{"id":13552131,"url":"https://github.com/passbolt/passbolt_docker","last_synced_at":"2025-05-14T18:05:14.959Z","repository":{"id":39851158,"uuid":"51997542","full_name":"passbolt/passbolt_docker","owner":"passbolt","description":"Get started with Passbolt CE using docker!","archived":false,"fork":false,"pushed_at":"2025-04-03T11:55:58.000Z","size":1233,"stargazers_count":926,"open_issues_count":2,"forks_count":206,"subscribers_count":27,"default_branch":"master","last_synced_at":"2025-04-13T16:51:52.107Z","etag":null,"topics":["docker","passbolt"],"latest_commit_sha":null,"homepage":"https://passbolt.com","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/passbolt.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2016-02-18T09:53:50.000Z","updated_at":"2025-04-10T12:11:49.000Z","dependencies_parsed_at":"2023-02-16T18:15:46.021Z","dependency_job_id":"794cd49a-97c1-4044-9b8c-a6ff3c703f66","html_url":"https://github.com/passbolt/passbolt_docker","commit_stats":{"total_commits":520,"total_committers":53,"mean_commits":9.81132075471698,"dds":"0.47115384615384615","last_synced_commit":"bd585b33dd0c7e5ee33ca3d11ae8c80a29a6d69b"},"previous_names":[],"tags_count":61,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/passbolt%2Fpassbolt_docker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/passbolt%2Fpassbolt_docker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/passbolt%2Fpassbolt_docker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/passbolt%2Fpassbolt_docker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/passbolt","download_url":"https://codeload.github.com/passbolt/passbolt_docker/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254198514,"owners_count":22030965,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","passbolt"],"created_at":"2024-08-01T12:01:59.364Z","updated_at":"2025-05-14T18:05:09.949Z","avatar_url":"https://github.com/passbolt.png","language":"Shell","funding_links":[],"categories":["Ruby","Security"],"sub_categories":["Sensor and Acuator Interfaces"],"readme":"```\n ____ __ ____ .-.\n / __ \\____ _____ ____/ /_ ____ / / /_ .--./ / _.---.,\n / /_/ / __ `/ ___/ ___/ __ \\/ __ \\/ / __/ '-, (__..-` \\\n / ____/ /_/ (__ |__ ) /_/ / /_/ / / /_ \\ |\n /_/ \\__,_/____/____/_,___/\\____/_/\\__/ `,.__. ^___.-/\n `-./ .'...--`\n The open source password manager for teams `'\n (c) 2023 Passbolt SA\n https://www.passbolt.com\n```\n\n[![Docker Pulls](https://img.shields.io/docker/pulls/passbolt/passbolt.svg?style=flat-square)](https://hub.docker.com/r/passbolt/passbolt/tags/)\n[![GitHub release](https://img.shields.io/github/release/passbolt/passbolt_docker.svg?style=flat-square)](https://github.com/passbolt/passbolt_docker/releases)\n[![license](https://img.shields.io/github/license/passbolt/passbolt_docker.svg?style=flat-square)](https://github.com/passbolt/passbolt_docker/LICENSE)\n[![Twitter Follow](https://img.shields.io/twitter/follow/passbolt.svg?style=social\u0026label=Follow)](https://twitter.com/passbolt)\n\n# What is passbolt?\n\nPassbolt is a free and open source password manager that allows team members to\nstore and share credentials securely.\n\n# Requirements\n\n* mariadb/mysql \u003e= 5.0\n\n# Usage\n\n### docker-compose\n\nUsage:\n\n```\ndocker-compose -f docker-compose/docker-compose-ce.yaml up\n```\n\nUsers are encouraged to use [official docker image from the docker hub](https://hub.docker.com/r/passbolt/passbolt/).\n\n## Start passbolt instance\n\nPassbolt requires mysql to be running. The following example use mysql official\ndocker image with the default passbolt credentials.\n\n```bash\n$ docker run -e MYSQL_ROOT_PASSWORD=\u003croot_password\u003e \\\n -e MYSQL_DATABASE=\u003cmariadb_database\u003e \\\n -e MYSQL_USER=\u003cmariadb_user\u003e \\\n -e MYSQL_PASSWORD=\u003cmariadb_password\u003e \\\n mariadb\n```\n\nThen you can start passbolt just by providing the database container's IP address in the\n`DATASOURCES_DEFAULT_HOST` environment variable.