Skip to main content
  1. projects/

Deploying Passbolt for a Small Business

AIMG Projects Networking and Servers Software and Tools Virtualization
Timothy Smith
Head of Infrastructure
Table of Contents


At AI Media Group, managing sensitive data securely is paramount. As our team grew, so did the complexity of managing passwords and credentials across various platforms and services. The solution? Implementing Passbolt, a self-hosted, open-source password manager tailored specifically for teams. In this post, I’ll walk you through how we successfully deployed Passbolt using Docker, highlighting the benefits and learning curves we encountered along the way.

Why Passbolt?

Before diving into the technical details, it’s essential to understand why we chose Passbolt over other password management solutions. Our primary criteria were security, ease of use, and scalability. Passbolt stood out due to its open-source nature, offering transparency and robust security features. It is designed for teams, making it easy to share credentials securely within our organization. Moreover, being self-hosted, it provided us full control over our data.

Preparing for Deployment

Passbolt Documentation

Passbolt offers versatile deployment options suitable for various hosting preferences. Users can choose to self-host on a home server or within an on-premise infrastructure in a small business, or opt for cloud deployment hosted by Passbolt for ease and convenience. The platform features a free tier for self-hosting as well as paid tiers for enhanced services and managed hosting. To facilitate setup and troubleshooting, Passbolt provides comprehensive documentation, ensuring users can get up and running smoothly regardless of the chosen deployment method.

Visit Passbolt's Website

System Requirements

We opted to deploy Passbolt on a virtual server running Debian 12. Here are the minimum requirements we ensured we had much more before starting:

  • A server with Debian 12
  • 2 cores from CPU we used 8
  • 2GB of RAM we used 16GB
  • 20GB of hard drive storage we used 500GB
  • Docker and Docker Compose installed

Installation of Docker and Docker Compose

Firstly, we needed Docker and Docker Compose on our server. Docker simplifies deployment by containerizing the application and its environment.

Before installing Docker we need to update the server

sudo apt update && sudo apt upgrade -y

Install Docker and Dock er-Compose

sudo apt install docker-compose -y

To confirm docker is installed run:

docker --version

For more information on Docker and the work I have done with it view my Docker Project

Deploying Passbolt

With Docker ready, deploying Passbolt was straightforward. We used the wget command to retrieve the docker-compose-ce.yml file from the docs:

Make a new directory just for passbolt

sudo mkdir passbolt
cd passbolt

Add the files to the new directory called passbolt


Ensure the file has not been corrupted by verifying its shasum

sha512sum -c docker-compose-ce-SHA512SUM.txt

The output should then be something similar to this: docker-compose-ce.yaml: OK

Change Variables in yaml file

Original docker-compose-ce.yaml file:

version: "3.9"
    image: mariadb:10.11
    restart: unless-stopped
      MYSQL_DATABASE: "passbolt"
      MYSQL_USER: "passbolt"
      MYSQL_PASSWORD: "P4ssb0lt"
      - database_volume:/var/lib/mysql

    image: passbolt/passbolt:latest-ce
    #Alternatively you can use rootless:
    #image: passbolt/passbolt:latest-ce-non-root
    restart: unless-stopped
      - db
      APP_FULL_BASE_URL: https://passbolt.local
      - gpg_volume:/etc/passbolt/gpg
      - jwt_volume:/etc/passbolt/jwt
      - 80:80
      - 443:443
    #Alternatively for non-root images:
    # - 80:8080
    # - 443:4433

VariableWhat to Change
restartChange this variable in db from unless-stopped to always this insures if crashed it will restart
MYSQL_USERCreate a username of your choice
MYSQL_PASSWORDThis is where you will input a password of your choice
restartChange this variable in passbolt from unless-stopped to always this insures if crashed it will restart
APP_FULL_BASE_URLChange this to your domain you will access this under
DATASOURCES_DEFAULT_USERNAMECreate a username of your choice
DATASOURCES_DEFAULT_PASSWORDThis is where you will input a password of your choice
WARNING before moving on to the next steps you will need to change the file name from docker-compose-ce.yaml to docker-compose.yaml

To change the filename simply rename it using mv:

sudo mv docker-compose-ce.yaml docker-compose.yaml

Launching Passbolt

After configuring docker-compose.yml, starting Passbolt was as simple as running:

docker-compose up -d
TIP remember to set the IP of your server to your Domain you can find your IP address using the command ip add

Once running, we can confirm it is accessible through the browser at the specified URL we set.

Post-Deployment Configuration

Now that Passbolt is up and running they ask you setup a SMTP email server for user registration and notifications. This setup is crucial as it handles all outgoing communications from Passbolt to its users, including registration links and notification alerts.

If you’re not ready to set up an SMTP server just yet, or if you prefer a more hands-on method, adding users via the command line is a great alternative. This method is particularly useful during initial setup phases or when managing a small number of users. Here’s how to do it:

Add your first user this is the account you will access passbolt on

docker exec -it passbolt_passbolt_1 su -m -c "/usr/share/php/passbolt/bin/cake passbolt register_user -u EMAIL -f FIRST NAME -l LAST NAME -r admin" -s /bin/sh www-data
VariableWhat to Change
passbolt_passbolt_1This is the name of your docker container only change this if yours is different
EMAILChange this to reflect the users email address
FIRST NAMEChange this to reflect the users first name
LAST NAMEChange this to reflect the users last name
-r adminAdd or remove this depending on if you want the user to have admin permissions
TIP use this same method to add multiple users to the passbolt account once the account is made copy the link in the terminal and send it to the user so they can setup their account


Deploying Passbolt has significantly improved our team’s ability to manage passwords securely and efficiently. The process was a learning curve, especially tweaking the configurations for optimal performance. Looking forward, we plan to explore more of Passbolt’s features, such as user groups and permissions, to further tailor the tool to our needs.

In conclusion, Passbolt has proven to be a robust solution for team-based password management. Deploying it using Docker streamlined the process, making it manageable and scalable. We recommend Passbolt to any team looking for a secure, self-hosted password management solution.


Navigating Docker with Ease
Kasm Projects AIMG Projects Personal Projects Networking and Servers Software and Tools Tutorials and Guides Virtualization
AIMG Projects Networking and Servers Software and Tools Virtualization
AIMG Projects File Systems Networking and Servers Software and Tools Virtualization