Help Search

Edit on github

Install Passbolt CE Digital Ocean

Since march 2019 it is possible to install passbolt easily directly from Digital Ocean. Digital Ocean is an hosting provider based in the USA. In order to run passbolt you will need the following:

  • A Digital Ocean account
  • A domain name for example passbolt.yourdomain.com
  • Some level of access to point your DNS records to the new passbolt server

1. Create the droplet in Digital Ocean

The first step is to login in Digital Ocean (or create and setup an account). You can then head to Marketplace and search for passbolt.

It is recommended at the point that you have domain name (or subdomain). It is not mandatory but highly encouraged. Since passbolt web extension is tied to a domain name it will be easier to get it right upfront rather than using the IP address and changing the proper domain name later.

Go to the marketplace and search for passbolt, select the card and click on create droplet.

Create droplet fig. Create droplet

Choose a plan and the associated server matching at least the following requirements:

  • 1 GB
  • 1 CPU
Create droplet fig. Create droplet

Select your preferred datacenter region, and select additional options. You can upload your SSH keys to login into the machine once it’s created. Choose a hostname and click create.

Grab a cup of coffee and get ready.

Once created you can see the droplet was assigned an IP address. You can copy it and check if it is reachable and up and running.

Copy the IP address fig. Copy the IP address

1.1. Setup your DNS to point to the droplet

Next you need to point your domain DNS to this machine IP address. Please check Digital Ocean DNS documentation or your domain name provider help for this.

Wait until the DNS propagation is done. To check if it is done, ping your domain and it should resolve to this droplet IP. You can also check the propagation using online tools.

2. Configure passbolt

Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt can be reached. You will reach a getting started page.

passbolt welcome page before configuration fig. passbolt welcome page before configuration

2.1. Healthcheck

The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on “Start configuration” when ready.

wizard - healthcheck fig. wizard - healthcheck

2.2. Database

Passbolt Digital Ocean comes with a preinstalled mariadb database. The credentials for this database are randomly generated on the first boot and the webinstaller autofills those credentials for you. The autogenerated database credentials will be available for later use by administrators in /etc/passbolt/passbolt.php file.

If you decide to use the autogenerated credentials you can click the “Next” button and move to the next step on this tutorial.

wizard - database fig. wizard - database

Optional: in case you do not want to use the autogenerated mariadb credentials you could connect through ssh to your instance and use the mariadb root credentials to create a new user, password and database for passbolt to use:

ssh [email protected]<your_domain|instance_ip>

You can find the root database credentials in /root/.mysql_credentials file:

sudo cat /root/.mysql_credentials

Once you have the root database credentials you can connect to the local mariadb and create any database and user you want to use to install passbolt.

2.2. GPG key

In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to authenticate itself during the login handshake process.

Generate a key if you don’t have one.

wizard - generate a key pair fig. wizard - generate a key pair

Optional: Import a key if you already have one and you want your server to use it.

Do not set a passphrase or an expiration date The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. Similarly do not set an expiration date. Otherwise all your users will need to perform an account recovery when you will eventually need to update the key.

To create a new GnuPG key without passphrase:

gpg --batch --no-tty --gen-key <<EOF
  Key-Type: default
  Key-Length: 2048
  Subkey-Type: default
  Subkey-Length: 2048
  Name-Real: John Doe
  Name-Email: [email protected]
  Expire-Date: 0
  %no-protection
  %commit
EOF

Feel free to replace Name-Real and Name-Email with your own.

To display your new key:

gpg --armor --export-secret-keys [email protected]
wizard - import a key pair fig. wizard - import a key pair

2.3. Mail server (SMTP)

At this stage, the wizard will ask you to enter the details of your SMTP server.

wizard - smtp mail server details fig. wizard - smtp mail server details

You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter the email address at which you want the wizard to send you a test email and click on “Send test email”.

wizard - test smtp settings fig. wizard - test smtp settings

2.4. Preferences

The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated but you can also change them if you know what you are doing.

wizard - preferences fig. wizard - preferences

2.5. First user creation

You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

wizard - first user fig. wizard - first user

2.6. Installation

That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while the configuration process is going on.

wizard - installation fig. wizard - installation

Your user account is now created. You will see a redirection page for a few second and then will be redirected to the user setup process so that you can configure your user account.

wizard - completion and redirection fig. wizard - completion and redirection

3. Configure your administrator account

3.1. Download the plugin

Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the next step.

download the browser extension fig. download the browser extension

3.2. Create a new key

Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

generate a key fig. generate a key

3.3. Download your recovery kit

This step is essential. Your key is the only way to access your account and passwords. If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase.

download the recovery kit fig. download the recovery kit

3.4. Define your security token

Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

define your security token fig. define your security token

3.5. That’s it!

Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

If you are planning to use this droplet instance in production, it is highly recommended to setup SSL. There are two main methods described below:

Last updated

This article was last updated on March 1st, 2019.

Are you experiencing issues when installing passbolt?

Ask the community!

Stay informed of the next releases!

Star Passbolt CE on github