CommunEu
/
Passbolt
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
192 Commits 1 Branch 0 Tags 987 KiB
Ruby 50.6%
Shell 34.6%
Dockerfile 14.8%
Go to file
Diego Lendoiro 743af843ee readme update 2018-01-18 09:25:37 +01:00
bin check for file existence 2018-01-16 17:10:02 +01:00
conf OWASP recommendations 2018-01-16 18:07:45 +01:00
spec fix directory permissions 2018-01-12 11:17:21 +01:00
.gitignore updated ignored files 2018-01-12 11:24:17 +01:00
CHANGELOG.md updated changelog 2.0.0-rc1 2018-01-17 10:51:33 +01:00
Dockerfile temporary added git 2018-01-17 12:30:00 +01:00
Gemfile healthcheck returns 200 status code 2018-01-12 09:33:28 +01:00
Gemfile.lock healthcheck returns 200 status code 2018-01-12 09:33:28 +01:00
ISSUE_TEMPLATE.md initial issue template 2018-01-16 18:52:02 +01:00
LICENSE Initial commit 2016-02-18 15:23:50 +05:30
README.md readme update 2018-01-18 09:25:37 +01:00
Rakefile initial Rakefile 2018-01-04 15:28:10 +01:00

README.md

Passbolt docker official image

Warning

This is a work in progress branch use at your own risk.

What is passbolt?

Passbolt is a free and open source password manager that allows team members to store and share credentials securely.

Usage

Users are encouraged to use official docker image from the docker hub.

Start passbolt instance

Passbolt requires mysql to be running. The following example use mysql official docker image with the default passbolt credentials.

$ docker run -e MYSQL_ROOT_PASSWORD=<root_password> \
             -e MYSQL_DATABASE=<mysql_database> \
             -e MYSQL_USER=<mysql_user> \
             -e MYSQL_PASSWORD=<mysql_password> \
             mysql

Then you can start passbolt just by providing the database container ip in the db_host environment variable.

$ docker run --name passbolt \
              -e DATASOURCES_DEFAULT_HOST=<mysql_container_host> \
             -e DATASOURCES_DEFAULT_PASSWORD=<mysql_password> \
             -e DATASOURCES_DEFAULT_USERNAME=<mysql_user> \
             -e DATASOURCES_DEFAULT_DATABASE=<mysql_database> \
             -e APP_FULL_BASE_URL=https://mydomain.com \
             passbolt/passbolt:2.0.0-rc1

Once the container is running create your first admin user:

$ docker exec passbolt su -m -c "/var/www/passbolt/bin/cake passbolt register_user -u your@email.com -f yourname -l surname -r admin" -s /bin/sh www-data

This registration command will return a single use url required to continue the web browser setup and finish the registration. Your passbolt instance should be available browsing https://yourdomain.com

Configure passbolt

Environment variables reference

Passbolt docker image provides several environment variables to configure different aspects:

  • APP_FULL_BASE_URL: Passbolt base url (Example https://yourdomain.com)
  • DATASOURCES_DEFAULT_HOST: database hostname (default: localhost)
  • DATASOURCES_DEFAULT_PORT: database port (default: 3306)
  • DATASOURCES_DEFAULT_USERNAME: database username (default: my_app)
  • DATASOURCES_DEFAULT_PASSWORD: database password (default: secret)
  • DATASOURCES_DEFAULT_DATABASE: database name (default: my_app)
  • EMAIL_DEFAULT_FROM: from email address (default: contact@mydomain.local)
  • EMAIL_DEFAULT_TRANSPORT: sets transport method (default: default)
  • EMAIL_TRANSPORT_DEFAULT_HOST: server hostname (default: localhost)
  • EMAIL_TRANSPORT_DEFAULT_PORT: server port (default: 25)
  • EMAIL_TRANSPORT_DEFAULT_TIMEOUT: timeout (default: 30)
  • EMAIL_TRANSPORT_DEFAULT_USERNAME: username for email server auth (default: null)
  • EMAIL_TRANSPORT_DEFAULT_PASSWORD: password for email server auth (default: null)
  • EMAIL_TRANSPORT_DEFAULT_CLIENT: client (default: null)
  • EMAIL_TRANSPORT_DEFAULT_TLS: set tls (default: null)
  • EMAIL_TRANSPORT_DEFAULT_URL: set url (default: null)
  • GNUPGHOME: Path to gnupghome directory (default: web_user_home_directory/.gnupg )
  • PASSBOLT_KEY_LENGTH: gpg desired key length (default: 2048)
  • PASSBOLT_SUBKEY_LENGTH: gpg desired subkey length (default: 2048)
  • PASSBOLT_KEY_NAME: key owner name (default: Passbolt default user)
  • PASSBOLT_KEY_EMAIL: key owner email address (default: passbolt@yourdomain.com)
  • PASSBOLT_KEY_EXPIRATION: key expiration date (default: 0, never expires)
  • PASSBOLT_GPG_SERVER_KEY_FINGERPRINT: GnuPG fingerprint
  • PASSBOLT_GPG_SERVER_KEY_PUBLIC: Path to GnuPG public server key (defaults to /var/www/passbolt/config/gpg/serverkey.asc)
  • PASSBOLT_GPG_SERVER_KEY_PRIVATE: Path to GnuPG private server key (defaults to /var/www/passbolt/config/gpg/serverkey_private.asc)
  • PASSBOLT_REGISTRATION_PUBLIC: Defines if users can register (defaults to false)
  • PASSBOLT_SSL_FORCE: Redirects http to https from passbolt (defaults to true)
  • PASSBOLT_SECURITY_SET_HEADERS: Send CSP Headers from passbolt (defaults to true)
  • SECURITY_SALT: A random number user in security hashing methods.

Configuration files

What if you already have a set of gpg keys and custom configuration files for passbolt? It it possible to mount the desired configuration files as volumes.

  • /var/www/passbolt/config/app.php
  • /var/www/passbolt/config/passbolt.php
  • /var/www/passbolt/config/gpg/serverkey.asc
  • /var/www/passbolt/config/gpg/serverkey_private.asc
  • /var/www/passbolt/app/webroot/img/public/images

SSL certificate files

It is also possible to mount a ssl certificate on the following paths:

  • /etc/ssl/certs/certificate.crt
  • /etc/ssl/certs/certificate.key

Requirements:

  • rng-tools are required on host machine to speed up entropy generation on containers. This way gpg key creation on passbolt container will be faster.
  • mysql >= 5.6