How to Install Passbolt Password Manager on Ubuntu 22.04
This tutorial exists for these OS versions
- Ubuntu 22.04 (Jammy Jellyfish)
- Ubuntu 20.04 (Focal Fossa)
On this page
Passbolt is a free and open-source password manager based on PHP, MySQL, and OpenPGP. It is a self-hosted application server, you can install it on your server. Passbolt is primarily designed for teams, but you can still use it as a personal password manager.
Passbolt is built on top of OpenPGP with an extensible API. On the client-side, you can use the Passbolt browser extension, which uses on the OpenPGP.js for cryptography functionality. On the server-side, Passbolt uses the GnuPG PHP Extension and openpgp-php to perform key validation and user authentication. Passbolt uses the GPGAuth protocol for users authentication.
In this guide, you will install and set up Passbolt Password Manager on Ubuntu 22.04 server. You will also learn how to set up and integrate Passbolt with your web browser.
Prerequisites
To complete this guide, you will need a server running Ubuntu 22.04 and this should be a vanilla server or a fresh server. You will also need a non-root user with sudo root privileges on the server and the UFW firewall is enabled. And for production, you will also need the domain name pointed to your server IP address and also generated SSL certificates.
Now let's jump to the Passbolt installation.
Setting up Repository
Passbolt is a password manager that can be installed on various Linux distributions and also can be installed as a Containzered via Docker.
There are multiple ways for installing Passbolt, and for this example, you will install Passbolt via the official Passbolt repository.
Now run the following command to download the setup script for the Passbolt repository. This script will automatically be setting up the Passbolt repository to your Ubuntu system.
curl -O https://raw.githubusercontent.com/passbolt/passbolt-dep-scripts/main/passbolt-repo-setup.ce.sh
Next, run the following command to verify the integrity of the Passbolt script. Then, execute the Passbolt script to start adding the Passbolt repository.
[ "$(sha256sum passbolt-repo-setup.ce.sh | awk '{print $1}')" = "6a378dd2c021dbbfe25b5dba08949f81df62605babc64d4a07a5fb91b8cbd347" ] && sudo bash ./passbolt-repo-setup.ce.sh || echo "Bad checksum. Aborting" && rm -f passbolt-repo-setup.ce.sh
After the Passbolt repository is added, you will see the configuration as the following output. You can see a message such as "passbolt repository setup is finished", and you are ready to install Passbolt Password Manager.
Installing Passbolt CE (Community Edition)
The repository for the Passbold CE (Community Edition) is added, and now you can install Passbolt. By doing this, you will also install other packages such as LEMP Stack (Nginx, MySQL, and PHP-FPM) that will be used to run Passbolt.
In a basic way, the package is just an installer script for Passbolt Password Manager and all the required dependencies.
Run the following apt command to install the package 'passbolt-ce-server'.
sudo apt install passbolt-ce-server
When prompted to confirm installation, press Y then ENTER to proceed.
Now during the installation, you will be asked to configure your system. This includes the following configurations:
- Setting up MySQL database and user.
- Setting up Nginx server block.
- Setting up SSL certificates for securing your Passbolt installation.
Setting up MySQL Database and User
In the first prompt, you will be asked to set up and create the database on the local MySQL/MySQL server.
Select Yes and press ENTER.
Now you will need to provide the MySQL root user and password. In this case, the MySQL server is automatically installed by the Passbolt installer script, so the default MySQL user is 'root' and with no password.
Input the MySQL user root and select Ok.
For the MySQL root administrator password, leave it blank and select Ok.
Now it's time to create the new database and user for Passbolt.
For the database user that will be used for Passbolt, you can change with your user or leave it as default with 'passboltadmin' and select Ok.
Input the password for MySQL user 'passboltadmin'. This password also will be used for the Passbolt database.
Repeat your password and select Ok.
Next, input the new database name for Passbolt and select Ok. The default database that will be created is 'passboltdb'.
And you now have finished the MySQL database and user configuration for Passbolt automatically via the Passbolt package. Also, be sure to write down the database details that you just created, this will be used in the next step during Passbolt configurations.
On the next prompt, you will be asked for the Nginx configuration for the Passbolt Password Manager.
Configuring Nginx Web Server
In the next stage, you will be prompted to set up and configure Nginx for your Passbolt installation.