\n\n```bash\n$ docker run --name passbolt \\\n -p 80:80 \\\n -p 443:443 \\\n -e DATASOURCES_DEFAULT_HOST=\u003cmariadb_container_host\u003e \\\n -e DATASOURCES_DEFAULT_PASSWORD=\u003cmariadb_password\u003e \\\n -e DATASOURCES_DEFAULT_USERNAME=\u003cmariadb_user\u003e \\\n -e DATASOURCES_DEFAULT_DATABASE=\u003cmariadb_database\u003e \\\n -e APP_FULL_BASE_URL=https://example.com \\\n passbolt/passbolt:develop-debian\n```\n\nOnce the container is running create your first admin user:\n\n```bash\ndocker exec passbolt su -m -c \"bin/cake passbolt register_user -u your@email.com -f yourname -l surname -r admin\" -s /bin/sh www-data\n```\n\nOr alternatively for non-root image:\n\n```bash\ndocker exec passbolt bin/cake passbolt register_user -u your@email.com -f yourname -l surname -r admin\n```\n\nThis registration command will return a single use url required to continue the\nweb browser setup and finish the registration. Your passbolt instance should be\navailable browsing `https://example.com`\n\nIf you encounter a `DNS_PROBE_FINISHED_NXDOMAIN` error when deploying locally, you may need to manually edit the\nhosts file on your machine so that the `passbolt.local` domain is resolved to your localhost ip address. On Linux,\nappend the line `127.0.0.1 passbolt.local` to your `/etc/hosts` file.\n\n# Configure passbolt\n\n## Environment variables reference\n\nPassbolt docker image provides several environment variables to configure different aspects:\n\n| Variable name | Description | Default value\n| ----------------------------------- | -------------------------------- | -------------------\n| APP_BASE | In case you want to run Passbolt in a subdirectory (e.g. `https://example.com/passbolt`), set this to the path to the subdirectory (e.g. `/passbolt`). Make sure this does **not** end in a trailing slash! | null\n| APP_FULL_BASE_URL | The hostname where your server is reachable, including `https://` (or `http://`). Make sure this does **not** end in a trailing slash! And in case you are running Passbolt from a subdirectory (e.g. `https://example.com/passbolt`), please include the subdirectory in this variable, too. | false\n| DATASOURCES_DEFAULT_HOST | Database hostname | localhost\n| DATASOURCES_DEFAULT_PORT | Database port | 3306\n| DATASOURCES_DEFAULT_USERNAME | Database username | ''\n| DATASOURCES_DEFAULT_PASSWORD | Database password | ''\n| DATASOURCES_DEFAULT_DATABASE | Database name | ''\n| DATASOURCES_DEFAULT_SSL_KEY | Database SSL Key | ''\n| DATASOURCES_DEFAULT_SSL_CERT | Database SSL Cert | ''\n| DATASOURCES_DEFAULT_SSL_CA | Database SSL CA | ''\n| EMAIL_TRANSPORT_DEFAULT_CLASS_NAME | Email classname | Smtp\n| EMAIL_DEFAULT_FROM | From email address | you@localhost\n| EMAIL_DEFAULT_TRANSPORT | Sets transport method | default\n| EMAIL_TRANSPORT_DEFAULT_HOST | Server hostname | localhost\n| EMAIL_TRANSPORT_DEFAULT_PORT | Server port | 25\n| EMAIL_TRANSPORT_DEFAULT_TIMEOUT | Timeout | 30\n| EMAIL_TRANSPORT_DEFAULT_USERNAME | Username for email server auth | null\n| EMAIL_TRANSPORT_DEFAULT_PASSWORD | Password for email server auth | null\n| EMAIL_TRANSPORT_DEFAULT_CLIENT | Client | null\n| EMAIL_TRANSPORT_DEFAULT_TLS | Set tls | null\n| EMAIL_TRANSPORT_DEFAULT_URL | Set url | null\n| GNUPGHOME | path to gnupghome directory | /var/lib/passbolt/.gnupg\n| PASSBOLT_KEY_LENGTH | Gpg desired key length | 3072\n| PASSBOLT_SUBKEY_LENGTH | Gpg desired subkey length | 3072\n| PASSBOLT_KEY_NAME | Key owner name | Passbolt default user\n| PASSBOLT_KEY_EMAIL | Key owner email address | \u003cpassbolt@yourdomain.com\u003e\n| PASSBOLT_KEY_EXPIRATION | Key expiration date | 0, never expires\n| PASSBOLT_GPG_SERVER_KEY_FINGERPRINT | GnuPG fingerprint | null\n| PASSBOLT_GPG_SERVER_KEY_FINGERPRINT_FORCE | Force calculation of GnuPG fingerprint for server key | null\n| PASSBOLT_GPG_SERVER_KEY_PUBLIC | Path to GnuPG public server key | /etc/passbolt/gpg/serverkey.asc\n| PASSBOLT_GPG_SERVER_KEY_PRIVATE | Path to GnuPG private server key | /etc/passbolt/gpg/serverkey_private.asc\n| PASSBOLT_PLUGINS_EXPORT_ENABLED | Enable export plugin | true\n| PASSBOLT_PLUGINS_IMPORT_ENABLED | Enable import plugin | true\n| PASSBOLT_REGISTRATION_PUBLIC | Defines if users can register | false\n| PASSBOLT_SSL_FORCE | Redirects http to https | false\n| PASSBOLT_SECURITY_SET_HEADERS | Send CSP Headers | true\n| SECURITY_SALT | CakePHP security salt | **SALT**\n\nFor more env variables supported please check [default.php](https://github.com/passbolt/passbolt_api/blob/master/config/default.php)\nand [app.default.php](https://github.com/passbolt/passbolt_api/blob/master/config/app.default.php)\n\n### Configuration files\n\nWhat if you already have a set of gpg keys and custom configuration files for passbolt?