hi,
to export and later on import my Foreman configuration, i would like to access the passwords of the Foreman user accounts. It is possible to set the passwords with the API as plain-text [1] but i also need to retrieve them and set them directly in their encrypted form. Is this somehow possible? Is there a feature planned for this?
thx,
Peter
This is not possible, passwords are not stored in decryptable form, they are hashed. I think we don’t plan to change this as it would be a security problem when someone steals the production database.
Sorry for the unprecise question. I would like to export and import the
encrypted passwords, there is no need to have them in plain-text.
thx for answering,
Peter
Oh, sorry for misunderstanding. Now I see what you’re looking for. I think a new API attribute, let’s say hashed_password, that would be stored without new hashing. I’m not sure whether API should be able to reveal hashed passwords though. Perhaps if you specify extra parameter and only enabled for super admin users. Anyway I’m not aware of anyone working on that, but I think it shouldn’t be too complicated to add it
Would you mind opening RFE in our redmine or even write the patch yourself? Please see our developer handbook if you’re interested in this path.
thx, i created Feature #23519: Import/Export of encrypted user passwords with APIv2 - Foreman, hope to find some time to provide a patch.