Skip to content

filipeneves/passbolt-audit

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Passbolt Audit Tool

A CLI tool that audits Passbolt password resources for age and breach status (via Have I Been Pwned).

Installation

Download the latest binary for your OS from the Releases page.

Linux (amd64)

curl -Lo passbolt-audit https://github.com/<owner>/passbolt-audit/releases/latest/download/passbolt-audit-linux-amd64
chmod +x passbolt-audit
sudo mv passbolt-audit /usr/local/bin/

Linux (arm64)

curl -Lo passbolt-audit https://github.com/<owner>/passbolt-audit/releases/latest/download/passbolt-audit-linux-arm64
chmod +x passbolt-audit
sudo mv passbolt-audit /usr/local/bin/

macOS (Apple Silicon)

curl -Lo passbolt-audit https://github.com/<owner>/passbolt-audit/releases/latest/download/passbolt-audit-darwin-arm64
chmod +x passbolt-audit
sudo mv passbolt-audit /usr/local/bin/

macOS (Intel)

curl -Lo passbolt-audit https://github.com/<owner>/passbolt-audit/releases/latest/download/passbolt-audit-darwin-amd64
chmod +x passbolt-audit
sudo mv passbolt-audit /usr/local/bin/

Windows

  1. Download passbolt-audit-windows-amd64.exe from the Releases page.
  2. Rename it to passbolt-audit.exe (optional).
  3. Place it in a directory that is in your PATH, or run it directly.

Build from source

Requires Go 1.25+:

go install github.com/<owner>/passbolt-audit@latest

Or clone and build:

git clone https://github.com/<owner>/passbolt-audit.git
cd passbolt-audit
go build -o passbolt-audit .

Requirements

  • A running Passbolt server (v4 or v5)
  • A PGP private key file and passphrase for authentication

Configuration

Parameters can be passed as CLI flags. Environment variables are used as fallbacks if a flag is not provided.

CLI Flags

passbolt-audit --url=<server> --passphrase=<pass> --key=<keyfile>
Flag Env Fallback Description Required
--url PB_SERVER_URL Passbolt server URL Yes
--passphrase PB_PASSPHRASE Passphrase for the PGP private key Yes
--key PB_KEY_FILE Path to the PGP private key file (.asc) Yes
--user-agent Custom User-Agent string No

Usage

# Using flags
passbolt-audit --url=https://passbolt.example.com --passphrase=secret --key=./my-key.asc

# Or with env vars
export PB_SERVER_URL=https://passbolt.example.com
export PB_PASSPHRASE=secret
export PB_KEY_FILE=./my-key.asc
passbolt-audit

Output

The tool prints a table with the following columns:

Column Description
RESOURCE Name of the password resource
URI URI/URL associated with the resource
USERNAME Username stored in the resource
AGE Days since last modification; marked OLD if >90 days
HIBP Have I Been Pwned status: SAFE or PWNED

Error Codes

Code Location Description
#001 Startup Failed to read the PGP private key file. Check PB_KEY_FILE path.
#002 Startup Failed to initialize the Passbolt API client. Check server URL, key format, and passphrase.
#003 Authentication Login to Passbolt failed. Verify credentials and server availability.
#004 Audit The audit process returned an error. See the wrapped error for details.
#005 Resource Fetch Failed to fetch resources from the Passbolt API. Check permissions and connectivity.
#006 Resource Decrypt Failed to decrypt/read a specific resource. The resource may have an unsupported type or corrupted data.

About

Checks your Passbolt passwords against Have I Been Pwned and Password Age

Resources

Stars

0 stars

Watchers

0 watching

Forks

Packages

 
 
 

Contributors

Languages