Setup Passbolt¶
Note
I ended up using BitWarden instead...
Passbolt is an open source password manager: https://github.com/passbolt.
You'll need a MySQL server to run Passbolt.
Note
This guide will not setup using HTTPS and will thus be running in "unsafe mode" for evaluation purposes only - I suggest you use Traefik & Let's Encrypt.
MySQL¶
This uses my mysql-basic-auth patched container... see MySQL Docker Setup.
docker volume create passbolt_mysql docker run -d --name passbolt-mysql \ -e MYSQL_RANDOM_ROOT_PASSWORD=true \ -e MYSQL_ONETIME_PASSWORD=true \ --mount src=passbolt_mysql,dst=/var/lib/mysql/ \ mysql-basic-auth
Insepct the logs, and reset the root password... also create the passbolt user:
sleep 10 docker logs passbolt-mysql 2>&1 | grep 'GENERATED ROOT PASSWORD:' docker exec -it passbolt-mysql mysql -u root -p
ALTER USER 'root'@'localhost' IDENTIFIED BY '${NEW_PASS}'; CREATE USER 'passbolt'@'%' IDENTIFIED BY '${PASSWORD}'; CREATE DATABASE `passbolt`; GRANT ALL PRIVILEGES ON `passbolt`.* TO 'passbolt'@'%';
Passbolt¶
Note
${HOSTNAME} must be a full and valid domain name... see this
docker volume create passbolt_img docker volume create passbolt_gpg docker run -it --name passbolt \ --link passbolt-mysql \ -p ${PORT}:80/tcp \ -e APP_FULL_BASE_URL=http://${HOSTNAME}:${PORT} \ -e DATASOURCES_DEFAULT_HOST=passbolt-mysql \ -e DATASOURCES_DEFAULT_USERNAME=passbolt \ -e DATASOURCES_DEFAULT_PASSWORD=${PASSWORD} \ -e DATASOURCES_DEFAULT_DATABASE=passbolt \ --mount src=passbolt_img,dst=/var/www/passbolt/webroot/img/ \ --mount src=passbolt_gpg,dst=/var/www/passbolt/config/gpg/ \ passbolt/passbolt:latest
Once up and running, detach with ^P, ^Q.
Register Your First User¶
docker exec -u www-data passbolt \ /var/www/passbolt/bin/cake passbolt register_user \ -u ${EMAIL} \ -f ${FIRSTNAME} -l ${LASTNAME} \ -r admin
Follow the provided link, install the browser extension, and continue setup from there.
You'll need to:
- Provide a valid GPG Ecryption key
- See add subkey
- "RSA (encrypt only)" worked for me
- Remember a "Security Token", i.e: a color and three letters
- This will be shown to you when you login, as proof of identity
Remember, the "passphrase" you are propted for is to unlock the GPG key you generated or provided.
IMPORTANT: The user's GPG key is stored only in the browser... therefore you must back it up and keep it safe.