Feature request - API create passwords

felix

I'm just day dreaming here without any thought on security implications, but it would be nice to be able to store bitlocker keys through the API.

johnny

@felix this can be a secure possibility not out of scope by any means maybe down the line we will implement this

wrongecho

Hey @felix

Great suggestion that I've finally gotten around to!

This PR should add this functionality: itflow-org/itflow1002
PS Examples: github.com/itflow-org/itflow-api-powershell/tree/main/credentials

I would exercise caution in how you use this API endpoint. I think it would be best to generate a per-client API key and run this script from a hardened server (like a client's domain controller), rather than letting each endpoint store the keys themselves (assuming you're backing up Bitlocker keys to AD).
If you are going to push this to endpoints via a RMM agent, ensure there is a secure way in the RMM to reference the API Key & Decryption Key (and rotate them semi-regularly if possible).