I’m working on utilizing the cli via powershell. I decided to use the apikey so that I would only have to worry about securely storing one value. This also allows me to not worry about two factor authentication when acessing the cli. I’m confused by one thing though. If I login to the cli with the email address and password I get a session back to use for retrieval of objects. But, if I connect with the apikey I need to first unlock the vault before I can retrieve objects. This method also requires me to store the master password. Is there a reason logging in with the --apikey switch does not return a session for later use? This seems like a security risk with the need to store both an apikey and the master password. I could also be missing something obvious where the master password isn’t needed when unlocking the vault after an apikey connection has been established.
I could also be missing something obvious where the master password isn’t needed when unlocking the vault after an apikey connection has been established.
Yeah, there are some operations that you can do to the encrypted vault without the password.
AFAIK, to do operations that require decryption, you would have to supply either email/password/2FA or API key/API secret/password. Essentially, the password is the essential element to decrypt the vault, whereas the other info are used for other stuffs including authentication and downloading the vault.