The plugin currently adds a a Passwordstate Server object that controls the links to passwordstate itself. Those objects do all the authentication and orchestration work - still lacking proper taxonomy support on them though as that part was a bit broken on our then 1.16 install, and I haven’t had time to redo those parts yet after our major upgrade.
The server object currently doesn’t support filtering out password lists either, so if you’re using the winapi to access it then I definitely recommend using a service-specific user that can only access the password lists you want Foreman to manage.
It’s probably also best to only let Foreman manage passwords in there, as I’m using a suffixed string to denote which passwords are part of which host, to let me search them out without requiring dedicating specific custom values for Foreman - nor requiring the use of the hosts module.
The only other thing the plugin adds apart from passwordstate servers is a field on hosts where you can select a passwordstate server for the host, and if one is chosen then the root password field is replaced with a password list selection. That’s all the configuration it has.
It also includes a new tab on all hosts that shows a list of passwords managed for said host, as well as ENC data that indicates that the host is managed by passwordstate - which we’re using to automatically apply root password changes.
Feel free to throw me a message on IRC (I’m in the foreman rooms as ananace), an issue on GitHub, or an email if you want help to test it out.