType api.ResourceType) (*gokeepasslib.Entry, error) { 133 | _, name, username, uri, pass, desc, err := helper.GetResourceFromData(client, resource, resource.Secrets[0], resource.ResourceType) 134 | if err != nil { 135 | return nil, fmt.Errorf("Get Resource %v: %w", resource.ID, err) 136 | } 137 | 138 | entry := gokeepasslib.NewEntry() 139 | entry.Values = append( 140 | entry.Values, 141 | gokeepasslib.ValueData{Key: "Title", Value: gokeepasslib.V{Content: name}}, 142 | gokeepasslib.ValueData{Key: "UserName", Value: gokeepasslib.V{Content: username}}, 143 | gokeepasslib.ValueData{Key: "URL", Value: gokeepasslib.V{Content: uri}}, 144 | gokeepasslib.ValueData{Key: "Password", Value: gokeepasslib.V{Content: pass, Protected: w.NewBoolWrapper(true)}}, 145 | gokeepasslib.ValueData{Key: "Notes", Value: gokeepasslib.V{Content: desc}}, 146 | ) 147 | 148 | if resource.ResourceType.Slug == "password-description-totp" || resource.ResourceType.Slug == "totp" || resource.ResourceType.Slug == "v5-default-with-totp" || resource.ResourceType.Slug == "v5-totp-standalone" { 149 | var totpData api.SecretDataTOTP 150 | 151 | rawSecretData, err := client.DecryptMessage(resource.Secrets[0].Data) 152 | if err != nil { 153 | return nil, fmt.Errorf("Decrypting Secret Data: %w", err) 154 | } 155 | 156 | switch resource.ResourceType.Slug { 157 | case "password-description-totp": 158 | var secretData api.SecretDataTypePasswordDescriptionTOTP 159 | err = json.Unmarshal([]byte(rawSecretData), &secretData) 160 | if err != nil { 161 | return nil, fmt.Errorf("Parsing Decrypted Secret Data: %w", err) 162 | } 163 | totpData = secretData.TOTP 164 | break 165 | case "totp": 166 | var secretData api.SecretDataTypeTOTP 167 | err = json.Unmarshal([]byte(rawSecretData), &secretData) 168 | if err != nil { 169 | return nil, fmt.Errorf("Parsing Decrypted Secret Data: %w", err) 170 | } 171 | totpData = secretData.TOTP 172 | break 173 | case "v5-default-with-totp": 174 | var secretData api.SecretDataTypeV5DefaultWithTOTP 175 | err = json.Unmarshal([]byte(rawSecretData), &secretData) 176 | if err != nil { 177 | return nil, fmt.Errorf("Parsing Decrypted Secret Data: %w", err) 178 | } 179 | totpData = secretData.TOTP 180 | break 181 | case "v5-totp-standalone": 182 | var secretData api.SecretDataTypeV5TOTPStandalone 183 | err = json.Unmarshal([]byte(rawSecretData), &secretData) 184 | if err != nil { 185 | return nil, fmt.Errorf("Parsing Decrypted Secret Data: %w", err) 186 | } 187 | totpData = secretData.TOTP 188 | break 189 | } 190 | 191 | v := url.Values{} 192 | v.Set("secret", totpData.SecretKey) 193 | v.Set("period", strconv.FormatUint(uint64(totpData.Period), 10)) 194 | v.Set("algorithm", totpData.Algorithm) 195 | v.Set("digits", fmt.Sprint(totpData.Digits)) 196 | 197 | issuer := uri 198 | if uri == "" { 199 | issuer = name 200 | 201 | } 202 | v.Set("issuer", issuer) 203 | 204 | accountName := username 205 | if username == "" { 206 | accountName = name 207 | } 208 | 209 | u := url.URL{ 210 | Scheme: "otpauth", 211 | Host: "totp", 212 | Path: "/" + issuer + ":" + accountName, 213 | RawQuery: encodeQuery(v), 214 | } 215 | 216 | entry.Values = append(entry.Values, gokeepasslib.ValueData{Key: "otp", Value: gokeepasslib.V{Content: u.String(), Protected: w.NewBoolWrapper(true)}}) 217 | } 218 | 219 | return &entry, nil 220 | } 221 | 222 | // EncodeQuery is a copy-paste of url.Values.Encode, except it uses %20 instead 223 | // of + to encode spaces. This is necessary to correctly render spaces in some 224 | // authenticator apps, like Google Authenticator. 