Select Yes to start configuring the Nginx web server.
Now you will be asked to set up your Nginx installation. There are three options none, manual, and auto.
- none: this will set up the Nginx server block without SSL certificates.
- manual: this will set up the Nginx server block with SSL certificates that are manually provided by you.
- auto: set up Nginx server block and automatically set up SSL certificates via letsencrypt.
In this example, we will show to use the "manual" configuration and input the path of SSL certificates manually. So, select "manual" and move to Ok to confirm.
Now input the domain name for your Passbolt installation and select Ok. In this example, the domain will be "passbolt.howtoforge.local" that will be used.
Next, input the path of the public SSL certificate and select Ok.
Now input the private key of the SSL certificate and select Ok.
When the installation is finished, you will see the output like the following screenshot. Your Passbolt Password Manager is accessible via your domain name.
Configuring Passbolt from Client
At this point, you have completed the Passbolt installation via the installer. Passbolt is now running with MySQL as the database, Nginx as the web server, and SSL certificates enabled.
Now open the web browser and visit the domain name of your Passbolt installation (i.e: https://passbolt.howtoforge.local/).
You will now get the Passbolt installer page. Click the "Get Started" button to start configuring Passbolt.
Now the installer will check your environment for its installation. if your environment is ready, you will see messages such as "Nice one! Your environment is ready for passbolt".
Click the "Start configuration" button.
Now you will need to fill in the details MySQL database, user, and password. Then click "Next".
The database here is created on top during the Passbolt installation. So, be sure to fill in the details with your correct database configuration.
Now you will need to set up the OpenPGP key that will be used for your Passbolt. You can import if you have generated an OpenPGP key, but also you can generate a new OpenPGP key.
For this example, you will generate a new fresh OpenPGP key, so fill details settings with your info and click "Next" to proceed.
You will now need to set up the SMTP server configuration. This will be used if you want to invite people to Passbolt.
If you are running Passbolt in production for your organization/company, it's better to set up the correct SMTP server. But, if you are just testing passbolt or using passbolt in your local environment, you can just input a dummy SMTP server configuration.
Click "Next" again to continue.
For additional options, input the details domain name of your Passbolt installation. Then, select "Yes" on the "Force SSL?" option to force users to connect via secure HTTPS connections.
Click "Next" to set up an administrator user for Passbolt.
Input details of the first user that will be used as Passbolt administrator. Input the First name, Lastname, and Username for Passbolt admin, then click "Next".
Now the Passbolt configuration will begin. When it's complete, you will see the output such as the following screenshot.
After the Passbolt configuration is finished, you will need to download the Passbolt extensions for your web browser. The installer will automatically detect your current web browser and gives you the links to the Passbolt Extension.
Download and install the Passboilt browser extensions and you will now be redirected to a new page for creating the Passbolt passphrase.
Input a strong passphrase for your Passbolt and click Next.
Now you will get the recovery kit key that is automatically downloaded to your local computer. Be sure to keep the Passbolt recovery kit in a safe place.
Click Next again to continue.
Choose a random security token for your Passblot account and click Next again.
You have now finished the Passbolt configuration and you will see the Passbolt user dashboard.
If you go to the Users menu, you will see the user management page. You can now add new users to your Passbolt.
At this point, you have finished the installation of Passbolt Password Manager on Ubuntu 22.04 servers via the installer script. You can now add new users add new database passwords, or you can also share with other users.
Passbolt provides multiple client applications that you can use on your devices, for computer users you can use the Passbolt browser extensions, and for phone users, you can use Passbolt applications for each respective phone - Android users using the Passbolt Android client and the iOS users using the Passbolt for iOS version. With this in place, you can easily sync your passwords between multiple devices.
And for developers, you can use the Passbolt CLI provided by passbolt. this allows you to manage your password and secret via the command-line terminal and the API.
Conclusion
By following this guide, you have finished and installed Passbolt Password Manager on Ubuntu 22.04 server. With this guide, you now have the Passbolt running with the MySQL database server and Nginx web server. In addition to that, you have also secured your Passbolt installation via SSL certificates.
To learn more about using Passbolt as your Password Manager, check and review the official documentation - https://help.passbolt.com.