``` ____ __ ____ .-. / __ \____ _____ ____/ /_ ____ / / /_ .--./ / _.---., / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/ '-, (__..-` \ / ____/ /_/ (__ |__ ) /_/ / /_/ / / /_ \ | /_/ \__,_/____/____/_,___/\____/_/\__/ `,.__. ^___.-/ `-./ .'...--` The open source password manager for teams `' (c) 2018 Passbolt SARL https://www.passbolt.com ``` [![license](https://img.shields.io/github/license/passbolt/passbolt_docker.svg?style=flat-square)](https://github.com/passbolt/passbolt_docker/LICENSE) [![Docker Pulls](https://img.shields.io/docker/pulls/passbolt/passbolt.svg?style=flat-square)](https://hub.docker.com/r/passbolt/passbolt/tags/) [![GitHub release](https://img.shields.io/github/release/passbolt/passbolt_docker.svg?style=flat-square)](https://github.com/passbolt/passbolt_docker/releases) [![Twitter Follow](https://img.shields.io/twitter/follow/passbolt.svg?style=social&label=Follow)](https://twitter.com/passbolt) # Warning This is a work in progress branch use at your own risk. # What is passbolt? Passbolt is a free and open source password manager that allows team members to store and share credentials securely. # Usage Users are encouraged to use [official docker image from the docker hub](https://hub.docker.com/r/passbolt/passbolt/). ## Start passbolt instance Passbolt requires mysql to be running. The following example use mysql official docker image with the default passbolt credentials. ```bash $ docker run -e MYSQL_ROOT_PASSWORD= \ -e MYSQL_DATABASE= \ -e MYSQL_USER= \ -e MYSQL_PASSWORD= \ mysql ``` Then you can start passbolt just by providing the database container ip in the `db_host` environment variable. ```bash $ docker run --name passbolt \ -e DATASOURCES_DEFAULT_HOST= \ -e DATASOURCES_DEFAULT_PASSWORD= \ -e DATASOURCES_DEFAULT_USERNAME= \ -e DATASOURCES_DEFAULT_DATABASE= \ -e APP_FULL_BASE_URL=https://mydomain.com \ passbolt/passbolt:2.0.0-rc1 ``` Once the container is running create your first admin user: ```bash $ docker exec passbolt su -m -c "/var/www/passbolt/bin/cake passbolt register_user -u your@email.com -f yourname -l surname -r admin" -s /bin/sh www-data ``` This registration command will return a single use url required to continue the web browser setup and finish the registration. Your passbolt instance should be available browsing `https://yourdomain.com` # Configure passbolt ## Environment variables reference Passbolt docker image provides several environment variables to configure different aspects: ``` * APP_FULL_BASE_URL: Passbolt base url (Example https://yourdomain.com) * DATASOURCES_DEFAULT_HOST: database hostname (default: localhost) * DATASOURCES_DEFAULT_PORT: database port (default: 3306) * DATASOURCES_DEFAULT_USERNAME: database username (default: my_app) * DATASOURCES_DEFAULT_PASSWORD: database password (default: secret) * DATASOURCES_DEFAULT_DATABASE: database name (default: my_app) * EMAIL_DEFAULT_FROM: from email address (default: contact@mydomain.local) * EMAIL_DEFAULT_TRANSPORT: sets transport method (default: default) * EMAIL_TRANSPORT_DEFAULT_HOST: server hostname (default: localhost) * EMAIL_TRANSPORT_DEFAULT_PORT: server port (default: 25) * EMAIL_TRANSPORT_DEFAULT_TIMEOUT: timeout (default: 30) * EMAIL_TRANSPORT_DEFAULT_USERNAME: username for email server auth (default: null) * EMAIL_TRANSPORT_DEFAULT_PASSWORD: password for email server auth (default: null) * EMAIL_TRANSPORT_DEFAULT_CLIENT: client (default: null) * EMAIL_TRANSPORT_DEFAULT_TLS: set tls (default: null) * EMAIL_TRANSPORT_DEFAULT_URL: set url (default: null) * GNUPGHOME: Path to gnupghome directory (default: web_user_home_directory/.gnupg ) * PASSBOLT_KEY_LENGTH: gpg desired key length (default: 2048) * PASSBOLT_SUBKEY_LENGTH: gpg desired subkey length (default: 2048) * PASSBOLT_KEY_NAME: key owner name (default: Passbolt default user) * PASSBOLT_KEY_EMAIL: key owner email address (default: passbolt@yourdomain.com) * PASSBOLT_KEY_EXPIRATION: key expiration date (default: 0, never expires) * PASSBOLT_GPG_SERVER_KEY_FINGERPRINT: GnuPG fingerprint * PASSBOLT_GPG_SERVER_KEY_PUBLIC: Path to GnuPG public server key (defaults to /var/www/passbolt/config/gpg/serverkey.asc) * PASSBOLT_GPG_SERVER_KEY_PRIVATE: Path to GnuPG private server key (defaults to /var/www/passbolt/config/gpg/serverkey_private.asc) * PASSBOLT_REGISTRATION_PUBLIC: Defines if users can register (defaults to false) * PASSBOLT_SSL_FORCE: Redirects http to https from passbolt (defaults to true) * PASSBOLT_SECURITY_SET_HEADERS: Send CSP Headers from passbolt (defaults to true) * SECURITY_SALT: A random number user in security hashing methods. ``` ### Configuration files What if you already have a set of gpg keys and custom configuration files for passbolt? It it possible to mount the desired configuration files as volumes. * /var/www/passbolt/config/app.php * /var/www/passbolt/config/passbolt.php * /var/www/passbolt/config/gpg/serverkey.asc * /var/www/passbolt/config/gpg/serverkey_private.asc * /var/www/passbolt/app/webroot/img/public/images ### SSL certificate files It is also possible to mount a ssl certificate on the following paths: * /etc/ssl/certs/certificate.crt * /etc/ssl/certs/certificate.key ### docker-compose Usage: ``` $ docker-compose up ``` # Requirements: * rng-tools are required on host machine to speed up entropy generation on containers. This way gpg key creation on passbolt container will be faster. * mysql >= 5.6