225 | func encodeQuery(v url.Values) string { 226 | if v == nil { 227 | return "" 228 | } 229 | var buf strings.Builder 230 | keys := make([]string, 0, len(v)) 231 | for k := range v { 232 | keys = append(keys, k) 233 | } 234 | sort.Strings(keys) 235 | for _, k := range keys { 236 | vs := v[k] 237 | keyEscaped := url.PathEscape(k) // changed from url.QueryEscape 238 | for _, v := range vs { 239 | if buf.Len() > 0 { 240 | buf.WriteByte('&') 241 | } 242 | buf.WriteString(keyEscaped) 243 | buf.WriteByte('=') 244 | buf.WriteString(url.PathEscape(v)) // changed from url.QueryEscape 245 | } 246 | } 247 | return buf.String() 248 | } 249 | -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- 1 | al.essio.dev/pkg/shellescape v1.6.0 h1:NxFcEqzFSEVCGN2yq7Huv/9hyCEGVa/TncnOOBBeXHA= 2 | al.essio.dev/pkg/shellescape v1.6.0/go.mod h1:6sIqp7X2P6mThCQ7twERpZTuigpr6KbZWtls1U8I890= 3 | atomicgo.dev/assert v0.0.2 h1:FiKeMiZSgRrZsPo9qn/7vmr7mCsh5SZyXY4YGYiYwrg= 4 | atomicgo.dev/assert v0.0.2/go.mod h1:ut4NcI3QDdJtlmAxQULOmA13Gz6e2DWbSAS8RUOmNYQ= 5 | atomicgo.dev/cursor v0.2.0 h1:H6XN5alUJ52FZZUkI7AlJbUc1aW38GWZalpYRPpoPOw= 6 | atomicgo.dev/cursor v0.2.0/go.mod h1:Lr4ZJB3U7DfPPOkbH7/6TOtJ4vFGHlgj1nc+n900IpU= 7 | atomicgo.dev/keyboard v0.2.9 h1:tOsIid3nlPLZ3lwgG8KZMp/SFmr7P0ssEN5JUsm78K8= 8 | atomicgo.dev/keyboard v0.2.9/go.mod h1:BC4w9g00XkxH/f1HXhW2sXmJFOCWbKn9xrOunSFtExQ= 9 | atomicgo.dev/schedule v0.1.0 h1:nTthAbhZS5YZmgYbb2+DH8uQIZcTlIrd4eYr3UQxEjs= 10 | atomicgo.dev/schedule v0.1.0/go.mod h1:xeUa3oAkiuHYh8bKiQBRojqAMq3PXXbJujjb0hw8pEU= 11 | cel.dev/expr v0.24.0 h1:56OvJKSH3hDGL0ml5uSxZmz3/3Pq4tJ+fb1unVLAFcY= 12 | cel.dev/expr v0.24.0/go.mod h1:hLPLo1W4QUmuYdA72RBX06QTs6MXw941piREPl3Yfiw= 13 | github.com/MarvinJWendt/testza v0.1.0/go.mod h1:7AxNvlfeHP7Z/hDQ5JtE3OKYT3XFUeLCDE2DQninSqs= 14 | github.com/MarvinJWendt/testza v0.2.1/go.mod h1:God7bhG8n6uQxwdScay+gjm9/LnO4D3kkcZX4hv9Rp8= 15 | github.com/MarvinJWendt/testza v0.2.8/go.mod h1:nwIcjmr0Zz+Rcwfh3/4UhBp7ePKVhuBExvZqnKYWlII= 16 | github.com/MarvinJWendt/testza v0.2.10/go.mod h1:pd+VWsoGUiFtq+hRKSU1Bktnn+DMCSrDrXDpX2bG66k= 17 | github.com/MarvinJWendt/testza v0.2.12/go.mod h1:JOIegYyV7rX+7VZ9r77L/eH6CfJHHzXjB69adAhzZkI= 18 | github.com/MarvinJWendt/testza v0.3.0/go.mod h1:eFcL4I0idjtIx8P9C6KkAuLgATNKpX4/2oUqKc6bF2c= 19 | github.com/MarvinJWendt/testza v0.4.2/go.mod h1:mSdhXiKH8sg/gQehJ63bINcCKp7RtYewEjXsvsVUPbE= 20 | github.com/MarvinJWendt/testza v0.5.2 h1:53KDo64C1z/h/d/stCYCPY69bt/OSwjq5KpFNwi+zB4= 21 | github.com/MarvinJWendt/testza v0.5.2/go.mod h1:xu53QFE5sCdjtMCKk8YMQ2MnymimEctc4n3EjyIYvEY= 22 | github.com/ProtonMail/go-crypto v1.3.0 h1:ILq8+Sf5If5DCpHQp4PbZdS1J7HDFRXz/+xKBiRGFrw= 23 | github.com/ProtonMail/go-crypto v1.3.0/go.mod h1:9whxjD8Rbs29b4XWbB8irEcE8KHMqaR2e7GWU1R+/PE= 24 | github.com/ProtonMail/gopenpgp/v3 v3.3.0 h1:N6rHCH5PWwB6zSRMgRj1EbAMQHUAAHxH3Oo4KibsPwY= 25 | github.com/ProtonMail/gopenpgp/v3 v3.3.0/go.mod h1:J+iNPt0/5EO9wRt7Eit9dRUlzyu3hiGX3zId6iuaKOk= 26 | github.com/antlr4-go/antlr/v4 v4.13.1 h1:SqQKkuVZ+zWkMMNkjy5FZe5mr5WURWnlpmOuzYWrPrQ= 27 | github.com/antlr4-go/antlr/v4 v4.13.1/go.mod h1:GKmUxMtwp6ZgGwZSva4eWPC5mS6vUAmOABFgjdkM7Nw= 28 | github.com/atomicgo/cursor v0.0.1/go.mod h1:cBON2QmmrysudxNBFthvMtN32r3jxVRIvzkUiF/RuIk= 29 | github.com/clipperhouse/stringish v0.1.1 h1:+NSqMOr3GR6k1FdRhhnXrLfztGzuG+VuFDfatpWHKCs= 30 | github.com/clipperhouse/stringish v0.1.1/go.mod h1:v/WhFtE1q0ovMta2+m+UbpZ+2/HEXNWYXQgCt4hdOzA= 31 | github.com/clipperhouse/uax29/v2 v2.3.0 h1:SNdx9DVUqMoBuBoW3iLOj4FQv3dN5mDtuqwuhIGpJy4= 32 | github.com/clipperhouse/uax29/v2 