Passbolt

Passbolt

The password manager your team was waiting for. Free, open source, self-hosted, extensible, OpenPGP based.


Note

For this guide you should be familiar with the basic concepts of

License

Passbolt is released under the AGPL-3.0 license.

Prerequisites

We’re using PHP in the stable version 7.2. Since new Uberspaces are currently setup with PHP 7.1 by default you need to set this version manually:

[isabell@stardust ~]$ uberspace tools version use php 7.2
Selected PHP version 7.2
The new configuration is adapted immediately. Patch updates will be applied automatically.
[isabell@stardust ~]$

You’ll need your MySQL credentials. Get them with my_print_defaults:

[isabell@stardust ~]$ my_print_defaults client
--default-character-set=utf8mb4
--user=isabell
--password=MySuperSecretPassword
[isabell@stardust ~]$

Your website domain needs to be set up:

[isabell@stardust ~]$ uberspace web domain list
isabell.uber.space
[isabell@stardust ~]$

Create the database:

[isabell@stardust ~]$ mysql -e "CREATE DATABASE ${USER}_passbolt CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
[isabell@stardust ~]$

Create an email user:

[isabell@stardust ~]$ uberspace mail user add passbolt
Enter a password for the mailbox: (...)
Please confirm your password: (...)
New mailbox created for user: 'passbolt', it will be live in a few minutes...
[isabell@stardust ~]$

Installation

To install Passbolt we clone the current version using Git. cd to your DocumentRoot so the cloned folder will be under your html.

[isabell@stardust ~]$ cd ~/html/
[isabell@stardust html]$ git clone https://github.com/passbolt/passbolt_api.git .
Cloning into '.'...
(...)
[isabell@stardust ~]$

Configuration

Generate an OpenPGP key:

Warning

Do not set a passphrase or an expiration date.

Save your fingerprint and replace SERVER_KEY@EMAIL.TEST with your email.

[isabell@stardust ~]$ mkdir -p ~/passbolt/config
[isabell@stardust ~]$ gpg --gen-key
[isabell@stardust ~]$ gpg --list-keys --fingerprint
[isabell@stardust ~]$ gpg --armor --export-secret-keys SERVER_KEY@EMAIL.TEST > ~/passbolt/config/serverkey_private.asc
[isabell@stardust ~]$ gpg --armor --export SERVER_KEY@EMAIL.TEST > ~/passbolt/config/serverkey.asc
[isabell@stardust ~]$

Install the dependencies:

[isabell@stardust ~]$ cd ~/html/
[isabell@stardust html]$ wget --output-document=composer.phar https://getcomposer.org/composer-1.phar
[isabell@stardust html]$ php composer.phar install --no-dev
[isabell@stardust html]$ rm composer.phar
[isabell@stardust html]$ cp config/passbolt.default.php config/passbolt.php
[isabell@stardust html]$
Edit following settings in config/passbolt.php:
  • fullBaseUrl in App: https://isabell.uber.space

  • username, password and database in Datasources: credentials

  • port in EmailTransport: 587

  • username and password in EmailTransport: passbolt@isabell.uber.space and the password

  • fingerprint in passbolt - gpg - serverKey: Insert your gpg fingerprint without spaces (!)

  • public and private under fingerprint: /home/isabell/passbolt/config/

Finish the installation and fill in your email and name when asked for:

[isabell@stardust html]$ ./bin/cake passbolt install
[isabell@stardust html]$ ./bin/cake passbolt healthcheck
(...)
No error found. Nice one sparky!
[isabell@stardust html]$

Finally, configure a cronjob so mails get sent automatically: Add the following line to your crontab using the crontab -e command:

* * * * * /home/$USER/html/bin/cake EmailQueue.sender >> ~/logs/passbolt_mails.log

Updates

Note

Check the update feed regularly to stay informed about the newest version.

Check Passbolt’s stable releases for the latest versions. If a newer version is available, you should manually update your installation. The update process varies between patch, minor or major update. You can easily follow the instructions in the Passbolt`s update documentation.


Tested with Passbolt 2.12.0 and Uberspace 7.4

Written by: Thomas Kammerer <https://kammerer.tk/>