Help Search

Docker install

System requirements

FAQ pages:


The easiest and recommended way to deploy your passbolt stack is to use docker-compose.

Step 1. Download our docker-compose.yml example file

curl -Ls -o docker-compose.yaml

Step 2. Ensure the file has not been corrupted by verifying its shasum

$ shasum -a 256 docker-compose.yaml

Must return:

d849b76f170375c643b7c737874eeba5e3efa9c28b6254c400505d26d108a5d6  docker-compose.yaml

Warning: If the shasum command output is not correct, the downloaded file has been corrupted. Retry step 1 or ask for support on our community forum.

Step 3. Create a subscription_key.txt file containing your subscription key.

Step 4. Configure environment variables in docker-compose.yaml file to customize your instance.

The APP_FULL_BASE_URL environment variable is set by default to https://passbolt.local, using a self-signed certificate.

Update this variable with the server name you plan to use. You will find at the bottom of this documentation links about how to set your own SSL certificate.

You must configure also SMTP settings to be able to receive notifications and recovery emails. Please find below the most used environment variables for this purpose:

Variable name Description Default value
EMAIL_DEFAULT_FROM_NAME From email username 'Passbolt'
EMAIL_DEFAULT_FROM From email address '[email protected]'
EMAIL_TRANSPORT_DEFAULT_HOST Server hostname 'localhost'
EMAIL_TRANSPORT_DEFAULT_USERNAME Username for email server auth null
EMAIL_TRANSPORT_DEFAULT_PASSWORD Password for email server auth null

For more information on which environment variables are available on passbolt, please check the passbolt environment variable reference.

Step 5. Start your containers

docker-compose up -d

Step 6. Create first admin user

$ docker-compose exec passbolt su -m -c "/usr/share/php/passbolt/bin/cake \
                                passbolt register_user \
                                -u <[email protected]> \
                                -f <yourname> \
                                -l <surname> \
                                -r admin" -s /bin/sh www-data

It will output a link similar to the below one that can be pasted on the browser to finalize user registration:


At this point, you should have a working docker setup running on the latest tag. However, it is recommended that users pull the tags pointing to specific passbolt versions when running in environments other than testing.

Going further

Docker FAQs:

Passbolt docker repository:

Last updated

This article was last updated on December 15th, 2021.

Available on docker hub

Docker Logo

Get passbolt container!

Are you experiencing issues with Passbolt Pro Edition?

Contact Pro support

or ask the community

🍪   Do you accept cookies for statistical purposes? (Read more) Accept No thanks!