v2.3.0/go.mod h1:Wn1g7MK6OoeDT0vL+Q0SQLDz/KpfsVRgg6W7ihQeh4g= 33 | github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ0= 34 | github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs= 35 | github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= 36 | github.com/containerd/console v1.0.5 h1:R0ymNeydRqH2DmakFNdmjR2k0t7UPuiOV/N/27/qqsc= 37 | github.com/containerd/console v1.0.5/go.mod h1:YynlIjWYF8myEu6sdkwKIvGQq+cOckRm6So2avqoYAk= 38 | github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= 39 | github.com/cpuguy83/go-md2man/v2 v2.0.7 h1:zbFlGlXEAKlwXpmvle3d8Oe3YnkKIK4xSRTd3sHPnBo= 40 | github.com/cpuguy83/go-md2man/v2 v2.0.7/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= 41 | github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 42 | github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= 43 | github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 44 | github.com/dlclark/regexp2 v1.11.0 h1:G/nrcoOa7ZXlpoa/91N3X7mM3r8eIlMBBJZvsz/mxKI= 45 | github.com/dlclark/regexp2 v1.11.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8= 46 | github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= 47 | github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= 48 | github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k= 49 | github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0= 50 | github.com/go-viper/mapstructure/v2 v2.4.0 h1:EBsztssimR/CONLSZZ04E8qAkxNYq4Qp9LvH92wZUgs= 51 | github.com/go-viper/mapstructure/v2 v2.4.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM= 52 | github.com/google/cel-go v0.26.1 h1:iPbVVEdkhTX++hpe3lzSk7D3G3QSYqLGoHOcEio+UXQ= 53 | github.com/google/cel-go v0.26.1/go.mod h1:A9O8OU9rdvrK5MQyrqfIxo1a0u4g3sF8KB6PUIaryMM= 54 | github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= 55 | github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= 56 | github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= 57 | github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= 58 | github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= 59 | github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= 60 | github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= 61 | github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= 62 | github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= 63 | github.com/gookit/assert v0.1.1 h1:lh3GcawXe/p+cU7ESTZ5Ui3Sm/x8JWpIis4/1aF0mY0= 64 | github.com/gookit/assert v0.1.1/go.mod h1:jS5bmIVQZTIwk42uXl4lyj4iaaxx32tqH16CFj0VX2E= 65 | github.com/gookit/color v1.4.2/go.mod h1:fqRyamkC1W8uxl+lxCQxOT09l/vYfZ+QeiX3rKQHCoQ= 66 | github.com/gookit/color v1.5.0/go.mod h1:43aQb+Zerm/BWh2GnrgOQm7ffz7tvQXEKV6BFMl7wAo= 67 | github.com/gookit/color v1.6.0 h1:JjJXBTk1ETNyqyilJhkTXJYYigHG24TM9Xa2M1xAhRA= 68 | github.com/gookit/color v1.6.0/go.mod h1:9ACFc7/1IpHGBW8RwuDm/0YEnhg3dwwXpoMsmtyHfjs= 69 | github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= 70 | github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= 71 | github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= 72 | github.com/klauspost/cpuid/v2 v2.0.10/go.mod h1:g2LTdtYhdyuGPqyWyv7qRAmj1WBqxuObKfj5c0PQa7c= 73 | github.com/klauspost/cpuid/v2 v2.0.12/go.mod h1:g2LTdtYhdyuGPqyWyv7qRAmj1WBqxuObKfj5c0PQa7c= 74 | github.com/klauspost/cpuid/v2 v2.2.3 h1:sxCkb+qR91z4vsqw4vGGZlDgPz3G7gjaLyK3V8y70BU= 75 | github.com/klauspost/cpuid/v2 v2.2.3/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= 76 | github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= 77 | github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= 78 | github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= 79 | github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= 80 | github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= 81 | github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= 82 | github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= 83 | github.com/lithammer/fuzzysearch v1.1.8 h1:/HIuJnjHuXS8bKaiTMeeDlW2/AyIWk2brx1V8LFgLN4= 84 | github.com/lithammer/fuzzysearch v1.1.8/go.mod h1:IdqeyBClc3FFqSzYq/MXESsS4S0FsZ5ajtkr5xPLts4= 85 | github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= 86 | github.com/mattn/go-runewidth v0.0.19 h1:v++JhqYnZuu5jSKrk9RbgF5v4CGUjqRfBm05byFGLdw= 87 | github.com/mattn/go-runewidth v0.0.19/go.mod h1:XBkDxAl56ILZc9knddidhrOlY5R/pDhgLpndooCuJAs= 88 | github.com/passbolt/go-passbolt v0.7.3-0.20251031091721-286d90c417f1 h1:GGtUfSQhwUnTiVZEqrxG6qC98CIu57p70/nHkg42zGA= 89 | github.com/passbolt/go-passbolt v0.7.3-0.20251031091721-286d90c417f1/go.mod h1:YU35wLUTbqylBQGyEhyI8HjyceLChXDxajTIyyQlVU4= 90 | github.com/passbolt/go-passbolt v0.7.3-0.20251103091542-cb52308eb1b6 h1:qrV98eGK+9bpcAbcCrjhzO8uXqX40wBL71BE1FWtb3M= 91 | github.com/passbolt/go-passbolt v0.7.3-0.20251103091542-cb52308eb1b6/go.mod h1:YU35wLUTbqylBQGyEhyI8HjyceLChXDxajTIyyQlVU4= 92 | github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4= 93 | github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY= 94 | github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= 95 | github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= 96 | github.com/pterm/pterm v0.12.27/go.mod h1:PhQ89w4i95rhgE+xedAoqous6K9X+r6aSOI2eFF7DZI= 97 | github.com/pterm/pterm v0.12.29/go.mod h1:WI3qxgvoQFFGKGjGnJR849gU0TsEOvKn5Q8LlY1U7lg= 98 | github.com/pterm/pterm v0.12.30/go.mod h1:MOqLIyMOgmTDz9yorcYbcw+HsgoZo3BQfg2wtl3HEFE= 99 | github.com/pterm/pterm v0.12.31/go.mod h1:32ZAWZVXD7ZfG0s8qqHXePte42kdz8ECtRyEejaWgXU= 100 | github.com/pterm/pterm v0.12.33/go.mod h1:x+h2uL+n7CP/rel9+bImHD5lF3nM9vJj80k9ybiiTTE= 101 | github.com/pterm/pterm v0.12.36/go.mod h1:NjiL09hFhT/vWjQHSj1athJpx6H8cjpHXNAK5bUw8T8= 102 | github.com/pterm/pterm v0.12.40/go.mod h1:ffwPLwlbXxP+rxT0GsgDTzS3y3rmpAO1NMjUkGTYf8s= 103 | github.com/pterm/pterm v0.12.82 h1:+D9wYhCaeaK0FIQoZtqbNQuNpe2lB2tajKKsTd5paVQ= 104 | github.com/pterm/pterm v0.12.82/go.mod h1:TyuyrPjnxfwP+ccJdBTeWHtd/e0ybQHkOS/TakajZCw= 105 | github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= 106 | github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= 107 | github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= 108 | github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= 109 | github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= 110 | github.com/sagikazarmark/locafero v0.12.0 h1:/NQhBAkUb4+fH1jivKHWusDYFjMOOKU88eegjfxfHb4= 111 | github.com/sagikazarmark/locafero v0.12.0/go.mod h1:sZh36u/YSZ918v0Io+U9ogLYQJ9tLLBmM4eneO6WwsI= 112 | github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 h1:KRzFb2m7YtdldCEkzs6KqmJw4nqEVZGK7IN2kJkjTuQ= 113 | github.com/santhosh-tekuri/jsonschema/v6 v6.0.2/go.mod h1:JXeL+ps8p7/KNMjDQk3TCwPpBy0wYklyWTfbkIzdIFU= 114 | github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= 115 | github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= 116 | github.com/spf13/afero v1.15.0 h1:b/YBCLWAJdFWJTN9cLhiXXcD7mzKn9Dm86dNnfyQw1I= 117 | github.com/spf13/afero v1.15.0/go.mod h1:NC2ByUVxtQs4b3sIUphxK0NioZnmxgyCrfzeuq8lxMg= 118 | github.com/spf13/cast v1.10.0 h1:h2x0u2shc1QuLHfxi+cTJvs30+ZAHOGRic8uyGTDWxY= 119 | github.com/spf13/cast v1.10.0/go.mod