- Kubernetes cluster (>1.19): https://kubernetes.io/docs/setup/
- kubectl: https://kubernetes.io/docs/tasks/tools/#kubectl
- Helm (3.X): https://helm.sh/docs/intro/install/
- a working SMTP server for email notifications
The easiest and recommended way to deploy your Passbolt Helm chart is to use
Step 1. Set up our Helm repo
helm repo add passbolt-repo https://download.passbolt.com/charts/passbolt
Step 2. Get a copy of the values file
Step 3. Configure values file to customize your instance and enable the Pro install .
APP_FULL_BASE_URL environment variable is set by default to https://passbolt.local, using a self-signed certificate.
Update this variable with the server name you plan to use. You will find at the bottom of this documentation links about how to set your own SSL certificate.
values.yaml file is set up for CE by default you’ll need to adjust the tag for the Passbolt image to pro. You can find this on line 59 of
# -- Overrides the image tag whose default is the chart appVersion.
It is recommended to just change ce to pro but you can use any of the tags that you want to.
The next thing you will need to do is uncomment the two lines dealing with the subscription key. You can find these on lines 88 and 90.
# -- Pro subscription key in base64 only if you are using pro version
# -- Configure passbolt subscription key path
For subscription key it expects the key to be base64 encoded. Yes, the one supplied to you by us is already base64 encoded once, but you’ll need to do that again and put that in as the value for
If you are creating your own gpg keys the following commands can help convert them into a base64 encoded single line string which is what the values.yaml file expects.
gpg --armor --export-secret-keys <email you created keys with> | base64 -w 0
gpg --armor --export <email you created keys with> | base64 -w 0
You must configure also SMTP settings to be able to receive notifications and recovery emails.
For more information on which environment variables are available on passbolt, please check the passbolt environment variable reference.
Additionally the following charts are used by Passbolt and you can adjust the values under their respective headings in values.yaml
Step 4. Run helm install
helm install -f values.yaml my-passbolt passbolt-repo/passbolt
At this point, you should have a working Passbolt setup via Helm running on the most up to date CE version of Passbolt.
Manually creating first admin user
Once the Helm chart is deployed, you can create your first user by running the following command:
kubectl exec -it <passbolt-pod-name> -- /bin/bash -c "su -s /bin/bash -c \"bin/cake passbolt register_user -u <email> -f <firstname> -l <lastname> -r admin\" www-data"
It will output a link similar to the below one that can be pasted on the browser to finalize user registration:
- How to configure SMTP to receive emails
- How to use rootless images
- Troubleshoot Helm
- Passbolt reference environment variables
Passbolt docker repository:
This article was last updated on February 6th, 2022.