\nIt it possible to mount the desired configuration files as volumes.\n\n* /etc/passbolt/app.php\n* /etc/passbolt/passbolt.php\n* /etc/passbolt/gpg/serverkey.asc\n* /etc/passbolt/gpg/serverkey_private.asc\n* /usr/share/php/passbolt/webroot/img/public/images\n\n### SSL certificate files\n\nIt is also possible to mount a ssl certificate on the following paths:\n\nFor **image: passbolt/passbolt:latest-ce-non-root**\n\n* /etc/passbolt/certs/certificate.crt\n* /etc/passbolt/certs/certificate.key\n\nFor **image: passbolt/passbolt:latest-ce**\n\n* /etc/ssl/certs/certificate.crt\n* /etc/ssl/certs/certificate.key\n\n### Database SSL certificate files\n\nIf Database SSL certs provided, you must mount mysql/mariadb specific conf on the following paths:\n\n* /etc/mysql/conf.d # if using mysql\n* /etc/mysql/mariadb.conf.d/ #if using mariadb\n\nExample:\n\n```\n[client]\nssl-ca=/etc/mysql/ssl/ca-cert.pem\nssl-cert=/etc/mysql/ssl/server-cert.pem\nssl-key=/etc/mysql/ssl/server-key.pem\n```\n\n### CLI healthcheck\n\nIn order to run the healthcheck from the CLI on the container:\n\nOn a root docker image:\n\n```\nsu -s /bin/bash www-data\nexport PASSBOLT_GPG_SERVER_KEY_FINGERPRINT=\"$(su -c \"gpg --homedir $GNUPGHOME --list-keys --with-colons ${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com} |grep fpr |head -1| cut -f10 -d:\" -ls /bin/bash www-data)\"\nbin/cake passbolt healthcheck\n```\n\nNon root image:\n\n```\nexport PASSBOLT_GPG_SERVER_KEY_FINGERPRINT=\"$(su -c \"gpg --homedir $GNUPGHOME --list-keys --with-colons ${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com} |grep fpr |head -1| cut -f10 -d:\" -ls /bin/bash www-data)\"\nbin/cake passbolt healthcheck\n```\n\n## Docker secrets support\n\nAs an alternative to passing sensitive information via environment variables, _FILE may be appended to the previously listed environment variables, causing the initialization script to load the values for those variables from files present in the container. In particular, this can be used to load passwords from Docker secrets stored in /run/secrets/\u003csecret_name\u003e files. For example:\n\n```\ndocker run --name passsbolt -e DATASOURCES_DEFAULT_PASSWORD_FILE=/run/secrets/db-password -d passbolt/passbolt\n```\n\nCurrently, this is only supported for DATASOURCES_DEFAULT_PASSWORD, DATASOURCES_DEFAULT_HOST, DATASOURCES_DEFAULT_USERNAME, DATASOURCES_DEFAULT_DATABASE, EMAIL_TRANSPORT_DEFAULT_PASSWORD, EMAIL_TRANSPORT_DEFAULT_USERNAME\n\nFollowing the behaviour we use to mount docker secrets as environment variables, it is also posible to mount docker secrets as a file inside the passbolt container. So, for some secret files the user can store them using docker secrets and then inject them into the container with a env variable and the entrypoint script will create a symlink to the proper path.\n\n```\ndocker run --name passsbolt -e PASSBOLT_SSL_SERVER_CERT_FILE=/run/secrets/ssl-cert -d passbolt/passbolt\n```\n\nThis feature is only supported for:\n\n* PASSBOLT_SSL_SERVER_CERT_FILE that points to /etc/ssl/certs/certificate.crt\n* PASSBOLT_SSL_SERVER_KEY_FILE that points to /etc/ssl/certs/certificate.key\n* PASSBOLT_GPG_SERVER_KEY_PRIVATE_FILE that points to /etc/passbolt/gpg/serverkey_private.asc\n* PASSBOLT_GPG_SERVER_KEY_PUBLIC_FILE that points to /etc/passbolt/gpg/serverkey.asc\n\n## Develop on Passbolt\n\nThis repository also provides a way to quickly setup Passbolt for development purposes. This way should never be used in production, as this would be unsafe.\nYou can use the docker-compose files under [docker-compose/](./docker-compose/) to spin up Passbolt for production using docker compose.\nIf you would like to setup Passbolt for development purposes, please follow the steps described [here](./dev/README.md).\n\n## Run passbolt docker tests\n\n```bash\nPASSBOLT_FLAVOUR=ce PASSBOLT_COMPONENT=stable ROOTLESS=false bundle exec rake spec\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpassbolt%2Fpassbolt_docker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpassbolt%2Fpassbolt_docker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpassbolt%2Fpassbolt_docker/lists"}