h1:jNfB8QC9IA6ZuY2ZjDp0KtFO2LZZlg4S/7bzP6qqeHo= 120 | github.com/spf13/cobra v1.10.1 h1:lJeBwCfmrnXthfAupyUTzJ/J4Nc1RsHC/mSRU2dll/s= 121 | github.com/spf13/cobra v1.10.1/go.mod h1:7SmJGaTHFVBY0jW4NXGluQoLvhqFQM+6XSKD+P4XaB0= 122 | github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= 123 | github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk= 124 | github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= 125 | github.com/spf13/viper v1.21.0 h1:x5S+0EU27Lbphp4UKm1C+1oQO+rKx36vfCoaVebLFSU= 126 | github.com/spf13/viper v1.21.0/go.mod h1:P0lhsswPGWD/1lZJ9ny3fYnVqxiegrlNrEmgLjbTCAY= 127 | github.com/stoewer/go-strcase v1.3.1 h1:iS0MdW+kVTxgMoE1LAZyMiYJFKlOzLooE4MxjirtkAs= 128 | github.com/stoewer/go-strcase v1.3.1/go.mod h1:fAH5hQ5pehh+j3nZfvwdk2RgEgQjAoM8wodgtPmh1xo= 129 | github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= 130 | github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= 131 | github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= 132 | github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= 133 | github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= 134 | github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= 135 | github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= 136 | github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= 137 | github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= 138 | github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= 139 | github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= 140 | github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8= 141 | github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU= 142 | github.com/tobischo/argon2 v0.1.0 h1:mwAx/9DK/4rP0xzNifb/XMAf43dU3eG1B3aeF88qu4Y= 143 | github.com/tobischo/argon2 v0.1.0/go.mod h1:4NLmLFwhWPbT66nRZNgcktV/mibJ6fESoeEp43h9GRw= 144 | github.com/tobischo/gokeepasslib/v3 v3.6.1 h1:AShQlTypdM19glj0UUePQcUi56qQyeFI5NcrWnVFudA= 145 | github.com/tobischo/gokeepasslib/v3 v3.6.1/go.mod h1:B31dx/dj0egameQrNtuoOx9RnwxnYaZR4kXaahRuZN8= 146 | github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778/go.mod h1:2MuV+tbUrU1zIOPMxZ5EncGwgmMJsa+9ucAQZXxsObs= 147 | github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no= 148 | github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM= 149 | github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= 150 | go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= 151 | go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= 152 | golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= 153 | golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= 154 | golang.org/x/crypto v0.43.0 h1:dduJYIi3A3KOfdGOHX8AVZ/jGiyPa3IbBozJ5kNuE04= 155 | golang.org/x/crypto v0.43.0/go.mod h1:BFbav4mRNlXJL4wNeejLpWxB7wMbc79PdRGhWKncxR0= 156 | golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546 h1:mgKeJMpvi0yx/sU5GsxQ7p6s2wtOnGAHZWCHUM4KGzY= 157 | golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546/go.mod h1:j/pmGrbnkbPtQfxEe5D0VQhZC6qKbfKifgD0oM7sR70= 158 | golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= 159 | golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= 160 | golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 161 | golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= 162 | golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= 163 | golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= 164 | golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 165 | golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 166 | golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 167 | golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 168 | golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 169 | golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 170 | golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 171 | golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 172 | golang.org/x/sys v0.0.0-20211013075003-97ac67df715c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 173 | golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 174 | golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 175 | golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 176 | golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 177 | golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 178 | golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ= 179 | golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= 180 | golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= 181 | golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= 182 | golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= 183 | golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= 184 | golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= 185 | golang.org/x/term v0.36.0 h1:zMPR+aF8gfksFprF/Nc/rd1wRS1EI6nDBGyWAvDzx2Q= 186 | golang.org/x/term v0.36.0/go.mod h1:Qu394IJq6V6dCBRgwqshf3mPF85AqzYEzofzRdZkWss= 187 | golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= 188 | golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= 189 | golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= 190 | golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= 191 | golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= 192 | golang.org/x/text v0.30.0 h1:yznKA/E9zq54KzlzBEAWn1NXSQ8DIp/NYMy88xJjl4k= 193 | golang.org/x/text v0.30.0/go.mod h1:yDdHFIX9t+tORqspjENWgzaCVXgk0yYnYuSZ8UzzBVM= 194 | golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= 195 | golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 196 | golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= 197 | golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= 198 | golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 199 | golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 200 | google.golang.org/genproto/googleapis/api v0.0.0-20251029180050-ab9386a59fda h1:+2XxjfsAu6vqFxwGBRcHiMaDCuZiqXGDUDVWVtrFAnE= 201 | google.golang.org/genproto/googleapis/api v0.0.0-20251029180050-ab9386a59fda/go.mod h1:fDMmzKV90WSg1NbozdqrE64fkuTv6mlq2zxo9ad+3yo= 202 | google.golang.org/genproto/googleapis/rpc v0.0.0-20251029180050-ab9386a59fda h1:i/Q+bfisr7gq6feoJnS/DlpdwEL4ihp41fvRiM3Ork0= 203 | google.golang.org/genproto/googleapis/rpc v0.0.0-20251029180050-ab9386a59fda/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk= 204 | google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= 205 | google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= 206 | gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= 207 | gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= 208 | gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= 209 | gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= 210 | gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= 211 | gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= 212 | gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= 213 | gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= 214 | gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= 215 | --------------------------------------------------------------------------------